Merge "Update ssh configuration doc"

Zuul · openstack-gerrit · commit 1863fba34c6c · 2018-08-09T22:31:57.000Z
diff --git a/doc/source/admin/ssh-configuration.rst b/doc/source/admin/ssh-configuration.rst
@@ -6,14 +6,20 @@ Configure SSH between compute nodes
 
 .. todo::
 
-    Consider merging this into a larger "live-migration" document or to the
+    Consider merging this into a larger "migration" document or to the
     installation guide
 
 If you are resizing or migrating an instance between hypervisors, you might
 encounter an SSH (Permission denied) error. Ensure that each node is configured
 with SSH key authentication so that the Compute service can use SSH to move
 disks to other nodes.
 
+.. note::
+
+   It is not necessary that all the compute nodes share the same key pair.
+   However for the ease of the configuration, this document only utilizes a
+   single key pair for communication between compute nodes.
+
 To share a key pair between compute nodes, complete the following steps:
 
 #. On the first node, obtain a key pair (public key and private key). Use the
@@ -28,44 +34,36 @@ To share a key pair between compute nodes, complete the following steps:
 
       # usermod -s /bin/bash nova
 
-   Switch to the nova account.
+   Ensure you can switch to the nova account:
 
    .. code-block:: console
 
-      # su nova
+      # su - nova
 
 #. As root, create the folder that is needed by SSH and place the private key
-   that you obtained in step 1 into this folder:
+   that you obtained in step 1 into this folder, and add the pub key to the
+   authorized_keys file:
 
    .. code-block:: console
 
       mkdir -p /var/lib/nova/.ssh
       cp <private key>  /var/lib/nova/.ssh/id_rsa
       echo 'StrictHostKeyChecking no' >> /var/lib/nova/.ssh/config
       chmod 600 /var/lib/nova/.ssh/id_rsa /var/lib/nova/.ssh/authorized_keys
+      echo <pub key> >> /var/lib/nova/.ssh/authorized_keys
 
-#. Repeat steps 2-4 on each node.
-
-   .. note::
-
-      The nodes must share the same key pair, so do not generate a new key pair
-      for any subsequent nodes.
-
-#. From the first node, where you created the SSH key, run:
+#. Copy the whole folder created in step 4 to the rest of the nodes:
 
    .. code-block:: console
 
-      ssh-copy-id -i <pub key> nova@remote-host
-
-   This command installs your public key in a remote machine's
-   ``authorized_keys`` folder.
+      # scp -r /var/lib/nova/.ssh remote-host:/var/lib/nova/
 
 #. Ensure that the nova user can now log in to each node without using a
    password:
 
    .. code-block:: console
 
-      # su nova
+      # su - nova
       $ ssh *computeNodeAddress*
       $ exit
 
