Specify SSH Options

Overview

By default, the Workload Manager automatically generates a private SSH key to allow secure communications between the CloudCenter Suite cluster (or Cloud Remote, if deployed) and worker VMs; but this private key is not stored on the worker VMs. It is possible to have this private key stored on the  worker VMs (to facilitate secure VM-to-VM communication), or to have Workload Manager use a user-specified public key for Workload Manager-to-VM communication. One of these three options must be specified for each deployment. You can specify this selection in the Deployment Environments form.

In the Deployment Environment Defaults form, the SSH options are on the bottom and are preceded by a visibility toggle and and lock icon, as shown in the following image.

The visibility toggle is on by default and the lock icon is unlocked by default, This means that the SSH Options section will be visible on page 2 of the Deploy form and can be modified at deploy time. If the visibility toggle is on but the lock icon is locked, the choices are visible but the pre-selected choice set in the Deployment Environments Default form cannot be changed at deploy time. If the visibility toggle is off, the SSH Options section is not shown in the Deploy form and the selection made in the Deployment Environment Defaults form is automatically applied at deploy time.

If the Assign Public Key option is selected, the form expands, as shown in the following image.

The user now has the option of browsing for a stored public key, or copying and pasting the key value into the form.

The private or public key is not used to create the key pair on the cloud provider. Instead, it is used by the Workload Manager agent to configure the cliqruser and make the VM accessible through the cliqruser–private key combination.

SSH Options

One of the SSH options that the following table describes can be associated with a deployment.

The Workload Manager has no way of knowing the private key that is held by the user – Cisco only supports SSH keys that are implicitly injected by the Workload Manager

OptionDescription
Default - no option is selectedWorkload Manager generates its own private key for Workload Manager-to-VM communications but this key is not stored on the worker VM.

Persist the Private Key

The Workload Manager generated private key is stored on all worker VMs in this deployment, thus allowing SSH communication between worker VMs.

Assign SSH Public Key

Workload Manager uses a public key specified by the user for Workload Manager-to-VM communications. This key is not stored on the worker VM and therefore cannot be used for secure VM-to-VM communication.


  • No labels
© 2017-2019 Cisco Systems, Inc. All rights reserved