This section describes how to set up SSH on the Controller and each SE host so that the Controller can log onto the SEs in a Linux server cloud. A part of this process takes place on the Controller while the other part takes place on each SE hosts.
While installing Avi Load Balancer for a Linux server cloud, part of the deployment process for a new SE is to add an SSH user to the Controller, then add the same user and its public key to the SE host. The SSH user and key are used by the Controller to log onto the SE host, transfer the Docker container for the SE onto the host, and start the SE within the Docker container.
Adding SSH User to the Avi Load Balancer Controller
On the Controller, add the SSH user and the user’s public-private key pair. You can create an SSH account on the Controller, or an existing account can be used by adding its user name and importing its keys.
Use this section even if the SSH user has already been added. You can copy the user’s public key so it can be pasted into a command line on each of the SE hosts.
Navigate to CREATE. If any SSH users have already been added to the Controller, they will be listed here.
, and clickIf there are more than one account, you can use the same account for all the SE hosts. A unique account is not required for each SE host (The account serves a similar purpose to the well-known secret in a routing protocol topology).
You can specify the following details:
Name: Specify the user name that Controller will try to log into the Linux server with, hence provide the real user name.
Credentials Type: Select the type of credentials from the drop-down menu. The following are the options available:
SSH
Azure
GCP
NSX-T
vCenter
Specify the SSH Credentials details as follows:
Authentication: Select one of the following authentication options:
SSH Key
Password
Keys: Select one of the following keys options:
Generate SSH Key Value Pair
Import Private Key
Public Key: Specify the public key.
After specifying the necessary details, click GENERATE & SAVE.
Preparing SE Hosts
To prepare a host where SEs are launched, login to the host as a user that has sudo privileges and run the following command:
curl -ks https://[controller-ip]/api/linux_host_install?username=[username] | sudo bash
This command invokes an API to download a script that has the public key credentials of the user associated with the cloud and the necessary steps to set up the user in this host. The output of the script is piped to sudo bash
.
curl –ks https://10.10.25.46/api/linux_host_install?username=newuser | sudo bash Updating the authorized keys under /etc/ssh/authorized_keys_newuser Checking settings for key-based login... PubKeyAuthentication based login is already set up. Finished configuration
Verifying if SE Hosts are Setup
You can verify if the host has been setup with the SSH credentials correctly from the Avi Load Balancer Controller.
This verification can be done as a part of adding a server in the Linux cloud by clicking Verify Host.
If a host is not set up correctly, the system will display an error message with the instructions to setup the host.
Alternatively, you can also verify that the SE hosts have been setup as a part of the SSH user configuration.