因为hadoop集群在安装的时候需要集群中所有机器的权限。
所以我们需要打通所有节点的ssh无密码登陆,思路是生成每台机子的密钥,集中在一个文件中,再分发到每台机子上。
为了确保下面的命令能顺利执行,请先重启所有节点并且保证所有节点能够通过主机名ping通。
配置免密登录有两种方式,一种简单的:
1、执行命令,生成秘钥: ssh-keygen -t rsa
2、进入.ssh目录: cd ~/.ssh
3、拷贝到要免密码登陆的机器,要免密登陆那个机器,就写该机器的ip。3台机器的话两两之间都要做了免密登陆: ssh-copy-id 192.168.43.102
至此免密登录配置完成(验证免密登录成功,请看文末)。
另外一种是复杂的,但是思路比较清晰:
1、两台机子(正常生产环境至少需要3台,这里只做安装测试所以只用了两天)都分别使用ssh-keygen -t rsa 然后一直回车生成密钥。
[root@localhost ~]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:HkNnC66AyS+s2Y1TU+/XwhrVIily33esuA32V1jzTz0 root@localhost.master The key's randomart image is: +---[RSA 2048]----+ | | | | | o o | | . o .o = o ..| | + o.o.S + . o+| | . .o+ =.* . ..E=| | o.....+.+.. ooo| | +.+ .o+*.o. .| |o o.. .ooo+. | +----[SHA256]-----+ [root@localhost ~]#
我们可以看到/root/.ssh目录下有了密钥文件id_rsa以及公钥文件id_rsa.pub。
[root@localhost ~]# cd /root/.ssh [root@localhost .ssh]# ls id_rsa id_rsa.pub
2、两个节点中分别把公钥id_rsa.pub复制一份命名为authorized_keys_master、authorized_keys_slave1
也就是
master中执行 cp id_rsa.pub authorized_keys_master
slave1中执行 cp id_rsa.pub authorized_keys_slave1
[root@localhost .ssh]# cp id_rsa.pub authorized_keys_master [root@localhost .ssh]# ls authorized_keys_master id_rsa id_rsa.pub
3、把从节点slave1的公钥传送到master节点的/root/.ssh文件夹中,slave1中使用命令
scp authorized_keys_slave1 root@master:/root/.ssh
[root@localhost .ssh]# scp authorized_keys_slave1 root@master:/root/.ssh The authenticity of host 'master (192.168.10.101)' can't be established. ECDSA key fingerprint is SHA256:Hep4xj/6A8J2IGNte74dTnqI5gY6Sd4Xgsq6oTkmUDA. ECDSA key fingerprint is MD5:08:7e:a9:4a:91:99:a1:89:95:02:c7:76:e3:52:4f:d3. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'master,192.168.10.101' (ECDSA) to the list of known hosts. root@master's password: authorized_keys_slave1 100% 403 238.8KB/s 00:00
4、这个时候我们在master中的root/.ssh目录会看到authorized_keys_master、authorized_keys_slave1两个文件。
把它们合并追加到authorized_keys文件中。
cat authorized_keys_master>> authorized_keys
cat authorized_keys_slave1>> authorized_keys
[root@localhost .ssh]# cat authorized_keys_master>>authorized_keys [root@localhost .ssh]# cat authorized_keys_slave1>>authorized_keys [root@localhost .ssh]# ls authorized_keys authorized_keys_slave1 id_rsa.pub authorized_keys_master id_rsa
[root@localhost .ssh]# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtUYN328WOb28y1urRl1uccKFlM2m0JDukJmclJzA/BQ/VqAjQ4DftZbTUApfkrYRsXAQJAV0wEkkDityl86So1r7MBg4uzq1kRJalrMUVJHEn2u7W7yBfY/o8jqzRKzgMy9ILw95iti1I0k/x8N35JTVC5t2qhQFqT3Op398Onj1lMWHVyj0QRc1C9zthe0L9WR4SIq/goGYVbiLM6XMyAzfI6Pk9OEpEI6UPb+/QFKmVOJ7RxnHGat2VaYQP7c5nL4fPu4bLOmMfeuAXeiRy9y2rRBl9PKS2/kwaP+ORqVK2fakwnIOjTo3HilMTVFpDhvMBhP4xsiXN3qIRoPk5 root@localhost.master
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfW91xcfffp+v/nJh3J44PNLvta84xUC6fAoTKxgZwlUlWuwZXjUgy+AhWMG5F2Ejv/jymIKwAGDV1luNSBj51JOloy2nuW85JlRKplROjJjBiJWxpvw814xSb1XiyOsyKiWAkWqBds1zg8V0xlm31stOxkBTUOKFSX8blIAM3XfaBUYFxqt1LSPQ1wZDDLOwrV46kuFwsgf/cR8cZhQeuayv1oTKdsj0aUFWvMaVYLIj3LfJoSMUzC5mUMiLZoBgw5TZHdK9BDwFMY5SKH1jLo1Vq9moVq7wxcUEovODJQGLwPL/xf7TkVSg16GrJ5OPbczy2MoTgSgjtXExsdLUX root@localhost.slave1
我们可以看到这个通行证authorized_keys中已经有了两台机子的公钥。
5、把这个通行证authorized_keys分发到其他节点----slave1 scp authorized_keys root@slave1:/root/.ssh
[root@localhost .ssh]# scp authorized_keys root@slave1:/root/.ssh The authenticity of host 'slave1 (192.168.10.102)' can't be established. ECDSA key fingerprint is SHA256://I9GnbQerDF/YSyPYbLnYFzY0vtDHGHZTgCjZeRvJY. ECDSA key fingerprint is MD5:51:03:f2:82:95:50:8e:e4:e1:81:de:06:21:e0:27:b6. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'slave1,192.168.10.102' (ECDSA) to the list of known hosts. root@slave1's password: authorized_keys 100% 806 918.9KB/s 00:00
6、测试节点之间相互ssh
例如在master中
ssh slave1
exit
不再需要输入登录密码
[root@localhost .ssh]# ssh slave1 Last login: Sat Jan 26 08:42:38 2019 [root@localhost ~]# exit 登出 Connection to slave1 closed.
至此,SSH免密互相访问完成。
