13.7. Enable Passwordless SSH Access to Back End
The File Share Service user (namely,
manila
) requires passwordless root SSH access to the Red Hat Gluster Storage back end. This back end is defined in glusterfs_servers
(for glusterfs_native
, as in Section 13.6.1, “Define a Back End for the gluster_native Driver”) or glusterfs_target
(for glusterfs
, as in Section 13.6.2, “Define an NFS Back End for the glusterfs Driver” and Section 13.6.3, “Define an NFS-Ganesha Back End for the glusterfs Driver”).
For this, you need to create the required keys. On the OpenStack/File Share Service host, log in as the
manila
user and run:
#
sudo -u manila /bin/bash
$
ssh-keygen -t rsa
The public and private keys will be generated in the
manila
user’s home directory; specifically, /var/lib/manila/.ssh/
.
To grant the
manila
user with the required passwordless root access, perform the following steps for each node in the Red Hat Gluster Storage cluster (RHGSNODE):
Procedure 13.3. Granting passwordless SSH access to a Red Hat Gluster Storage node
- As the
manila
user and also from the same host, create an.ssh
directory on RHGSNODE. This directory will store your authentication details later on:$
ssh root@RHGSNODE mkdir .ssh - Copy the
manila
user’s public key to RHGSNODE's list of authorized keys for that user:$
cat /var/lib/manila/.ssh/id_rsa.pub | ssh root@RHGSNODE 'cat >> .ssh/authorized_keys'To test whether the procedure was successful, try logging into RHGSNODE asroot
. When you do, you should not be prompted with a password:$
ssh root@RHGSNODE
If your back end is a cluster of nodes (specifically, if you use the
glusterfs_native
driver), then you need to perform this procedure for each node defined in glusterfs_servers
. For example, given the configuration in Section 13.6.1, “Define a Back End for the gluster_native Driver”, you need to grand passwordless SSH access to RHGSNODE1 and RHGSNODE2.