Solved

CVM restart clearing authorized hosts from SSH file


Badge +6
Hi all, looking for a little help here.

As a background, I am writing a small script for a raspberry pi to sit on the cluster switch and watch an Eaton UPS(via usb) my 3 node cluster is attached to. when certain triggers happen, the pi does stuff... like on battery with time left, it may send out signals to guest vms to start shutting down their applications. Then on very low battery left it starts a full graceful shutdown of the cluster. All this gets logged, emails sent out, etc...

Anyway, to avoid passwords in scripts, i use pub/private keypairs pushed to the CVM and AHV authorized_hosts file (just same as CVM-AHV does)....

my problem is, that when the CVM's are fully rebooted (domain shutdown on AHV virsh)... after the CVMs come back up, they rewrite the authorized_hosts file, and my pi entry is purged 😞

I'd like to avoid having to redistribute key pairs everytime the cluster needs to be fully rebooted.

Any thoughts on how to make this persistent?

thanks for any thoughts, Brent
icon

Best answer by perkinsa 20 January 2017, 20:16

Brent,

Yes, it will persist from then on for all CVM's/Hosts.

If you run it from command line, you need to specific the full path /home/nutanix/...

From Prism you can cut/paste the key.

Cheers,
Art

View original

4 replies

Userlevel 1
Badge +8
Hello Brent,

The CVM and host keys are managed by Prism.

If you need to add additional public keys to the cluster, add them to the New Public Key in the Cluster Lockdown settings.

This will copy the additional public key(s) to all CVM's and Hosts.


Cheers,
Art
Badge +6
awesome thanks Art!

so to get this process straight (before i go trying it)...

i scp/transfer my public key over to any CVM, then run:

ncli cluster add-public-key name=myPK file-path=~/mykey.pub
and it will handle distribution to cvms and AHV host (and persistence) from then on?
Userlevel 1
Badge +8
Brent,

Yes, it will persist from then on for all CVM's/Hosts.

If you run it from command line, you need to specific the full path /home/nutanix/...

From Prism you can cut/paste the key.

Cheers,
Art
Badge +1
Hi Brent

Can you share that pi setup ?

thanks

Reply