Hadoop集群采用SSH免密码登录的形式进行通信,需要事先配置免密码认证。CentOS 7操作系统中默认已经安装了SSH,本书中仅介绍SSH免密码登录配置。在配置SSH时使用Xshell分别登陆6个服务器节点,并进行SSH配置。
(1)生成公钥
SSH目录在/etc,目录下ssh-keygen -t rsa (提示:生成的认证秘钥并非只有rsa还有一个是dsa),连续敲3个回车就行了,不用输入密码。
[hadoop@sys01 ~]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/hadoop/.ssh/id_rsa): #输入Enter键 Created directory '/home/hadoop/.ssh'. Enter passphrase (empty for no passphrase): #输入Enter键 Enter same passphrase again: #输入Enter键 Your identification has been saved in /home/hadoop/.ssh/id_rsa. Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub. The key fingerprint is: SHA256:SR64gQSdsEt7a6mcCDmPOz3+9/SgOzCjGBrKb5XbKow hadoop@sys01 The key's randomart image is:
+---[RSA 2048]----+
| o+.. |
| oo. . |
| o . o o |
| . o = o |
| o . o S |
|o. .+= |
|B=o.=+o o |
|*E+B .o+ o |
|++O+oo++. . |
+----[SHA256]-----+
生成后的密码在根目录下。因为是隐藏的,所以要用ls命令查看。
[hadoop@sys01 ~]$ ls -la total 186472 drwx------. 8 hadoop hadoop 4096 Jul 22 21:42 . drwxr-xr-x. 10 root root 4096 Jul 22 21:39 .. -rw-------. 1 hadoop hadoop 755 Jul 22 07:00 .bash_history -rw-r--r--. 1 hadoop hadoop 18 Apr 10 20:53 .bash_logout -rw-r--r--. 1 hadoop hadoop 255 Jul 22 05:58 .bash_profile -rw-r--r--. 1 hadoop hadoop 305 Jul 22 06:04 .bashrc drwxrwxr-x. 3 hadoop hadoop 4096 Jul 22 05:50 .cache drwxrwxr-x. 3 hadoop hadoop 4096 Jul 22 05:50 .config drwxr-xr-x. 4 hadoop hadoop 4096 Jul 3 01:48 .mozilla drwxrwxr-x. 2 hadoop hadoop 4096 Jul 22 06:00 .oracle_jre_usage drwx------. 2 hadoop hadoop 4096 Jul 22 21:42 .ssh -rw-------. 1 hadoop hadoop 930 Jul 22 06:04 .viminfo
其他节点操作方法参考sys01的公钥生成方法。
(2)配置各个节点自身的免密码登录
配置自己到自己的免密。
[hadoop@sys01 ~]$ssh-copy-id IP #IP为除自身节点的其他5个节点对应IP
其他节点配置方式参考第一个节点.
(3)配置各个节点互相免密
第一个节点执行命令:
[hadoop@sys01 ~]$ssh-copy-id IP #IP为除自身节点的其他5个节点对应IP
然后输入对应节点的登录密码,即可配置成功。配置成功的界面如下:
[hadoop@sys01 ~]$ ssh-copy-id 172.16.2.182 #sys01到sys02的免密 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/hadoop/.ssh/id_rsa.pub" The authenticity of host '172.16.2.182 (172.16.2.182)' can't be established. ECDSA key fingerprint is SHA256:nsjX66sL3nGqrBToxxCkfLsoSMmwvtwhzkAJbOX7/vQ. ECDSA key fingerprint is MD5:bb:75:eb:69:be:ba:dd:e4:4a:85:4a:17:7e:65:11:de. Are you sure you want to continue connecting (yes/no)? yes #输入yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys hadoop@172.16.2.182's password: #输入sys02的hadoop用户登录密码 Number of key(s) added: 1 Now try logging into the machine, with: "ssh '172.16.2.182'" and check to make sure that only the key(s) you wanted were added.
sys01到其余节点免密
[hadoop@sys01 ~]$ ssh-copy-id xxx.xxx.xxx.xxx #有几个节点,需要操作几次
(4)如果免密登陆未成功,则更改部分文件权限如下
[hadoop@sys01 ~]$ chmod 700 .ssh [hadoop@sys01 ~]$ chmod 600 .ssh/*
(5)测试是否成功
[hadoop@sys01 ~]$ ssh sys02 Last login: Mon Jul 23 02:12:41 2018 from sys01 [hadoop@sys02 ~]$