Hi Amier,
On Thu, Oct 3, 2013 at 1:35 PM, Amier Anis <[email protected]> wrote: > HI team, > > once opennebula-common create oneadmin, Is there any issue if i reset the > oneadmin password? > The OS one or the OpenNebula one via oneuser? No problem in either case just make sure to update ~/.one/one_auth if you change oneadmin's ONE password. > > Is there any require password-less from workers to management node? > If management is also a node and you want live migration to work, yes, you have to provide that. Good Will, > > > > On Wed, Oct 2, 2013 at 5:02 PM, Amier Anis <[email protected]> wrote: > >> I don't think that selinux is the issue as I can ssh with password-less >> without issue if no opennebula installed. >> I also has tried using "setenforce 0" and still have same issue. (i try >> diffrent machine) >> >> [oneadmin@mnode lib]$ /usr/sbin/sestatus >> SELinux status: disabled >> >> >> I has tried both let the opennebula-common created the user or i manually >> created. same issue. >> This is how I install opennebula and the component:- >> >> yum -y install opennebula-server opennebula-sunstone opennebula-ozones >> opennebula-gate opennebula-flow opennebula-node-kvm >> >> >> Yes, i have all the file in the ~/.ssh >> >> [oneadmin@mnode .ssh]$ ls -l >> total 16 >> -rw------- 1 oneadmin oneadmin 406 Oct 2 10:19 authorized_keys >> -rw------- 1 oneadmin oneadmin 61 Oct 2 03:08 config >> -rw------- 1 oneadmin oneadmin 1675 Oct 2 10:19 id_rsa >> -rw------- 1 oneadmin oneadmin 406 Oct 2 10:19 id_rsa.pub >> >> I try to ssh -v node01 ... this error come out. however, this error not >> appear at the first place. >> >> -bash-4.1$ ssh -v 10.86.3.101 >> >> OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010 >> >> debug1: Reading configuration data /var/lib/one/.ssh/config >> >> debug1: Reading configuration data /etc/ssh/ssh_config >> >> debug1: Applying options for * >> >> debug1: Connecting to 10.86.3.101 [10.86.3.101] port 22. >> >> debug1: Connection established. >> >> debug1: identity file /var/lib/one/.ssh/identity type -1 >> >> debug1: identity file /var/lib/one/.ssh/id_rsa type 1 >> >> debug1: identity file /var/lib/one/.ssh/id_dsa type -1 >> >> debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3 >> >> debug1: match: OpenSSH_5.3 pat OpenSSH* >> >> debug1: Enabling compatibility mode for protocol 2.0 >> >> debug1: Local version string SSH-2.0-OpenSSH_5.3 >> >> debug1: SSH2_MSG_KEXINIT sent >> >> debug1: SSH2_MSG_KEXINIT received >> >> debug1: kex: server->client aes128-ctr hmac-md5 none >> >> debug1: kex: client->server aes128-ctr hmac-md5 none >> >> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent >> >> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP >> >> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent >> >> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY >> >> debug1: Host '10.86.3.101' is known and matches the RSA host key. >> >> debug1: Found key in /var/lib/one/.ssh/known_hosts:1 >> >> debug1: ssh_rsa_verify: signature correct >> >> debug1: SSH2_MSG_NEWKEYS sent >> >> debug1: expecting SSH2_MSG_NEWKEYS >> >> debug1: SSH2_MSG_NEWKEYS received >> >> debug1: SSH2_MSG_SERVICE_REQUEST sent >> >> debug1: SSH2_MSG_SERVICE_ACCEPT received >> >> debug1: Authentications that can continue: >> publickey,gssapi-keyex,gssapi-with-mic,password >> >> debug1: Next authentication method: gssapi-keyex >> >> debug1: No valid Key exchange context >> >> debug1: Next authentication method: gssapi-with-mic >> >> debug1: Unspecified GSS failure. Minor code may provide more information >> >> Bad format in credentials cache >> >> debug1: Unspecified GSS failure. Minor code may provide more information >> >> Bad format in credentials cache >> >> debug1: Unspecified GSS failure. Minor code may provide more information >> >> debug1: Unspecified GSS failure. Minor code may provide more information >> >> Bad format in credentials cache >> >> debug1: Next authentication method: publickey >> >> debug1: Trying private key: /var/lib/one/.ssh/identity >> >> debug1: Offering public key: /var/lib/one/.ssh/id_rsa >> >> debug1: Authentications that can continue: >> publickey,gssapi-keyex,gssapi-with-mic,password >> >> debug1: Trying private key: /var/lib/one/.ssh/id_dsa >> >> debug1: Next authentication method: password >> >> >> Which is better I export /var/lib/one to every workers node or manually >> export to each workers? >> >> Thanks you. >> >> Regards & Best Wishes, >> >> >> *.: Amier Anis :.