This section describes how to set up SSH on the Controller and each SE host so that the Controller can log onto the SEs in a Linux server cloud. A part of this process takes place on the Controller while the other part takes place on each SE hosts.
While installing NSX Advanced Load Balancer for a Linux server cloud, part of the deployment process for a new SE is to add an SSH user to the Controller, then add the same user and its public key to the SE host. The SSH user and key are used by the Controller to log onto the SE host, transfer the Docker container for the SE onto the host, and start the SE within the Docker container.
Adding SSH User to the NSX Advanced Load Balancer Controller
On the Controller, add the SSH user and the user’s public-private key pair. You can create an SSH account on the Controller, or an existing account can be used by adding its user name and importing its keys.
Use this section even if the SSH user has already been added. You can copy the user’s public key so it can be pasted into a command line on each of the SE hosts.
Navigate to SSH Key Settings. If any SSH users have already been added to the Controller, they will be listed here.
, and clickIf there are more than one account, you can use the same account for all the SE hosts. A unique account is not required for each SE host (The account serves a similar purpose to the well-known secret in a routing protocol topology).
Creating New SSH User
The following are the steps to create new SSH user:
Click Create SSH User.
Specify the user name.
Select Generate SSH Key Value Pair radio button and click Generate SSH Key Pair.
Click Copy to Clipboard.
Click Save option. The SSH user appears in the list.
The Name field is the user name that Controller will try to log into the Linux server with, hence provide the real user name.
Preparing SE Hosts
To prepare a host where SEs are launched, login to the host as a user that has sudo privileges and run the following command:
curl -ks https://[controller-ip]/api/linux_host_install?username=[username] | sudo bash
This command invokes an API to download a script that has the public key credentials of the user associated with the cloud and the necessary steps to set up the user in this host. The output of the script is piped to sudo bash
.
curl –ks https://10.10.25.46/api/linux_host_install?username=newuser | sudo bash Updating the authorized keys under /etc/ssh/authorized_keys_newuser Checking settings for key-based login... PubKeyAuthentication based login is already set up. Finished configuration
Verifying if SE Hosts are Setup
You can verify if the host has been setup with the SSH credentials correctly from the NSX Advanced Load Balancer Controller.
This verification can be done as a part of adding a server in the Linux cloud by clicking ? icon.
If a host is not set up correctly, the system will display an error message with the instructions to setup the host.
Alternatively, you can also verify that the SE hosts have been setup as a part of the SSH user configuration.