[Openstack] how to configure nova-compute to use an ssh wrapper script?

Daniel Petersen daniel.petersen at hpc2n.umu.se
Mon Sep 15 13:13:13 UTC 2014


Hi,

When attempting live migration, I'm seeing this error:

***begin***
Command: ssh <computeHost> mkdir -p
/var/lib/nova/instances/7c8cf258-02e7-4fa2-85b0-a3ec26b0ddd6
Exit code: 255
Stdout: ''
Stderr: 'Permission denied (gssapi-keyex,gssapi-with-mic).\r\n'
***end***

This error is expected since we use kerberos for authentication; our
security policy doesn't allow ssh via keys.

So I've written a simple wrapper script for ssh that first runs kinit
to grab the relevant tgt, then passes the original ssh parameters to
the system ssh binary.

The question now is how best to redirect nova-compute's ssh calls to
my ssh wrapper script?

I've looked through the config reference but don't see any specific
ssh path parameters, nor do I see anything that allows me to prepend
to PATH for nova-compute.

What is the best way to do this?  Can I do this from within Openstack,
or do I need something configured externally? If it's any help, I'm on
Ubuntu Trusty.

Regards,
Daniel P




More information about the Openstack mailing list