問題產生背景:
有三臺CentOS 7.5機器要部署hadoop分佈式環境,機器信息如下
IP 地址 | 主機名 |
---|---|
192.168.119.100 | node01 |
192.168.119.110 | node02 |
192.168.119.120 | node03 |
我創建了hadoop用戶來操作hadoop集羣,並且在三臺機器上都安裝了hadoop,爲了不在啓動hadoop時總是輸入密碼,我配置了免密登錄,配置方法是根據別人寫的文章配置的,基本上都是這樣寫的
ssh-keygen -t rsa
三臺機器在hadoop用戶下,執行以下命令將公鑰拷貝到node01服務器上面去
ssh-copy-id node01#這一步我直接敲回車了,搞不懂
node01在hadoop用戶下,執行以下命令,將authorized_keys拷貝到node02與node03服務器
cd /home/hadoop/.ssh/
scp authorized_keys node02:$PWD#直接敲回車了
scp authorized_keys node03:$PWD#直接敲回車了
看見我寫的註釋了嗎,因爲我根本搞不懂這幹啥的,當然最後也沒有配置成功,這種情況下的hadoop集羣啓動也能成功,但一般只能啓動連接成功的節點,比如我,在node01上啓動了hadoop,最後只有一個DataNode(如果連接成功應該有三個DataNode)。
免密登錄配置原理
那麼免密登錄配置原理是什麼呢,我們應該怎麼配置?以node01爲例,如果node02和node03想要免密登錄node01:
解釋一下:
1、我是node01,我交了兩個好朋友node02和node03,想讓她們知道我家的密碼,於是我把我家密碼寫在一個小文件裏面,發給她們倆;
2、我是node03,我有兩個好朋友node01和node02,她倆都給了我自己家的進門密碼小文件,我要把這個兩個小文件放進我家的鑰匙庫裏面。
因此免密登錄的配置步驟應該是(以node02和node03免密登錄node01爲例):
1、node01生成密鑰;
2、把密鑰發送到node02和node03;
3、node02把鑰匙放進自家鑰匙庫;
4、node03把鑰匙放進自家鑰匙庫;
5、從node02和node03分別登錄node01試一下;
實際操作:
以hadoop用戶操作系統
su - hadoop
在node01下執行ssh-keygen -t rsa生成密鑰,一路回車就可以
[hadoop@node01 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Ct6HIbAfypJpr/VLzxOeWX4WngQPUaSrJTguPN23Eh4 hadoop@node0
The key's randomart image is:
+---[RSA 2048]----+
| oo |
| .. |
| . .. |
| o . o. |
| . +o..So+ |
| +.+o=oE+. + |
|+.o=o+*oX.o o |
|..o = oO...= |
| ... o.oo.o |
+----[SHA256]-----+
[hadoop@node01 ~]$
這時node01就把自己家的鑰匙寫進的一個小文件,進入這個小文件的所在位置查看,id_rsa.pub就是node01的鑰匙小文件
[hadoop@node01 ~]$ cd ~/.ssh/
[hadoop@node01 .ssh]$ ls
id_rsa id_rsa.pub known_hosts
node01建一個鑰匙盒子authorized_keys來放自己家鑰匙
[hadoop@node01 ~]$ touch ~/.ssh/authorized_keys
把自家鑰匙放進鑰匙盒子
[hadoop@node01 ~]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
看一下自家鑰匙,已經放進去了
[hadoop@node01 .ssh]$ cat authorized_keys
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQC5St7/cQOYqmRGVbz4zV8Sr0eLDSVKojlZ8cKT3rSxSvkUJpb8Bmasyzeb+DviGp2wZnfintYNLTD4J8gIE+RQR6RNxjsUzjeeV70VnPXzZOjSHf1bfRrEZOO+VHBnQRGaynAmb+4QkeQSZmENT+0ay6fS4nqkPGjIyBJRSs3wJzmEhmPsj6wE4ZtFWrNZ+6z2hqBrA7+7+R6dt0YqIbglfxBTkH2T13JPQ32VtzihjiYe7E+z6B7xOcXq1ep7OQPKVhdEKzRw/sdkag4Myu2QqQ/VSTVWXJi+Lm40GERFU89XEuRnWS7sjrHLJ5Rdb0hGuH3UrvxxOcrSSELrwjqT hadoop@node01
在node02,node03中都執行ssh-keygen -t rsa生成密鑰,使得node02,node03都各自建好一個鑰匙小文件;
[hadoop@node02 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Ct6HIbAfypJpr/VLzxOeWX4WngQPUaSrJTguPN23Eh4 hadoop@node0
The key's randomart image is:
+---[RSA 2048]----+
| oo |
| .. |
| . .. |
| o . o. |
| . +o..So+ |
| +.+o=oE+. + |
|+.o=o+*oX.o o |
|..o = oO...= |
| ... o.oo.o |
+----[SHA256]-----+
[hadoop@node02 ~]$
[hadoop@node03 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/hadoop/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/hadoop/.ssh/id_rsa.
