Bug 1403313 - Faulty nova SSH setup procedure for VM Migration documentation
Summary: Faulty nova SSH setup procedure for VM Migration documentation
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: documentation
Version: 9.0 (Mitaka)
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: async
: 9.0 (Mitaka)
Assignee: Dan Macpherson
QA Contact: RHOS Documentation Team
URL:
Whiteboard:
: 1395756 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-12-09 15:38 UTC by Alexander Chuzhoy
Modified: 2016-12-16 03:22 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-12-16 03:22:12 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Alexander Chuzhoy 2016-12-09 15:38:20 UTC 
Documentation:  https://access.redhat.com/documentation/en/red-hat-openstack-platform/9/single/director-installation-and-usage/#sect-Migrating_VMs_from_an_Overcloud_Compute_Node

The documentation in the link says:
 Log into each Compute node as the nova user and run the following script to set up the keys:

NOVA_SSH=/var/lib/nova/.ssh
mkdir ${NOVA_SSH}

cp nova_id_rsa ${NOVA_SSH}/id_rsa
chmod 600 ${NOVA_SSH}/id_rsa
cp nova_id_rsa.pub ${NOVA_SSH}/id_rsa.pub
cp nova_id_rsa.pub ${NOVA_SSH}/authorized_keys

chown -R nova.nova ${NOVA_SSH}

# enable login for nova user on compute hosts:
usermod -s /bin/bash nova

# add ssh keys of overcloud nodes into known hosts:
ssh-keyscan -t rsa `os-apply-config --key hosts --type raw --key-default '' | awk '{print $1}'` >> /etc/ssh/ssh_known_hosts



But running usermod and appending lines to /etc/ssh/ssh_known_hosts requires root (or explicit permissions)

./migrat_prep.sh: line 13: /usr/sbin/usermod: Permission denied
Traceback (most recent call last):
  File "/bin/os-apply-config", line 10, in <module>
    sys.exit(main())
  File "/usr/lib/python2.7/site-packages/os_apply_config/apply_config.py", line 335, in main
    opts.metadata = load_list_from_json(opts.os_config_files)
  File "/usr/lib/python2.7/site-packages/os_apply_config/apply_config.py", line 318, in load_list_from_json
    with open(json_file) as ocf:
IOError: [Errno 13] Permission denied: '/var/lib/os-collect-config/os_config_files.json'
./migrat_prep.sh: line 16: /etc/ssh/ssh_known_hosts: Permission denied


Thanks.
Comment 1 Alexander Chuzhoy 2016-12-09 15:43:38 UTC 
same goes for the line with:
os-apply-config --key hosts --type raw --key-default ''
Needs root.
Comment 2 Alexander Chuzhoy 2016-12-09 17:02:16 UTC 
Also note the following behavior:

[root@overcloud-compute-0 ~]# ssh-keyscan -t rsa `os-apply-config --key hosts --type raw --key-default '' | awk '{print $1}'`
getaddrinfo \\n192.168.100.13: Name or service not known
Comment 3 Alexander Chuzhoy 2016-12-09 18:26:46 UTC 
Here's a link to upstream doc:
http://docs.openstack.org/admin-guide/cli-nova-migrate-cfg-ssh.html
Comment 4 Dan Macpherson 2016-12-12 02:03:24 UTC 
*** Bug 1395756 has been marked as a duplicate of this bug. ***
Comment 5 Dan Macpherson 2016-12-12 02:06:49 UTC 
So I'm revamping the procedure and script. I'm going to try and provide a script they can execute from the Undercloud instead of on each Compute node.

BZ#1395756 also pointed out how illogical it is to ask the user to login as the nova user to run the script, but the script contains a command to enable bash usage for the nova user.
Comment 16 Dan Macpherson 2016-12-16 03:22:12 UTC 
The new script and procedure has been pushed to OSP10 and OSP9. Here's the OSP10 live version:

https://access.redhat.com/documentation/en/red-hat-openstack-platform/10/single/director-installation-and-usage/#sect-Migrating_VMs_from_an_Overcloud_Compute_Node

Closing this BZ, but feel free to reopen if further changes are required.
Note You need to log in before you can comment on or make changes to this bug.