SSH setup fix

Set up SSH

For MAAS to successfully communicate with libvirt on your KVM host machine, this example command must succeed from every rack controller as user maas:

virsh -c qemu+ssh://$USER@$KVM_HOST/system list --all

Here, $USER is a user on your KVM host who is a member of the libvirtd Unix group on the KVM host, and $KVM_HOST is the IP of your KVM host.

MAAS package installs

The maas user on your rack controllers will issue all virsh commands. Therefore, you’ll need to set up SSH public keys on every rack controller for user maas.

If you installed MAAS via packages, first create SSH keys on all rack controllers:

sudo chsh -s /bin/bash maas
sudo su - maas
ssh-keygen -t rsa -N ''

Next, add the contents of ~maas/.ssh/ to the KVM host user’s ~$USER/.ssh/authorized_keys. To accomplish this, log into your KVM host node, via SSH, from a host for which MAAS has a matching public SSH key.

MAAS snap installs

If you installed MAAS via snap, then create the needed SSH keys this way:

sudo mkdir -m 0700 -p /var/snap/maas/current/root/.ssh
cd /var/snap/maas/current/root/.ssh
sudo ssh-keygen -f id_rsa

Finally, you’ll need to add to the authorized_keys file in /home/<kvm-host-user-homedir-name>/.ssh/, where <kvm-host-user-homedir-name> is the name of your KVM host user.

Insufficient permissions for $USER may cause the virsh command to fail with an error such as failed to connect to the hypervisor. Check the $USER group membership to make sure $USER is a member of the libvirtd group.

1 Like

This is true for the deb setup, not for the snap (where commands are run as the confined root user

1 Like

I would pull out the final cat command as it’s possibly not run on the same host as the maas one.
I think we could add a sentence similar to the one one above about adding authorized_keys (with adjusted paths).

1 Like

this should not have sudo

1 Like

You can use a password instead of using SSH keys. When you MAAS deploys KVM with libvirt it uses a password, not keys.

I think this group is now named libvirt. :slight_smile: