Configuring password authentication for cluster nodes

Use passwords in place of SSH keys to allow for secure connections between hosts in an IBM® Cloud Private cluster.

Before you install an IBM Cloud Private cluster, you must configure authentication between nodes.

Note: You can configure password authentication for a user in each node by using either the /<installation_directory>/cluster/config.yaml or the /<installation_directory>/cluster/hosts file. Do not configure password authentication by using both files.

You must provide passwords for the root user or for user names that have root access.

To configure authentication without providing the password for each node, generate an SSH key pair on your boot node and share that key with the other cluster nodes. See Sharing SSH keys among cluster nodes.

Configuring password authentication by using the config.yaml file

The config.yaml file can be used to set password authentication for nodes that have the same password only. If each node has a different password, set the password authentication by using the hosts file.

Add the configuration parameters for your use case to the /<installation_directory>/cluster/config.yaml file:






User type Configuration parameters
Root 
        ansible_user: root
        ansible_ssh_pass: SHARED_PASSWORD
        ansible_ssh_common_args: "-oPubkeyAuthentication=no"
Where 
SHARED_PASSWORD
is the password for each root user.
Non-root 
        ansible_user: non_root
        ansible_ssh_pass: SHARED_PASSWORD
        ansible_become: true
        ansible_become_password: "{{ ansible_ssh_pass }}"
        ansible_ssh_common_args: "-oPubkeyAuthentication=no"
Where 
SHARED_PASSWORD
is the password for each user.

Configuring password authentication by using the hosts file

The hosts file can be used to set password authentication for nodes that use the same or different passwords.

Add the configuration parameters for your use case to the /<installation_directory>/cluster/hosts file: