Saturday, November 16, 2024
Google search engine
HomeGuest BlogsUpdate OpenShift 4.x Cluster SSH Keys After Installation
Guest Blogs

Update OpenShift 4.x Cluster SSH Keys After Installation

Dominic Rubhabha-Wardslaus
By Dominic Rubhabha-Wardslaus
0
0

In most cases you will not require SSH access to your OpenShift cluster nodes for regular administration tasks because OpenShift 4 provides the oc debug command which can be used for shell access. If you still prefer SSH access to the cluster nodes for day 2 operations, SSH keys used during deployment have to be used. For lost Private & Public SSH key pairs, there is a possibility to update OpenShift 4.x Cluster SSH Keys after installation provided you have administrative oc management.

This also applies to configuration of ssh keys post-installation if the OpenShift cluster was installed without ssh keys. We will see how you update ssh keys for master, infra and worker machines in your OpenShift 4.x cluster. The update of the SSH keys in the cluster is performed by modifying (or creating) the proper MachineConfig objects on the cluster.

OpenShift 4 is an operator-focused platform, and the Machine Config operator extends that to the operating system itself, managing updates and configuration changes to essentially everything between the kernel and kubelet. By default, RHCOS contains a single user named core (derived in spirit from CoreOS Container Linux) with optional SSH keys specified at install time.

Update OpenShift 4.x SSH keys after cluster Setup

By default, there are two MachineConfig objects that handles management of SSH keys:

  • 99-worker-ssh – This is used for worker nodes
  • 99-master-ssh – For Master nodes in the cluster

If SSH keys are specified at the time of cluster installation they are propagated to above MachineConfig objects.

Update OpenShift Master nodes SSH Keys

If earlier cluster installation was done with SSH keys, download current SSH MachineConfig object for the Master nodes

oc get mc 99-master-ssh -o yaml > 99-master-ssh.yml

This should be done from bastion server with admin level cluster access.

Once the file is downloaded, edit it with the desired keys like. For cluster created without SSH keys create a new file 99-master-ssh.yml:

apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
  labels:
    machineconfiguration.openshift.io/role: master
  name: 99-master-ssh
spec:
  config:
    ignition:
      config: {}
      security:
        tls: {}
      timeouts: {}
      version: 2.2.0
    networkd: {}
    passwd:
      users:
      - name: core
        sshAuthorizedKeys:
        - ssh-rsa XXXXXXX.....
        - ssh-rsa YYYYYYY.....
    storage: {}
    systemd: {}
  fips: false
  kernelArguments: null
  osImageURL: ""

Key notes:

  • sshAuthorizedKeys array contains all the valid SSH public keys. Each SSH key at each element. You must be careful with YAML syntax to have a working configuration file.
  • The user: name field should not be updated as core is the only user currently supported in our configuration.
  • Updating the MachineConfig object may drain and reboot all the nodes one by one (as per maxUnavailable setting on MachineConfigPool). Decide if this is okay in your Infrastructure.

To update MachineConfig object run the command:

oc apply -f 99-master-ssh.yml

Update OpenShift Worker / Infra nodes SSH Keys

The same process applies to Worker nodes MachineConfigPool. Download or create worker ssh configuration.

oc get mc 99-worker-ssh -o yaml > 99-worker-ssh.yml

The configuration is update similar to previous:

apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
  labels:
    machineconfiguration.openshift.io/role: worker
  name: 99-worker-ssh
spec:
  config:
    ignition:
      config: {}
      security:
        tls: {}
      timeouts: {}
      version: 2.2.0
    networkd: {}
    passwd:
      users:
      - name: core
        sshAuthorizedKeys:
        - ssh-rsa XXXXXXX.....
        - ssh-rsa YYYYYYY.....
    storage: {}
    systemd: {}
  fips: false
  kernelArguments: null
  osImageURL: ""

Once changes are done, apply the file:

$ oc apply -f 99-worker-ssh.yml

OpenShift Machine Config Operator should start applying the changes shortly. You can run the following command to see which MachineConfigPools are being updated:

oc get mcp

You can also get more insight on how the change are being applied in a single node using the command below:

export NODE="master-01.example.com"
oc -n openshift-machine-config-operator logs -c machine-config-daemon $(oc -n openshift-machine-config-operator get pod -l k8s-app=machine-config-daemon --field-selector spec.nodeName=${NODE} -o name) -f

Replace master-01.example.com with node name to check.

We hope this article enabled you to update SSH keys in your OpenShift 4.x Cluster after installation with or without SSH keys.

More guides on OpenShift:

Backup Etcd data on OpenShift 4.x to AWS S3 Bucket

How to change pids_limit value in OpenShift 4.x

Previous article
Deploy and Use OpenEBS Container Storage on Kubernetes
Next article
How To Deploy and Use KubeVirt on Minikube
Dominic Rubhabha-Wardslaus
Dominic Rubhabha-Wardslaushttp://wardslaus.com
infosec,malicious & dos attacks generator, boot rom exploit philanthropist , wild hacker , game developer,
RELATED ARTICLES

Most Popular

Load more

Recent Comments

강서구출장마사지 on How to store XML data into a MySQL database using Python?
금천구출장마사지 on How to store XML data into a MySQL database using Python?
nightwish.southeast.cz on Google says it won’t keep your Pixel during a repair if you’re caught using non-OEM parts
광명출장안마 on How to store XML data into a MySQL database using Python?
광명출장안마 on How to store XML data into a MySQL database using Python?
출장오피 on How to store XML data into a MySQL database using Python?
부천출장안마 on How to store XML data into a MySQL database using Python?
구월동출장안마 on How to store XML data into a MySQL database using Python?
강서구출장안마 on How to store XML data into a MySQL database using Python?
헬로출장 on How to store XML data into a MySQL database using Python?
오산출장안마 on How to store XML data into a MySQL database using Python?
광명출장마사지 on How to store XML data into a MySQL database using Python?
마포출장 on How to store XML data into a MySQL database using Python?
안양출장마사지 on How to store XML data into a MySQL database using Python?
gKTdhA on 5 reasons why I won’t switch away from Google Photos
부천출장안마 on How to store XML data into a MySQL database using Python?
동탄출장안마 on How to store XML data into a MySQL database using Python?
0a1Mq7 on Wander: An add-on for Apple’s Shortcuts app to install the Odyssey jailbreak
서울출장안마 on How to store XML data into a MySQL database using Python?
분당출장안마 on How to store XML data into a MySQL database using Python?
부천출장안마 on How to store XML data into a MySQL database using Python?
출장 오피 on How to store XML data into a MySQL database using Python?
화곡동출장마사지 on How to store XML data into a MySQL database using Python?
Gilda on Wander: An add-on for Apple’s Shortcuts app to install the Odyssey jailbreak
강서구출장마사지 on How to store XML data into a MySQL database using Python?
고양출장안마 on How to store XML data into a MySQL database using Python?
화성출장마사지 on How to store XML data into a MySQL database using Python?
천호동출장마사지 on How to store XML data into a MySQL database using Python?
June P. D. Alvarez on RedSn0w Updated to Fix iBooks DRM Issues
Litha on How to Install Siri on iPad 2

EDITOR PICKS

POPULAR POSTS

POPULAR CATEGORY

ABOUT US

Newspaper is your news, entertainment, music fashion website. We provide you with the latest breaking news and videos straight from the entertainment industry.

Contact us: hello@geeksforgeeks.org

FOLLOW US

© Lazyr0ar 2022