CloudCenter 4.8 has reached End of Life (EOL) as of November 14, 2018. See End of Support Notices for additional context.

SSH Options

Overview

By default, CloudCenter automatically generates a private SSH key to allow secure communications between the CCO and worker VMs, but this private key is not stored on the worker VMs. It is possible to have this private key stored on the  worker VMs (to facilitate secure VM-to-VM communication), or to have CloudCenter use a user-specified public key for CloudCenter-to-VM communication. One of these three options must be specified for each deployment. The selection may be specified in the Deployment Environment Defaults form.

In the Deployment Environment Defaults form, the SSH options are on the bottom and are preceded by a visibility toggle and and lock icon, as shown in the following image.

The visibility toggle is on by default and the lock icon is unlocked by default, This means that the SSH Options section will be visible on page 2 of the Deploy form and can be modified at deploy time. If the visibility toggle is on but the lock icon is locked, the choices are visible but the pre-selected choice set in the Deployment Environments Default form cannot be changed at deploy time. If the visibility toggle is off, the SSH Options section is not shown in the Deploy form and the selection made in the Deployment Environment Defaults form is automatically applied at deploy time.

If the Assign Public Key option is selected, the form expands, as shown in the following image.

The user now has the option of browsing for a stored public key, or copying and pasting the key value into the form.

The private or public key is not used to create the key pair on the cloud provider. Instead, it is used by the CloudCenter agent to configure the cliqruser and make the VM accessible through the cliqruser–private key combination.

SSH Options

One of the SSH options that the following table describes can be associated with a deployment.

The CloudCenter platform has no way of knowing the private key that is held by the user – Cisco only supports SSH keys that are implicitly injected by the CloudCenter platform

OptionDescription
Default - no option is selectedCloudCenter generates its own private key for CloudCenter-to-VM communications but this key is not stored on the worker VM.

Persist the Private Key

The CloudCenter generated private key is stored on all worker VMs in this deployment, thus allowing SSH communication between worker VMs.

Assign SSH Public Key

CloudCenter uses a public key specified by the user for CloudCenter-to-VM communications. This key is not stored on the worker VM and therfore cannot be used for secure VM-to-VM communication.

When using the CephFS and NFS services in an application, deploy these services using the Persist Private Key or the default, no preference, SSH option. You storage browser will not function if you use the Assign SSH Public Key option.

  • No labels
© 2017-2019 Cisco Systems, Inc. All rights reserved