通过厨师设立密码的SSH的EC2 [英] setting up ssh passwordless in ec2 via chef
问题描述
我有如下的配方/ default.rb 的厨师:
# Create empty RSA password
template "#{node[:cluster][:ubuntu]}/my_key.pem" do
source "keys.pem.erb"
mode 0400
owner "ubuntu"
group "ubuntu"
end
bash "ssh-passwordless" do
user "ubuntu"
cwd "#{node[:cluster][:ubuntu]}"
code <<-EOF
eval `ssh-agent -s`
ssh-add #{node[:cluster][:ubuntu]}/my_key.pem
EOF
end
# Create empty RSA password
execute "ssh-keygen" do
command "sudo -u ubuntu ssh-keygen -q -t rsa -N '' -f /home/ubuntu/.ssh/id_rsa"
creates "/home/ubuntu/.ssh/id_rsa"
action :run
end
# Copy public key to node1; if key doesn't exist in authorized_keys, append it to this file
execute <<EOF
cat /home/ubuntu/.ssh/id_rsa.pub | sudo -u ubuntu ssh ubuntu@localhost "(cat > /tmp/tmp.pubkey; mkdir -p .ssh; touch .ssh/authorized_keys; grep #{node[:fqdn]} .ssh/authorized_keys > /dev/null || cat /tmp/tmp.pubkey >> .ssh/authorized_keys; rm /tmp/tmp.pubkey)
正如你所看到的,我想了很多方法来得到它不过工作,他们都没有成功为止。我们的目标是消除在EC2密码/ PEM文件的需要,这样我就可以建立一个Hadoop集群。我怎样才能实现这个目标?
As you can see, I'm trying a lot of methods to get it to work, however, none of them have succeed so far. The goal is to remove the need of password / pem file in EC2, so I can set up a hadoop cluster. How can I accomplish that?
推荐答案
如果我理解好,你要创建的节点1的私有密钥才能通过SSH连接的节点2。
If I understand well, you want to create a private key on node1 to be able to connect on node2 via ssh.
您可以用搜索做到这一点很容易。
You can do it quite easily with search .
在节点1:
# Create empty RSA password
execute "ssh-keygen" do
command "sudo -u ubuntu ssh-keygen -q -t rsa -N '' -f /home/ubuntu/.ssh/id_rsa"
creates "/home/ubuntu/.ssh/id_rsa"
end
ruby_block "expose public key in attribute" do
block do
node.default['public_key'] = ::File.read("/home/ubuntu/.ssh/id_rsa.pub")
end
end
在节点2,搜索节点1的公共密钥:
On node2, search for node1's public key:
node1 = search(:node, "name:node1").first
file '/home/ubuntu/.ssh/authorized_keys' do
content node1['public_key']
end
当然,你需要适应这一点,如果你需要允许多个主机进行连接。
Of course you'll need to adapt this if you need to allow several hosts to connect.
这篇关于通过厨师设立密码的SSH的EC2的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
