目标:
很多用户在OpenStack启动一个虚拟机,选择了一个云主机配置类型,例如2CPU 4GB内存,使用了一段时间,感觉这个配置并不能满足需求,所以希望能够提高配置,那么OpeNStack的管理界面可以对该云主机实例进行重新调整,但是在实际操作中会出现一些错误,这些错误可能在相关日志表现为如下问题:
Command: ssh 192.168.18.43 mkdir -p /var/lib/nova/instances/eac0e362-352f-45ad-b503-d28e588691be Exit code: 255 Stdout: '' Stderr: 'Host key verification failed. '. Setting instance vm_state to ERROR
原因:
OpenStack的云主机配置类型的修改,其实相当于做了一个云主机在不同宿主机的迁移,所以需要在相关迁移云主机进行无密码访问,
由于OpenStack是由Nova组件来管理云主机,所以需要对Nova用户进行无密码访问。
步骤:
1.编辑/etc/passwd 改为:nova:x:162:162:OpenStack Nova Daemons:/var/lib/nova:/bin/sh 2.passwd nova 3.计算节点间实现无密码登录 3.1 su - nova [root@compute10 ~]# su - nova
-sh-4.2$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/nova/.ssh/id_rsa):
Created directory '/var/lib/nova/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /var/lib/nova/.ssh/id_rsa.
Your public key has been saved in /var/lib/nova/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:sSsbIWOSsmmWjWY1536wRp5fToNnfGca0Bc1Q71c0Og nova@compute35
The key's randomart image is:
+---[RSA 2048]----+
| oO.|
| o *|
| . o. o|
| . o. Eo |
|. oo+.. S. . . |
| +=o+= .o.. . |
|oB .o.*..B o o |
|= .= =* o = |
| ..+. . . |
+----[SHA256]-----+
-sh-4.2$ ssh-copy-id -i compute13 #如需要,这里需要修改hosts文件;如果想实现互相调整云主机大小的话,两边都需要执行这条命令
-sh-4.2$ ssh compute13 #测试是否成功,如果不需密码则成功
需要注意:
注意:记得修改权限
chown nova.nova /var/lib/nova/.ssh/ chmod 600 /var/lib/nova/.ssh/authorized_keys chmod 600 /var/lib/nova/.ssh/id_rsa
情景:
1.之前遇到过一个问题:节点16和17计算做了免密码登录,还是需要密码 我把节点16的权限改一下: 原来的权限: [root@compute16 .ssh]# ls -ld /var/lib/nova/.ssh/ drwxrwxrwx 2 root root 76 Jan 5 14:28 /var/lib/nova/.ssh/ 改为: chmod 700 /var/lib/nova/.ssh/ [root@compute16 .ssh]# ls -ld drwx------ 2 root root 76 Jan 5 14:28 . 结果出现Permission denied [root@compute10 ~]# su - nova Last login: Wed Jan 4 18:00:04 CST 2017 on pts/55 -sh-4.2$ ssh-copy-id compute16 The authenticity of host 'compute16 (10.0.0.106)' can't be established. ECDSA key fingerprint is 11:15:d0:3e:90:dc:dd:c9:48:3f:40:ad:3a:b1:49:8e. Are you sure you want to continue connecting (yes/no)? yes /bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys nova@compute16's password: sh: .ssh/authorized_keys: Permission denied
对比一下其他节点和节点16的权限:
[root@compute10 ~]# ls -ld /var/lib/nova/.ssh/ drwx------ 2 nova nova 76 Jan 5 14:56 /var/lib/nova/.ssh/ [root@compute16 .ssh]# ls -ld /var/lib/nova/.ssh/ drwx------ 2 root root 76 Jan 5 14:28 /var/lib/nova/.ssh/
结果发现:属组和属主不一样
修改一下节点16的属组和属主
chown nova.nova /var/lib/nova/.ssh/
结果还是不能实现免密码登录
查看/var/log/secure,发现:
[root@compute16 .ssh]# tail -1000 /var/log/secure|grep -i "Authentication" Jan 5 16:04:15 compute16 sshd[62351]: Authentication refused: bad ownership or modes for directory /var/lib/nova Jan 5 16:04:15 compute16 sshd[62354]: Authentication refused: bad ownership or modes for directory /var/lib/nova Jan 5 16:04:23 compute16 sshd[62418]: Authentication refused: bad ownership or modes for directory /var/lib/nova
查看:
[root@compute16 nova]# ls -ld /var/lib/nova drwxrwxrwx 8 nova nova 103 Sep 22 16:39 .
发现权限设置不对:
准确的做法:
chmod 755 /var/lib/nova
参考:
http://blog.csdn.net/chinagissoft/article/details/50293981
http://ipinco.blog.51cto.com/2929516/1738860