Commit b6eea748 authored by Jan Siersch's avatar Jan Siersch
Browse files

added nova cold migration support to installation

NOTE: actual keys are not added to git for security reasons
parent 6b835c48
Host *
StrictHostKeyChecking no
......@@ -168,7 +168,16 @@ if [[ $doInstallNova == true ]]; then
# FIX: dbus is unable to start polkit and nova is subsequently unable to authenticate to libvirt
chown root:dbus "/lib64/dbus-1/dbus-daemon-launch-helper"
chmod 4750 "/lib64/dbus-1/dbus-daemon-launch-helper"
# add cold migration support (nova ssh pubkey access)
usermod -s "/bin/bash" nova
cp -fr "../config/computenode/var/lib/nova/.ssh" "/var/lib/nova/"
cp -f "/var/lib/nova/.ssh/" "/var/lib/nova/.ssh/authorized_keys"
chmod "700" "/var/lib/nova/.ssh"
chmod "600" /var/lib/nova/.ssh/*
chcon "system_u:object_r:ssh_home_t:s0" "/var/lib/nova/.ssh"
restorecon /var/lib/nova/.ssh/*
# Start the Compute service and its dependencies. Configure them to start automatically when the system boots.
systemctl enable libvirtd.service
systemctl enable openstack-nova-compute.service
# nova shell and home dir
usermod -s /bin/bash nova
sudo -u nova chcon -u system_u -r object_r -t user_home_t "/var/lib/nova/"
sudo -u nova mkdir -p -m 700 --context="system_u:object_r:ssh_home_t:s0" "/var/lib/nova/.ssh"
sudo -u nova mkdir -p -m 700 /var/lib/nova/.ssh
# nova ssh config
cat > "/var/lib/nova/.ssh/config" << EOF
Host *
StrictHostKeyChecking no
chown nova:nova "/var/lib/nova/.ssh/config"
chmod 600 "/var/lib/nova/.ssh/config"
restorecon "/var/lib/nova/.ssh/config"
# nova keypair
mv ./id_rsa* "/var/lib/nova/.ssh/"
chown nova:nova /var/lib/nova/.ssh/id_rsa*
chmod 600 /var/lib/nova/.ssh/id_rsa*
restorecon /var/lib/nova/.ssh/id_rsa*
# nova authorized keys
cp -f /var/lib/nova/.ssh/ /var/lib/nova/.ssh/authorized_keys
chown nova:nova /var/lib/nova/.ssh/authorized_keys
chmod 600 /var/lib/nova/.ssh/authorized_keys
restorecon /var/lib/nova/.ssh/authorized_keys
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment