通过chef在ec2中设置ssh passwordless

bfrts1fy  于 2021-06-03  发布在  Hadoop
关注(0)|答案(1)|浏览(429)

我有以下几点 recipe/default.rb 厨师长:


# Create empty RSA password

template "#{node[:cluster][:ubuntu]}/my_key.pem" do
   source "keys.pem.erb"
   mode 0400
   owner "ubuntu"
   group "ubuntu"
end

bash "ssh-passwordless" do
   user "ubuntu"
   cwd "#{node[:cluster][:ubuntu]}"
   code <<-EOF
   eval `ssh-agent -s`
   ssh-add #{node[:cluster][:ubuntu]}/my_key.pem
   EOF
end

# Create empty RSA password

execute "ssh-keygen" do
  command "sudo -u ubuntu ssh-keygen -q -t rsa -N '' -f /home/ubuntu/.ssh/id_rsa"
  creates "/home/ubuntu/.ssh/id_rsa"
 action :run
end

# Copy public key to node1; if key doesn't exist in authorized_keys, append it to this file

execute <<EOF
cat /home/ubuntu/.ssh/id_rsa.pub | sudo -u ubuntu ssh ubuntu@localhost "(cat > /tmp/tmp.pubkey; mkdir -p .ssh; touch .ssh/authorized_keys; grep #{node[:fqdn]} .ssh/authorized_keys > /dev/null || cat /tmp/tmp.pubkey >> .ssh/authorized_keys; rm /tmp/tmp.pubkey)

正如你所看到的,我尝试了很多方法来让它工作,然而,到目前为止没有一个成功。目标是在ec2中消除对password/pem文件的需要,这样我就可以建立一个hadoop集群。我怎样才能做到呢?

f3temu5u

f3temu5u1#

如果我理解的很好,您希望在node1上创建一个私钥,以便能够通过ssh连接node2。
你可以通过搜索很容易地做到。
在节点1上:


# Create empty RSA password

execute "ssh-keygen" do
  command "sudo -u ubuntu ssh-keygen -q -t rsa -N '' -f /home/ubuntu/.ssh/id_rsa"
  creates "/home/ubuntu/.ssh/id_rsa"
end

ruby_block "expose public key in attribute" do
  block do
    node.default['public_key'] = ::File.read("/home/ubuntu/.ssh/id_rsa.pub")
  end
end

在node2上,搜索node1的公钥:

node1 = search(:node, "name:node1").first
file '/home/ubuntu/.ssh/authorized_keys' do
  content node1['public_key']
end

当然,如果需要允许多个主机连接,则需要对其进行调整。

相关问题