如何在OpenStack中对云主机类型进行重新配置

目标：
很多用户在OpenStack启动一个虚拟机，选择了一个云主机配置类型，例如2CPU 4GB内存，使用了一段时间，感觉这个配置并不能满足需求，所以希望能够提高配置，那么OpeNStack的管理界面可以对该云主机实例进行重新调整，但是在实际操作中会出现一些错误，这些错误可能在相关日志表现为如下问题：

Command: ssh 192.168.18.43 mkdir -p /var/lib/nova/instances/eac0e362-352f-45ad-b503-d28e588691be
Exit code:
Stdout: ''
Stderr: 'Host key verification failed.\r\n'. Setting instance vm_state to ERROR  

原因：
OpenStack的云主机配置类型的修改，其实相当于做了一个云主机在不同宿主机的迁移，所以需要在相关迁移云主机进行无密码访问，
由于OpenStack是由Nova组件来管理云主机，所以需要对Nova用户进行无密码访问。

步骤：

.编辑/etc/passwd
改为：nova:x:::OpenStack Nova Daemons:/var/lib/nova:/bin/sh
.passwd nova
.计算节点间实现无密码登录
3.1 su - nova
[root@compute10 ~]# su - nova
-sh-4.2$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/var/lib/nova/.ssh/id_rsa): 
Created directory '/var/lib/nova/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /var/lib/nova/.ssh/id_rsa.
Your public key has been saved in /var/lib/nova/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:sSsbIWOSsmmWjWY1536wRp5fToNnfGca0Bc1Q71c0Og nova@compute35
The key's randomart image is:
+---[RSA 2048]----+
|              oO.|
|              o *|
|        .    o. o|
|   .     o.   Eo |
|. oo+.. S. . .   |
| +=o+= .o.. .    |
|oB .o.*..B o o   |
|=   .= =* o =    |
|    ..+. . .     |
+----[SHA256]-----+

-sh-4.2$ ssh-copy-id -i compute13   #如需要，这里需要修改hosts文件；如果想实现互相调整云主机大小的话，两边都需要执行这条命令
-sh-4.2$ ssh compute13  #测试是否成功，如果不需密码则成功

需要注意：
注意：记得修改权限

chown nova.nova /var/lib/nova/.ssh/
chmod  /var/lib/nova/.ssh/authorized_keys
chmod  /var/lib/nova/.ssh/id_rsa  

情景：

.之前遇到过一个问题：节点16和17计算做了免密码登录，还是需要密码
我把节点16的权限改一下：
原来的权限：
[root@compute16 .ssh]# ls -ld /var/lib/nova/.ssh/
drwxrwxrwx  root root  Jan   : /var/lib/nova/.ssh/
改为：
chmod  /var/lib/nova/.ssh/
[root@compute16 .ssh]# ls -ld
drwx------  root root  Jan   : .

结果出现Permission denied
[root@compute10 ~]# su - nova
Last login: Wed Jan   :: CST  on pts/
-sh-4.2$ ssh-copy-id compute16
The authenticity of host 'compute16 (10.0.0.106)' can't be established.
ECDSA key fingerprint is ::d0:3e::dc:dd:c9::3f::ad:3a:b1::8e.
Are you sure you want to continue connecting (yes/no)? yes
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO:  key(s) remain to be installed -- if you are prompted now it is to install the new keys
nova@compute16's password:
sh: .ssh/authorized_keys: Permission denied

对比一下其他节点和节点16的权限：

[root@compute10 ~]# ls -ld /var/lib/nova/.ssh/
drwx------  nova nova  Jan   : /var/lib/nova/.ssh/

[root@compute16 .ssh]# ls -ld /var/lib/nova/.ssh/
drwx------  root root  Jan   : /var/lib/nova/.ssh/

结果发现：属组和属主不一样

修改一下节点16的属组和属主

chown nova.nova /var/lib/nova/.ssh/

结果还是不能实现免密码登录

查看/var/log/secure，发现：

[root@compute16 .ssh]# tail - /var/log/secure|grep -i "Authentication"
Jan   :: compute16 sshd[]: Authentication refused: bad ownership or modes for directory /var/lib/nova
Jan   :: compute16 sshd[]: Authentication refused: bad ownership or modes for directory /var/lib/nova
Jan   :: compute16 sshd[]: Authentication refused: bad ownership or modes for directory /var/lib/nova

查看：

[root@compute16 nova]# ls -ld /var/lib/nova
drwxrwxrwx  nova nova  Sep  : .

发现权限设置不对：

准确的做法：

chmod  /var/lib/nova

参考：

http://blog.csdn.net/chinagissoft/article/details/50293981

http://ipinco.blog.51cto.com/2929516/1738860