我在Chef中有以下recipe/default.rb:
# Create empty RSA password
template "#{node[:cluster][:ubuntu]}/my_key.pem" do
source "keys.pem.erb"
mode 0400
owner "ubuntu"
group "ubuntu"
end
bash "ssh-passwordless" do
user "ubuntu"
cwd "#{node[:cluster][:ubuntu]}"
code <<-EOF
eval `ssh-agent -s`
ssh-add #{node[:cluster][:ubuntu]}/my_key.pem
EOF
end
# Create empty RSA password
execute "ssh-keygen" do
command "sudo -u ubuntu ssh-keygen -q -t rsa -N '' -f /home/ubuntu/.ssh/id_rsa"
creates "/home/ubuntu/.ssh/id_rsa"
action :run
end
# Copy public key to node1; if key doesn't exist in authorized_keys, append it to this file
execute <<EOF
cat /home/ubuntu/.ssh/id_rsa.pub | sudo -u ubuntu ssh ubuntu@localhost "(cat > /tmp/tmp.pubkey; mkdir -p .ssh; touch .ssh/authorized_keys; grep #{node[:fqdn]} .ssh/authorized_keys > /dev/null || cat /tmp/tmp.pubkey >> .ssh/authorized_keys; rm /tmp/tmp.pubkey)
正如你所看到的,我正在尝试很多方法来使它工作,但是,到目前为止它们都没有成功。目标是在EC2中删除密码/ pem文件的需要,这样我就可以设置一个hadoop集群。我怎么能做到这一点?
答案 0 :(得分:1)
如果我理解得很好,你想在node1上创建一个私钥,以便能够通过ssh在node2上连接。
您可以通过搜索轻松完成。
在node1上:
# Create empty RSA password
execute "ssh-keygen" do
command "sudo -u ubuntu ssh-keygen -q -t rsa -N '' -f /home/ubuntu/.ssh/id_rsa"
creates "/home/ubuntu/.ssh/id_rsa"
end
ruby_block "expose public key in attribute" do
block do
node.default['public_key'] = ::File.read("/home/ubuntu/.ssh/id_rsa.pub")
end
end
在node2上,搜索node1的公钥:
node1 = search(:node, "name:node1").first
file '/home/ubuntu/.ssh/authorized_keys' do
content node1['public_key']
end
当然,如果您需要允许多台主机连接,您需要对此进行调整。