Registering Hosts
In order to access a host through SSH Connect, the host must first be registered with Webscale in the appropriate account. This is a two step process (registration followed by approval).
Registering SSH hosts
The first of these steps can be done either through the API directly or via the Webscale Monitoring Agent (WMA) running on the host with SSH enabled.
Note:
To allow SSH access through private networks the IP of the SSH Connector middleware is3.217.2.82
Webscale Monitoring Agent Registration
When SSH is enabled on WMA, the agent will reach out directly to Webscale’s API with the relevant information needed to register including name (hostname), address, and host keys. Associating the server with a via host (bastion) must be done through the Control Plane unless the via host reference is also provided in the WMA configuration.
Registration of static servers as hosts
To register a static server as an SSH host (a non-cluster server), install the Webscale Monitoring Agent on the server and configure it according to the following steps:
Create a Service User: First, create a service user through the Webscale API for your account. This service user will be responsible for registering the host with Webscale, and logging SSH activity.
Note:
Please refer to the Service User Configuration Guide for detailed instructions on creating a service user.Grant Permissions: Ensure that the service user is granted root-level “Cluster Service User” permissions.
Configure the WMA: When the service user is created, an access key will be provided.
Take the service user’s access key and configure it in the Webscale Monitoring Agent (WMA) by setting it as the access_token
property in the WMA configuration file (/etc/webscale/wma-config.json).
Add an enabled ssh_config
to the same file.
Note:
Please refer to the WMA Configuration Guide for detailed instructions on supplying this configuration.Automatic Registration: After completing these steps, the WMA will register the static server host with Webscale. The host will be available for SSH access once approved.
Registering through the API
If registering through the API, please reference the appropriate documentation here.
Field | Description |
---|---|
Name* | This is what the host will be referred to in the Control Panel. This can be changed later. WMA registration will automatically default to the hostname. |
Address* | The address used to access the host. If this is a private address, you will want to include via (below). |
Host Keys | The host keys of the host. WMA registration will fetch these automatically. |
Via | The registered host that serves as a jump through to access a privately accessible host. |
Note:
When registering a host with a Via bastion, ensure you use the correct address for the host. If the host is in a private subnet, use its private address, which should be accessible from the bastion.Approving SSH hosts
Registering the host will make it available for approval in the SSH connect management table. A user with authority to PATCH /v2/ssh-hosts (included in Editor role) should then confirm the address and name of the host and click approve to make the host accessible through SSH Connect.
Hosts registered by the Webscale Monitoring Agent on Webscale managed cluster servers will be automatically approved.
Registered, but unapproved hosts will not appear in the SSH connect drawer.