By default, CloudCenter automatically generates a private SSH key to allow secure communications between the CCO and worker VMs, but this private key is not stored on the worker VMs. It is possible to have this private key stored on the worker VMs (to facilitate secure VM-to-VM communication), or to have CloudCenter use a user-specified public key for CloudCenter-to-VM communication. One of these three options must be specified for each deployment. The selection may be specified in theform.
In the Deployment Environment Defaults form, the SSH options are on the bottom and are preceded by a visibility toggle and and lock icon, as shown in the following image.
The visibility toggle is on by default and the lock icon is unlocked by default, This means that the SSH Options section will be visible on page 2 of the Deploy form and can be modified at deploy time. If the visibility toggle is on but the lock icon is locked, the choices are visible but the pre-selected choice set in the Deployment Environments Default form cannot be changed at deploy time. If the visibility toggle is off, the SSH Options section is not shown in the Deploy form and the selection made in the Deployment Environment Defaults form is automatically applied at deploy time.
If the Assign Public Key option is selected, the form expands, as shown in the following image.
The user now has the option of browsing for a stored public key, or copying and pasting the key value into the form.
The private or public key is not used to create the key pair on the cloud provider. Instead, it is used by the CloudCenter agent to configure the cliqruser and make the VM accessible through the cliqruser–private key combination.
One of the SSH options that the following table describes can be associated with a deployment.
The CloudCenter platform has no way of knowing the private key that is held by the user – Cisco only supports SSH keys that are implicitly injected by the CloudCenter platform
|Default - no option is selected||CloudCenter generates its own private key for CloudCenter-to-VM communications but this key is not stored on the worker VM.|
Persist the Private Key
The CloudCenter generated private key is stored on all worker VMs in this deployment, thus allowing SSH communication between worker VMs.
If using your own private key on a Linux based OS image for a Worker VM in CloudCenter 188.8.131.52 or later, then use the /etc/opt/.do_not_delete_authorized_keys flag to ensure that your private key is not overwritten during deployment by running the following commands:
The authorized_keys file locations are as follows:
Assign SSH Public Key
CloudCenter uses a public key specified by the user for CloudCenter-to-VM communications. This key is not stored on the worker VM and therefore cannot be used for secure VM-to-VM communication.
- No labels