13.7. Enable Passwordless SSH Access to Back End
The File Share Service user (namely,
manila) requires passwordless root SSH access to the Red Hat Gluster Storage back end. This back end is defined in glusterfs_servers (for glusterfs_native, as in Section 13.6.1, “Define a Back End for the gluster_native Driver”) or glusterfs_target (for glusterfs, as in Section 13.6.2, “Define an NFS Back End for the glusterfs Driver” and Section 13.6.3, “Define an NFS-Ganesha Back End for the glusterfs Driver”).
For this, you need to create the required keys. On the OpenStack/File Share Service host, log in as the
manila user and run:
#sudo -u manila /bin/bash$ssh-keygen -t rsa
The public and private keys will be generated in the
manila user’s home directory; specifically, /var/lib/manila/.ssh/.
To grant the
manila user with the required passwordless root access, perform the following steps for each node in the Red Hat Gluster Storage cluster (RHGSNODE):
Procedure 13.3. Granting passwordless SSH access to a Red Hat Gluster Storage node
- As the
manilauser and also from the same host, create an.sshdirectory on RHGSNODE. This directory will store your authentication details later on:$ssh root@RHGSNODE mkdir .ssh - Copy the
manilauser’s public key to RHGSNODE's list of authorized keys for that user:$cat /var/lib/manila/.ssh/id_rsa.pub | ssh root@RHGSNODE 'cat >> .ssh/authorized_keys'To test whether the procedure was successful, try logging into RHGSNODE asroot. When you do, you should not be prompted with a password:$ssh root@RHGSNODE
If your back end is a cluster of nodes (specifically, if you use the
glusterfs_native driver), then you need to perform this procedure for each node defined in glusterfs_servers. For example, given the configuration in Section 13.6.1, “Define a Back End for the gluster_native Driver”, you need to grand passwordless SSH access to RHGSNODE1 and RHGSNODE2.
