Hadoop集群配置免密SSH登录方法

K8s集群配置免密ssh登录

K8S集群包含1个主节点和2个从节点，需要实现各节点之间的免密码登录，下面介绍具体的实现方法。

一、K8s集群环境

 

二、免密登录原理

每台主机authorized_keys文件里面包含的主机（ssh密钥），该主机都能无密码登录，每台主机的authorized_keys文件里面都放入其他主机（需要无密码登录的主机）的ssh密钥即可。

 

三、实现方法

1. 配置每个节点的hosts文件

#vim /etc/hosts
k8s-master     172.16.5.226
k8s-node1      172.16.5.227
k8s-node2      172.16.5.228

 2. 每个节点生成ssh密钥 

[root@k8s-master ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
.....................

[root@hadoop01 .ssh]# ls
id_rsa  id_rsa.pub

执行命令后会在~目录下生成.ssh文件夹，里面包含id_rsa和id_rsa.pub两个文件。

ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa命令可免去上述交互式操作。

 

3. 在主节点上将公钥拷到一个特定文件authorized_keys中。

[root@k8s-master .ssh]# cp id_rsa.pub authorized_keys
[root@k8s-master .ssh]# ls
authorized_keys  id_rsa  id_rsa.pub

 

4. 将authorized_keys文件拷到下一个节点，并将该节点的ssh密钥id_rsa.pub加入该文件中。

[root@k8s-master .ssh]# scp authorized_keys  root@k8s-node1:/root/.ssh/
The authenticity of host 'k8s-node1 (172.16.5.227)' can't be established.
ECDSA key fingerprint is SHA256:K1A0eg/q23eZXqMl44mrTFWNZEi19vMvu4NfTJP8TPQ.
ECDSA key fingerprint is MD5:04:51:05:be:3d:3b:22:b0:7e:0a:c2:7f:c4:25:75:cc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'k8s-node1,172.16.5.227' (ECDSA) to the list of known hosts.
root@k8s-node1's password: 
authorized_keys                         100%  397   248.4KB/s   00:00   

 

#登录K8s-node1主机

[root@k8s-node1 ~]# cd .ssh/
[root@k8s-node1 .ssh]# ls
authorized_keys  id_rsa  id_rsa.pub
[root@k8s-node1 .ssh]# 
[root@k8s-node1 .ssh]# cat id_rsa.pub >> authorized_keys   #使用cat追加方式
[root@k8s-node1 .ssh]# scp authorized_keys root@K8s-node2:/root/.ssh/

 

5. 重复第4步的操作，将K8s-node2节点的ssh密钥加入到authorized_keys文件中，并将K8s-node2节点生成的authorized_keys文件拷贝到其他节点（K8s-master、K8s-node1、）即可。

#登录主机K8s-node2，将ssh密钥加入authorized_keys文件中 

[root@ K8s-node2 .ssh]# cat id_rsa.pub >> authorized_keys 

#将最后生成的authorized_keys文件分别拷贝到k8s-master、k8s-node1，保证所有节点authorized_keys一致

[root@ K8s-node2 .ssh]# scp authorized_keys root@hadoop01:/root/.ssh/
[root@ K8s-node2 .ssh]# scp authorized_keys root@hadoop02:/root/.ssh/
[root@ K8s-node2 .ssh]# scp authorized_keys root@hadoop03:/root/.ssh/

 

6.验证免密登录

使用ssh 用户名@节点名或ssh ip地址命令验证免密码登录。

[root@k8s-master .ssh]# ssh root@k8s-node1