通过chef在ec2中设置ssh passwordless

bfrts1fy 于 2021-06-03 发布在 Hadoop

关注(0)|答案(1)|浏览(412)

我有以下几点 recipe/default.rb 厨师长：


# Create empty RSA password

template "#{node[:cluster][:ubuntu]}/my_key.pem" do
   source "keys.pem.erb"
   mode 0400
   owner "ubuntu"
   group "ubuntu"
end

bash "ssh-passwordless" do
   user "ubuntu"
   cwd "#{node[:cluster][:ubuntu]}"
   code <<-EOF
   eval `ssh-agent -s`
   ssh-add #{node[:cluster][:ubuntu]}/my_key.pem
   EOF
end

# Create empty RSA password

execute "ssh-keygen" do
  command "sudo -u ubuntu ssh-keygen -q -t rsa -N '' -f /home/ubuntu/.ssh/id_rsa"
  creates "/home/ubuntu/.ssh/id_rsa"
 action :run
end

# Copy public key to node1; if key doesn't exist in authorized_keys, append it to this file

execute <<EOF
cat /home/ubuntu/.ssh/id_rsa.pub | sudo -u ubuntu ssh ubuntu@localhost "(cat > /tmp/tmp.pubkey; mkdir -p .ssh; touch .ssh/authorized_keys; grep #{node[:fqdn]} .ssh/authorized_keys > /dev/null || cat /tmp/tmp.pubkey >> .ssh/authorized_keys; rm /tmp/tmp.pubkey)

正如你所看到的，我尝试了很多方法来让它工作，然而，到目前为止没有一个成功。目标是在ec2中消除对password/pem文件的需要，这样我就可以建立一个hadoop集群。我怎样才能做到呢？

hadoop amazon-web-services ssh amazon-ec2 chef-infra

来源：https://stackoverflow.com/questions/23305003/setting-up-ssh-passwordless-in-ec2-via-chef

1条答案

按热度按时间

f3temu5u1#

如果我理解的很好，您希望在node1上创建一个私钥，以便能够通过ssh连接node2。
你可以通过搜索很容易地做到。
在节点1上：


# Create empty RSA password

execute "ssh-keygen" do
  command "sudo -u ubuntu ssh-keygen -q -t rsa -N '' -f /home/ubuntu/.ssh/id_rsa"
  creates "/home/ubuntu/.ssh/id_rsa"
end

ruby_block "expose public key in attribute" do
  block do
    node.default['public_key'] = ::File.read("/home/ubuntu/.ssh/id_rsa.pub")
  end
end

在node2上，搜索node1的公钥：

node1 = search(:node, "name:node1").first
file '/home/ubuntu/.ssh/authorized_keys' do
  content node1['public_key']
end

当然，如果需要允许多个主机连接，则需要对其进行调整。

赞(0）回复(0）举报 2021-06-03

我来回答

通过chef在ec2中设置ssh passwordless

1条答案

相关问题

热门标签

最新问答