Setting password-less ssh access for root
IBM Spectrum Scale Master is a role designated to the host on which the Master component of the IBM Spectrum® Scale service is installed. It should be a part of the administrator nodes set. All the IBM Spectrum Scale cluster wide administrative commands including those for creation of the IBM Spectrum Scale cluster and the file system are run from this host.
Passwordless ssh access for root must be configured from the IBM Spectrum Scale Master node to all the other IBM Spectrum Scale nodes. This is needed for IBM Spectrum Scale to work. For non-adminMode central clusters, ensure that you have bi-directional password-less setup for the fully qualified and short names for all the GPFS™ nodes in the cluster. This must be done for the root user. For non-root Ambari environment, ensure that the non-root ID can perform bi-directional password-less SSH between all the GPFS nodes.
In this configuration, one or more hosts could be designated as IBM Spectrum Scale Administration (or Admin) nodes. By default, the GPFS Master is an Admin node. In Admin mode central configuration, it is sufficient to have only uni-directional password-less ssh for root from the Admin nodes to the non-admin nodes. This configuration ensures better security by limiting the password-less ssh access for root.
- Define Node1 as the IBM Spectrum Scale master.
- Log on to Node1 as the root user.
# cd /root/.ssh
- Generate a pair of public authentication keys. Do not type a
passphrase.
# ssh-keygen -t rsa
Generate the public-private rsa key pair.
Type the name of the file in which you want to save the key (/root/.ssh/id_rsa):
Type the passphrase.
Type the passphrase again.
The identification has been saved in /root/.ssh/id_rsa.
The public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
…
Note: During ssh-keygen -t rsa, accept the default for all. - Set the public key to the authorized_keys
file.
# cd /root/.ssh/; cat id_rsa.pub > authorized_keys
- For clusters with adminMode as allToAll,
copy the generated public key file to
nodeX.
# scp /root/.ssh/* root@nodeX:/root/.ssh
where, nodeX is all the nodes.
For clusters with adminMode as central, copy the generated public key file to nodeX.# scp /root/.ssh/* root@nodeX:/root/.ssh
nodeX is all the nodes chosen for administration.
Configure the password less ssh with non admin nodes (nodeY) in the clusters.# ssh-copy-id root@nodeY
nodeY is rest of the cluster nodes.
- Ensure that the public key file permission is
correct.
#ssh root@nodeX “chmod 700 .ssh; chmod 640 .ssh/authorized_keys"
- Check password-less
access
# ssh node2 [root@node1 ~]# ssh node2 The authenticity of host 'gpfstest9 (192.0.2.0)' can't be established. RSA key fingerprint is 03:bc:35:34:8c:7f:bc:ed:90:33:1f:32:21:48:06:db. Are you sure you want to continue connecting (yes/no)?yes
Note: You also need to run ssh node1 to add the key into /root/.ssh/known_hosts for password-less access.