added nova cold migration support to installation

NOTE: actual keys are not added to git for security reasons

added nova cold migration support to installation
NOTE: actual keys are not added to git for security reasons
b6eea748 · Jan Siersch · 6b835c48 · b6eea748 · b6eea748 · b6eea748
Commit b6eea748 authored Nov 21, 2014 by Jan Siersch
4 changed files
--- a/config/computenode/var/lib/nova/.ssh/.gitignore
+++ b/config/computenode/var/lib/nova/.ssh/.gitignore
+authorized_keys
+id_rsa
+id_rsa.pub
+
--- a/config/computenode/var/lib/nova/.ssh/config
+++ b/config/computenode/var/lib/nova/.ssh/config
+Host *
+	StrictHostKeyChecking no
+	UserKnownHostsFile=/dev/null
+
--- a/installation/computenode/sub-install.sh
+++ b/installation/computenode/sub-install.sh
@@ -168,7 +168,16 @@ if [[ $doInstallNova == true ]]; then
 	# FIX: dbus is unable to start polkit and nova is subsequently unable to authenticate to libvirt
 	chown root:dbus "/lib64/dbus-1/dbus-daemon-launch-helper"
 	chmod 4750      "/lib64/dbus-1/dbus-daemon-launch-helper"
-
+	
+	# add cold migration support (nova ssh pubkey access)
+	usermod -s "/bin/bash" nova
+	cp -fr     "../config/computenode/var/lib/nova/.ssh" "/var/lib/nova/"
+	cp -f      "/var/lib/nova/.ssh/id_rsa.pub"           "/var/lib/nova/.ssh/authorized_keys"
+	chmod      "700"                                     "/var/lib/nova/.ssh"
+	chmod      "600"                                      /var/lib/nova/.ssh/*
+	chcon      "system_u:object_r:ssh_home_t:s0"         "/var/lib/nova/.ssh"
+	restorecon                                            /var/lib/nova/.ssh/*
+	
 	# Start the Compute service and its dependencies. Configure them to start automatically when the system boots.
 	systemctl enable libvirtd.service
 	systemctl enable openstack-nova-compute.service

--- a/installation/migration.sh
+++ b/installation/migration.sh
+#!/bin/bash
+
+# nova shell and home dir
+usermod -s /bin/bash nova
+sudo -u nova chcon -u system_u -r object_r -t user_home_t                "/var/lib/nova/"
+sudo -u nova mkdir -p -m 700 --context="system_u:object_r:ssh_home_t:s0" "/var/lib/nova/.ssh"
+sudo -u nova mkdir -p -m 700 /var/lib/nova/.ssh
+
+# nova ssh config
+cat > "/var/lib/nova/.ssh/config" << EOF
+Host *
+	StrictHostKeyChecking no
+	UserKnownHostsFile=/dev/null
+EOF
+chown nova:nova "/var/lib/nova/.ssh/config"
+chmod 600       "/var/lib/nova/.ssh/config"
+restorecon      "/var/lib/nova/.ssh/config"
+
+# nova keypair
+mv ./id_rsa*    "/var/lib/nova/.ssh/"
+chown nova:nova  /var/lib/nova/.ssh/id_rsa*
+chmod 600        /var/lib/nova/.ssh/id_rsa*
+restorecon       /var/lib/nova/.ssh/id_rsa*
+
+# nova authorized keys
+cp -f            /var/lib/nova/.ssh/id_rsa.pub /var/lib/nova/.ssh/authorized_keys
+chown nova:nova                                /var/lib/nova/.ssh/authorized_keys
+chmod 600                                      /var/lib/nova/.ssh/authorized_keys
+restorecon                                     /var/lib/nova/.ssh/authorized_keys