Now that we are working with clusters we need a way for machines to communicate with each other. In the windows world with Active Directory (AD) we could have created a domain account and added this user in all the machines. The issue with this approach is that each service would still need to login to these machine using the domain account every time which means there is an authentication request which need to go to AD for login.
In the Linux world they have solved this differently, they now have a concept of password less ssh (Secure Shell), this mean that the password is actually stored in each server and given a certificate. The next time the user needs to communicate with the generated certificate to login to the server. This way it automatically log the user who has setup the password less ssh without prompting for a password.
Do the following to create a password less ssh for a specific user. In our case the bigdatauser
The setting is:
3 Apache Hbase Node clusters
HBASENODE1
HBASENODE2
HBASENODE3
On each of these machines we have created a user called the bigdatauser as described in How to create a user, group and enable him to do what a super user can in CentOS7?.
We also need to create the DNS records in /etc/hosts as described in How to setup DNS entries for big data servers in the cloud or not on a domain in /etc/hosts file?
Login to the CentOS 7 Server HBASENODE1 using ssh with "bigdatauser" and issue the following commands
Create the certificate for the user on his local home directory
Now that we have setup password less ssh for one node lets call it HBASENODE1 we need to do the same for HBASENODE2 and HBASENODE3.
Once we have done the same to all the 3 servers. We now need to enable the password less ssh between the nodes.
The logic would be as follows from HBASENODE1 do the following command to HBASENODE2
HBASENODE1 to HBASENODE3
and from
HBASENODE2 to HBASENODE1, HBASENODE3
HBASENODE3 to HBASENODE1, HBASENODE2
once this is done verify if you can login from any node to any other node by typing the following
on HBASENODE1 and the other combination.
accept the warning first time and the next time it should directly log you into the servers.
In the Linux world they have solved this differently, they now have a concept of password less ssh (Secure Shell), this mean that the password is actually stored in each server and given a certificate. The next time the user needs to communicate with the generated certificate to login to the server. This way it automatically log the user who has setup the password less ssh without prompting for a password.
Do the following to create a password less ssh for a specific user. In our case the bigdatauser
The setting is:
3 Apache Hbase Node clusters
HBASENODE1
HBASENODE2
HBASENODE3
On each of these machines we have created a user called the bigdatauser as described in How to create a user, group and enable him to do what a super user can in CentOS7?.
We also need to create the DNS records in /etc/hosts as described in How to setup DNS entries for big data servers in the cloud or not on a domain in /etc/hosts file?
Login to the CentOS 7 Server HBASENODE1 using ssh with "bigdatauser" and issue the following commands
Create the certificate for the user on his local home directory
cd ~
//create the ssh keys
ssh-keygen -t rsa -P ""
//copy the keys to the authorized keys from bigdatauser
cat $HOME/.ssh/id_rsa.pub >> $HOME/.ssh/authorized_keys
ssh localhost
exit
Now that we have setup password less ssh for one node lets call it HBASENODE1 we need to do the same for HBASENODE2 and HBASENODE3.
Once we have done the same to all the 3 servers. We now need to enable the password less ssh between the nodes.
The logic would be as follows from HBASENODE1 do the following command to HBASENODE2
//copy the keys to other nodes
ssh-copy-id -i $HOME/.ssh/id_rsa.pub bigdatauser@HBASENODE2
HBASENODE1 to HBASENODE3
and from
HBASENODE2 to HBASENODE1, HBASENODE3
HBASENODE3 to HBASENODE1, HBASENODE2
once this is done verify if you can login from any node to any other node by typing the following
ssh HBASENODE2on HBASENODE1 and the other combination.
accept the warning first time and the next time it should directly log you into the servers.
No comments:
Post a Comment