Symptoms

Once new shared IP is assigned to NG cluster, configuration task to assign it to Load Balancer may fail with the 'Permission denied' error message like in the example below:

Task name   Update LVS configuration on cluster 30
Task description    Updates LVS configuration on load balancer nodes with up-to-date information
Output: error running LVSCTL : persisting lvs.cf file on node 192.168.13.24 ...
Pseudo-terminal will not be allocated because stdin is not a terminal.

Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive).
ssh -o PasswordAuthentication=no -o CheckHostIP=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ~/.ssh/id_rsa_lb root@192.168.13.24 $'mkdir -p "/etc/sysconfig/ha"' returned 255
Warning: Permanently added '192.168.13.24' (RSA) to the list of known hosts.
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive).

For more information refer to: /var/log/lvsctl.log

This causes all new websites provisioned to the new IP address to fail.

Cause

POA Management Node uses RSA SSH keys to log into the Load Balancer server and run script to modify its configuration. If the public SSH key POA uses is missing in the list of authorized keys of the root user on the Load Balancer server, POA task will fail with the diagnostics above.

Resolution

Copy content of the SSH public key from the /root/.ssh/id_rsa_lb.pub file on POA Management Node to the /root/.ssh/authorized_keys file on the Load Balancer and resubmit failed task in POA Task Manager.

Then check if password-less SSH login from the POA Management Node to the NG LOad Balancer is possible - run the following command on the POA Management Node:

# ssh -o PasswordAuthentication=no -o CheckHostIP=no -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ~/.ssh/id_rsa_lb root@NG_LB_IP

Replace the NG_LB_IP in the command above with the IP address of the NG Load Balancer.

The command above must log you into the NG Load Balancer without asking password.

Important: put content of the SSH public key as single line in the authorized_keys file.

Internal content