* >> Mobile: +6012-260-0819 >> On Wed, Oct 2, 2013 at 3:40 PM, Valentin Bud <[email protected]>wrote: >> >>> Hello Amier, >>> >>> >>> On Wed, Oct 2, 2013 at 10:27 AM, Amier Anis <[email protected]> wrote: >>> >>>> Hi valentin, >>>> >>>> Yes, I'm using packaging from opennebula repo and no error during >>>> install either i created the oneadmin first before install or automatic >>>> created by the installer. >>>> >>>> yum -y install opennebula-server opennebula-sunstone opennebula-ozones >>>> opennebula-gate opennebula-flow opennebula-node-kvm >>>> >>>> >>> The opennebula-common package provides the user oneadmin so no need to >>> create it manually. The opennebula-common is required by >>> opennebula-server so no need to install it manually. >>> >>> >>>> >>>> I also has remove selinux from the system. >>>> >>>> yum -y remove selinux-policy >>>> >>>> >>> Have you rebooted you system afterwards? >>> >>> >>>> >>>> Yes, I already configure >>>> ~/.ssh/config >>>> >>>> [oneadmin@mnode]$ vi ~/.ssh/config >>>> Host * >>>> StrictHostKeyChecking no >>>> UserKnownHostsFile /dev/null >>>> ControlMaster auto >>>> ControlPath /tmp/%r@%h:%p >>>> >>> >>> This looks OK. >>> >>> I suggest you remove the packages yum -y remove opennebula-\* and remove >>> the oneadmin user, rm -rf /var/lib/one, reboot the machine and start >>> from scratch. Let the packages deal with user creation. After that on >>> mnode you should have the oneadmin public/private keys in >>> ~/.ssh and the public key in ~/.ssh/authorized_keys. You can config ssh >>> and try to ssh localhost. >>> >>> WARNING: don't remove the /var/lib/one directory if you have precious >>> data in there. >>> >>> If that doesn't work config sshd to LogLevel DEBUG3 and watch what the >>> logs say. Also take a look at /var/log/audit/audit.log. >>> It might shed some light. >>> >>> Good Will, >>> >>> >>>> >>>> Thanks you. >>>> >>>> *.: Amier Anis :.* >>>> Mobile: +6012-260-0819 >>>> >>>> On Wed, Oct 2, 2013 at 2:58 PM, Valentin Bud <[email protected]>wrote: >>>> >>>>> Hello Amier, >>>>> >>>>> >>>>> On Wed, Oct 2, 2013 at 9:16 AM, Amier Anis <[email protected]> wrote: >>>>> >>>>>> *Hi Guys,* >>>>>> >>>>>> I'm having issue with ssh password less login not function correctly. >>>>>> It's work with fresh install CentOS 6.4 before install opennebula. >>>>>> Once opennebula started, it doesn't work any more. The workers node can >>>>>> login with less password without any issue but management node can't >>>>>> login >>>>>> to worker nodes. >>>>>> >>>>> >>>>> I see you're using CentOS as OS. Have you installed OpenNebula from >>>>> packages [1]? Have you configured SSH as >>>>> pointed in [1]. I mean the >>>>> ~/.ssh/config part. >>>>> >>>>> Another important aspect is SELINUX. Is it on or off? If it on check >>>>> the /var/lib/one/.ssh context, it should have ssh_home_t as label. >>>>> You can accomplish that using >>>>> chcon -R -t ssh_home_t /var/lib/one/.ssh as either oneadmin or root. >>>>> >>>>> >>>>>> >>>>>> At first attempt, I install opennebula then setup the ssh-keygen to >>>>>> oneadmin (created during installation) and I also hv tried to create >>>>>> oneadmin first then install opennebula but both failed >>>>>> >>>>> >>>>>> If the mgmt server can ssh with password less to workers then the >>>>>> mgmt server can't ssh to itself as the mgmt server also have the vm. >>>>>> >>>>> >>>>> I suggest you install OpenNebula from packages and work your way up >>>>> from there. Don't forget to check the SELINUX context of oneadmin's ~/.ssh >>>>> and either SSH to >>>>> hosts in advance or configure SSH via ~/.ssh/config to allow >>>>> connections without StrictHostKeyChecking. >>>>> >>>>> >>>>>> >>>>>> *My Setup* >>>>>> >>>>>> 1. I only export and share /var/lib/one/datastores to every >>>>>> workers >>>>>> 2. authorized_keys has been export to every wokers vice versa. >>>>>> 3. declared every hostname in /etc/hosts >>>>>> >>>>>> Is there any issue or things that i need to look into it. >>>>>> >>>>>> Thanks you. >>>>>> >>>>> If you need more help in the future be sure to come back and ask for >>>>> it :). Enjoy. >>>>> >>>>> >>>>>> >>>>>> >>>>>> >>>>>> *.: Amier Anis :.* >>>>>> Mobile: +6012-260-0819 >>>>>> >>>>> >>>>> [1]: >>>>> http://opennebula.org/documentation:rel4.2:ignc#centos_platform_notes >>>>> >>>>> >>>>> Good Will, >>>>> -- >>>>> Valentin Bud >>>>> http://databus.pro | [email protected] >>>>> >>>> >>>> >>> >>> >>> -- >>> Valentin Bud >>> http://databus.pro | [email protected] >>> >> >> > -- Valentin Bud http://databus.pro | [email protected]
_______________________________________________ Users mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
