----- Original message -----
From: Thomas Goirand <zigo@debian.org>
To: openstack-discuss@lists.openstack.org
Cc:
Subject: [EXTERNAL] Re: [nova] Why nova needs password-less SSH to do live migraiton?
Date: Tue, Nov 3, 2020 15:51
 

On 11/3/20 6:51 AM, Zhi CZ Chang wrote:
> Hi, all
>  
> In the nova live migration doc[1], there is some description of libvirt
> configuration:
> "
> Enable password-less SSH so that root on one compute host can log on to
> any other compute host without providing a password.
> The |libvirtd| daemon, which runs as root, uses the SSH protocol to copy
> the instance to the destination and can’t know the passwords of all
> compute hosts.
> "
> According to the description, I understand that the libvirtd daemon runs
> as the root user for remote copy the instance to the destination.
>  
> My question is, why make the libvirtd daemon runs as the "root" user for
> copy instance rather than other users, like the "nova" user?
>  
>  
> Thanks
> Zhi Chang

Hi,

What's needed is password-less (ie: key authentication) under the nova
user, not root.

What I did was having the ssh host keys signed, so that nodes can
authenticate with each other in a secure way. I strongly recommend doing
that, instead of blindly trusting ssh keys, which could potentially mean
someone could be in the middle.

Cheers,

Thomas Goirand (zigo)