Root SSH keys configuration

Ansible is designed to help system administrators drive greater efficiency in the datacenter by being able to configure and operate many servers using orchestration playbooks. In order for Ansible to be able to fulfill its duties, it needs an SSH connection on the Linux systems it is managing. Furthermore, in order to have a greater degree of freedom and flexibility, a hands-off approach using SSH public private key pairs is required.

As the installation of OpenStack is expected to run as root, this stage expects the deployment host's root public key to be propagated across all servers.

Getting ready

Ensure that you are root on the deployment host. In most cases, this is the first infrastructure controller node that we have named for the purposes of this book to be called infra01. We will be assuming that all Ansible commands will be run from this host, and that it expects to be able to connect to the rest of the servers on this network over the host network via SSH.

How to do it…

In order to allow a hands-free, orchestrated OpenStack-Ansible deployment, follow these steps to create and propagate root SSH public key of infra01 across all servers required of the installation:

  1. As root, execute the following command to create an SSH key pair:
    ssh-keygen -t rsa -f ~/.ssh/id_rsa -N ""
    

    The output should look similar to this:

    Generating public/private rsa key pair.
    Your identification has been saved in /root/.ssh/id_rsa.
    Your public key has been saved in /root/.ssh/id_rsa.pub.
    The key fingerprint is:
    SHA256:q0mdqJI3TTFaiLrMaPABBboTsyr3pRnCaylLU5WEDCw root@infra01
    The key's randomart image is:
    +---[RSA 2048]----+
    |ooo ..           |
    |E..o. .          |
    |=. . +           |
    |.=. o +          |
    |+o . o oS        |
    |+oo . .o       |
    |B=++.o+ +        |
    |*=B+oB.o         |
    |o+.o=.o          |
    +----[SHA256]-----+
    
  2. This has created two files in /root/.ssh, called id_rsa and id_rsa.pub. The file, id_rsa is the private key, and must not be copied across the network. It is not required to be anywhere other than on this server. The file, id_rsa.pub, is the public key and can be shared to other servers on the network. If you have other nodes (for example, named infra02), use the following to copy this key to that node in your environment:
    ssh-copy-id root@infra02
    

    Tip

    Tip: Ensure that you can resolve infra02 and the other servers, else amend the preceding command to use its host IP address instead.

  3. Now repeat step 2 for all servers on your network.
  4. Important: finally, ensure that you execute the following command to be able to SSH to itself:
    ssh-copy-id root@infra01
    
  5. Test that you can ssh, as the root user, from infra01 to other servers on your network. You should be presented with a Terminal ready to accept commands if successful, without being prompted for a passphrase. Consult /var/log/auth.log on the remote server if this behavior is incorrect.

How it works…

We first generated a key pair file for use by SSH. The -t option specified the rsa type encryption, -f specified the output of the private key, where the public portion will get .pub appended to its name, and -N "" specified that no passphrase is to be used on this key. Consult your own security standards if the presented options differ from your company's requirements.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.144.18.198