Advanced SSH configurations

Advanced SSH configurations for the Konvoy installer

For on-premise install, there are a few SSH related options that users can customize in the Ansible inventory file.

wait_for_connection

This specifies the way that Ansible uses to check the connectivity to a node.

Note that ssh mode requires Python to be pre-installed on the target host. But could be useful when SSH proxy is used.

all:
  vars:
    version: "v1beta1"
    order: sorted
    wait_for_connection: ssh

ssh_common_args

If specified, the extra arguments will be append to all SSH related operations. This is useful when SSH proxy is used.

all:
  vars:
    version: "v1beta1"
    order: sorted
    wait_for_connection: ssh
    ssh_common_args: "-o ProxyCommand=\"ssh -p 3023 %r@localhost -s proxy:%h:%p\""

Create a Konvoy cluster with preexisting ssh keys

You can create a Konvoy cluster with preexisting ssh keys using one of the following methods:

  • Copy both the private and public key into the working directory and name them <CLUSTER_NAME>-ssh.pem and <CLUSTER_NAME>-ssh.pub, respectively.
kind: ClusterProvisioner
apiVersion: konvoy.mesosphere.io/v1beta1
spec:
  sshCredentials:
    user: centos
    publicKeyFile: <CLUSTER_NAME>-ssh.pub
    privateKeyFile: <CLUSTER_NAME>-ssh.pem

NOTE: <CLUSTER_NAME> represents the cluster name defined in the cluster.yaml file, as shown in the following:

kind: ClusterConfiguration
apiVersion: konvoy.mesosphere.io/v1beta1
metadata:
  name: myClusterName
spec:
  • If the keys are in your ~/.ssh/ directory, specify the file location. Because Konvoy runs as a container, not all directories are available in the container, but the $HOME directory is always mounted.
kind: ClusterProvisioner
apiVersion: konvoy.mesosphere.io/v1beta1
spec:
  sshCredentials:
    user: centos
    publicKeyFile: ~/.ssh/<CLUSTER_NAME>-ssh.pub
    privateKeyFile: ~/.ssh/<CLUSTER_NAME>-ssh.pem
  • If the key is in your ssh-agent, specify only the public key. Your public key is copied to the nodes by Terraform, and the ssh-agent is used when connecting to those nodes.
kind: ClusterProvisioner
apiVersion: konvoy.mesosphere.io/v1beta1
spec:
  sshCredentials:
    user: centos
    publicKeyFile: ~/.ssh/<CLUSTER_NAME>-ssh.pub