Enable Advanced Remote Support
By default, members of the Platform9 support team can not interactively log onto your PMK nodes. In exceptional circumstances, it is sometimes useful to enable the advanced remote support (ARS) mechanism in order to troubleshoot challenging problems on the nodes. This allows a Platform9 support engineer to securely log onto your host in order to analyze and fix issues. This article explains how a customer can enable this mechanism.
If you are using Platform9 Managed Kubernetes Free Tier, note that while enabling ARS is available as a product feature in free tier, receiving priority help from Platform9 support team is a paid-only feature. Instead, please use the Platform9 public slack channel to interface with the Platform9 support team for help with any issues.
Enable Advanced Remote Support from PMK UI
Follow these steps to enable advance remote support for a PMK node.
- Navigate to Infrastructure>Clusters, click the cluster name and then click the Nodes tab. Alternatively, navigate to Infrastructure>Nodes.
- Select the check boxes for the node on which you want to enable remote support.
- Click ‘Configure Remote Support’ action.
- Select the Enable Advanced Support check box.
- Click Apply Changes.
Advanced Remote support is now enabled for the selected node, and the node can be accessed remotely by Platform9 support.
Ensure sshd is Eunning and Properly Configured
Consult your linux operating system’s documentation to ensure that the SSH daemon is running and allows key-based authentication.
(Optional, but Highly Recommended) Grant sudo Access
Once ARS is enabled, a Platform9 support engineer will log into the node using a user role called ‘pf9’ that was previous created on that node during installation of PMK. By default, the ‘pf9’ user is created with restricted privileges. To gather certain types of information, it is sometimes helpful for a Platform9 support engineer logged in as the ‘pf9’ user to run commands with elevated privileges using the sudo utility. To allow this: (1) sudo must be enabled for the ‘pf9’ user, and (2) sudo must allow the ‘pf9’ user to authenticate without a password. ARS uses one-time ssh keys for login, and therefore the ‘pf9’ user does not have a password by default.
Consult your Linux operating system’s documentation for specific instructions on how to configure this.
On RedHat and CentOS, this can usually be done by:
Adding pf9 to the wheel group:
usermod -a -G wheel pf9
Run visudo to edit sudo rules to ensure that members of the wheel group can authenticate without a password. The line to configure this looks like:
%wheel ALL=(ALL) NOPASSWD: ALL
On Ubuntu, this can usually be done by:
Run visudo to add a rule to ensure that pf9 user can authenticate without a password. The line to configure this looks like:
pf9 ALL=(ALL) NOPASSWD: ALL
Notify Platform9 Support Team
Communicate with your Platform9 support representative to:
- Securely exchange the pf9 user’s password.
- Identify the host that should be logged onto, by sharing the contents of the host’s /etc/pf9/host_id.conf file or the host’s hostname.
- Agree on a time window for a support technician to log on to the host.
Disable Advanced Remote Support
To disable Advance Remote Support, just uncheck the box under host configuration (Step 1 above).