How to create and test ssh keys for IBM Cloud Private

Before to install IBM Cloud Private you need to prepares your virtual machines by follow the steps inside here, an important part of this steps is setup correctly rsa keys in all nodes.

Based on Cloud private documentation, the steps are really simple


  1. ssh-keygen -b 4096 -t rsa -f ~/.ssh/master.id_rsa -N ""
  2. cat ~/.ssh/master.id_rsa.pub | sudo tee -a ~/.ssh/authorized_keys
  3. ssh-copy-id -i ~/.ssh/master.id_rsa.pub root@<node_ip_address>
  4. Log in to the master, worker, or proxy node and restart sshd service
Now the next step is to test if the communication between boot and other servers is working but if you  ran the command ssh root@<node_ip_address> a password is required to login as root user, it seems someting is wrong...
This is not true because by default sshd daemon is looking for a file called id_rsa and not master.id_rsa. To test correctly the rsa key you need to run this command:
  • ssh -i ~/.ssh/master.id_rsa  root@<node_ip_address>
and  again password is asked but now the problem is related to permission because you need to change from 644 ( default ) to 400 ( only read ) 
  • chmod 400  ~/.ssh/master.id_rsa
  • chmod 400  ~/.ssh/master.id_rsa.pub
and finally your login is sucessful! 

I reported these missing things inside the documentation

Comments

Post a Comment

Popular posts from this blog

IBM and Red Hat long story, long love, now married!

Most of the people thinking about opensource they think in my perspective mostly to Red Hat and other company rather than IBM. IBM is really active in opensource for a long time, helped Apache Foundation , Eclipse Foudation collaborate with the Linux Foundation and Red Hat as well. I think I can create a different long post to describe how is active and how helped opensource in different way. We can analyze  this acquisition from different perspective, from Financial to  Development. My personal point of view ( from a Cloud Architect ) most of the application around the world in banking, assurance and not only are java based, think about java in cloud in the past Year could be hard. Right now we can talk about java in the cloud with opensource project like OpenJ9 and OpenLiberty and the community behind. If you think about moving from on premise to cloud or from monolitch to microservice you can't say " well it's time to rework " because you are throwing years o
Read more

MY EXPERIENCE @ HYBRID CLOUD SUMMIT IN ZURICH

Image
I can simply say “it was a great experience” and based on the audience probably people can trust me, but let's go deeper into the event. My favorite part of the event was the panel session with cloud discussions and question answer about slides and example presented during the session. Based on discussion the most relevant general questions are: Adoption: best practices on adopting cloud technologies Development: how to develop cloud applications in the right way and how we can enable fresh people into this great world IBM and Forrester gave a lot of answers because there are different aspects and factors we need to cover when we talk about cloud development and adoption, let me share some of these: Security: 12 factor principle is the main manifesto to follow Digital Experience: in cloud you need to create applications user centric Performance: in cloud you need to give best experience to the end user in every part of the world Microservice: rework of the legacy
Read more

Kubernetes Persistent Volumes and Claims

In a distrubuted system, storage isn't simple to manage without a good abstraction, kubernetes offer an object called persistent volume to let pod to reclaim storage for persisting data. In the pod definition you can define your volume type with another object called persistentVolumeClaim where you can define type size and many other things. There are different phase in the persistent storage lifecycle: Provisioning : when an administrator create a Persistent Volume or a cloud resource dynamically request Binding : when a PVC is created  k8s control loop watch if there are Persisten Volume matching the PVC  and bind them together. Use : when the bound volume is mounted in to the pod Releasing : whene the POD is done and an API request is sent to delete the related bound PVC, the volume in this stage remains Reclaim : there are three options related to this state: - Retain:  keep data interact and allow an administrato to handle data from storage - Delete:  tells the volume
Read more