For failover (controlled by PROM), we need to let PROM pod (running on a worker node) perform SSH to the Master node, without being prompted for password.
For this purpose, we need to create SSH-Key on Master node and share it with its worker nodes. The SSH key will be put under the shared /dockerdata-nfs/coredns directory (the same location as coredns key) on master and worker nodes. This path will be mapped to "/app/config/coedns" on PROM pod, so the prom pod can use the SSH key.
Similar to the procedure defined for coreDNS here , we need to create a SSH-KEY.
| Code Block |
|---|
a. As root user, execute below command on Master (make sure to use the key name as master.key) :
$ cd /dockerdata-nfs/coredns
$ ssh-keygen -t rsa -f master.key (hit Enter key for the prompts)
This creates two files in /docker-nfs/coredns: master.key and master.key.pub
b. Suppress password authentication for the key on the Master by running ssh-copy-id in /docker-nfs/coredns
$ ssh-copy-id -i master.key root@<Master_Node_IP_Address>
c. Verify below command works for root user from PROM pod without any prompts
#login to PROM pod
$ kubectl exec -it <PROm_POD> -n onap bash
$ ssh -i /app/config/coredns/master.key root@<Master_Node_IP_Address> (This shall take to yo the Master node, without asking for password)
|