Skip to content

Updating delegate hosts with authentication

Starting with version 1.3.0, Control Center requires authentication tokens for all delegate communications. The tokens are based on RSA key pairs created by the master serviced instance. When you create a key pair for a delegate, serviced bundles its public key with the delegate's private key. The serviced instance on the delegate installs the credentials and uses them to sign messages with the required unique tokens.

Credentials are installed by using an SSH connection or a file.

  • The command to create a key pair can initiate an SSH connection with a delegate and install credentials. This option is the most secure, because no file is created. However, it requires either public key authentication or password authentication between the master and delegate hosts.
  • When no SSH connection is requested, the command to create a key pair creates a file containing the credentials. You can move the credentials file to the delegate host with any file transfer method, and then install it on the delegate.

The procedures in the following sections demonstrate how to create credentials and install them on a delegate.

Registering a host using SSH

To succeed, the following statements about the login account used to perform this procedure must be true:

  • The account exists on both the master host and on the delegate host.
  • The account has serviced CLI privileges.
  • The account has either public key authentication or password authentication enabled on the master host and on the delegate host.

Use this procedure to create the authentication credentials that delegate hosts require, and to register the credentials through an SSH connection.

Perform the following steps on the Control Center master host, and then repeat the steps on each delegate host in your deployment.

  1. Gain access to the Control Center host, through the console interface of your hypervisor, or through a remote shell utility such as PuTTY.

  2. Start a command-line session as root.

    1. In the Appliance Administration menu, select Root Shell.
    2. Select Run, and then press Enter.

      The menu is replaced by a command prompt similar to the following example:

      [root@hostname ~]#
      
  3. Display the host IDs of all Control Center hosts.

    serviced host list | cut -c-85
    

    The host ID is in the first column of the output.

  4. Create authentication credentials for a delegate host and register the credentials.

    If the master and delegate host are configured for key-based access, the following command does not prompt you to add the delegate to the list of known hosts or to provide the password of the remote user account.

    Replace Host-ID with the host ID of a delegate host:

    serviced key reset --register Host-ID
    
  5. For each delegate host in your deployment, repeat the preceding step to create and register authentication credentials.

Registering a host using a file

Use this procedure to create the authentication credentials that hosts require, and to register the credentials by using a file.

Start this procedure on the Control Center master host:

  1. Gain access to the Control Center host, through the console interface of your hypervisor, or through a remote shell utility such as PuTTY.
  2. Start a command-line session as root.

    1. In the Appliance Administration menu, select Root Shell.
    2. Select Run, and then press Enter. The menu is replaced by a command prompt similar to the following example:
    [root@hostname ~]#
    
  3. Display the host IDs of all Control Center hosts.

    serviced host list | cut -c-85
    

    The host ID is in the first column of the output. 4. Create and distribute credentials files for delegate hosts. Repeat the following substeps for each delegate host in your deployment. 1. Create authentication credentials for a delegate host. Replace Host-ID with the host ID of a delegate host identified in the preceding step:

    ```sh
    serviced key reset Host-ID
    ```
    
    The command creates a unique credentials file in the local
    directory.
    
    1. Copy the credentials files to each delegate host. Use a file transfer utility such as scp to copy the files. Once copied to a delegate host, the credentials file is not needed on the master host and can be deleted.
  4. Install the credentials on delegate hosts. On each delegate host in your deployment, complete the following substeps:

    1. Log in to a delegate host as root or as a user with superuser privileges.
    2. Use the Down Arrow key to select Root Shell, and then press Enter. The menu is replaced by a command prompt similar to the following example:

      [root@resmgr ~]#
      
    3. Install the credentials. Replace Credentials-File with the pathname of the credentials file:

      serviced host register Credentials-File
      
    4. Delete the credentials file. The file is no longer needed on the host. Replace Credentials-File with the pathname of the credentials file:

      rm Credentials-File
      

To return to the Appliance Administration menu, enter the exit command.