Your public key has been saved in /home/hadoop/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Ct6HIbAfypJpr/VLzxOeWX4WngQPUaSrJTguPN23Eh4 hadoop@node0
The key's randomart image is:
+---[RSA 2048]----+
| oo |
| .. |
| . .. |
| o . o. |
| . +o..So+ |
| +.+o=oE+. + |
|+.o=o+*oX.o o |
|..o = oO...= |
| ... o.oo.o |
+----[SHA256]-----+
[hadoop@node03 ~]$
接下來就要把node02、node03的鑰匙發送給node01,期間會要求輸入node01的登錄密碼,直接輸就可以;
[hadoop@node02 .ssh]$ scp ~/.ssh/id_rsa.pub hadoop@node01:~/.ssh/node02.id_rsa.pub
[hadoop@node03 .ssh]$ scp ~/.ssh/id_rsa.pub hadoop@node01:~/.ssh/node03.id_rsa.pub
再查看node01存放鑰匙的位置,已經有了node02和node03的鑰匙;
[hadoop@node01 .ssh]$ ls
authorized_keys id_rsa id_rsa.pub known_hosts node02.id_rsa.pub node03.id_rsa.pub
把node02和node03的鑰匙也放入鑰匙盒子authorized_keys;
[hadoop@node01 .ssh] cat ~/.ssh/node2.id_rsa.pub >> ~/.ssh/authorized_keys
[hadoop@node01 .ssh] cat ~/.ssh/node3.id_rsa.pub >> ~/.ssh/authorized_keys
此時再查看鑰匙盒子,三把鑰匙都有了;
[hadoop@node01 .ssh]$ cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC5St7/cQOYqmRGVbz4zV8Sr0eLDSVKojlZ8cKT3rSxSvkUJpb8Bmasyzeb+DviGp2wZnfintYNLTD4J8gIE+RQR6RNxjsUzjeeV70VnPXzZOjSHf1bfRrEZOO+VHBnQRGaynAmb+4QkeQSZmENT+0ay6fS4nqkPGjIyBJRSs3wJzmEhmPsj6wE4ZtFWrNZ+6z2hqBrA7+7+R6dt0YqIbglfxBTkH2T13JPQ32VtzihjiYe7E+z6B7xOcXq1ep7OQPKVhdEKzRw/sdkag4Myu2QqQ/VSTVWXJi+Lm40GERFU89XEuRnWS7sjrHLJ5Rdb0hGuH3UrvxxOcrSSELrwjqT hadoop@node01
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdRg4SkrXLnylK2ek+bdDuApKECNgwcHrgoOnTt65MgcV+dVQ6iq5+Q2eGODPAZLTX2+dZ+Vs04rWTQIfBQDWw1I7s+ecXF459juNT0ao9dmqN24DaRxeiiPXHBI6fK47SZtLf6cMk0rCK4G0T+iHG1OqR/vorc/9Bo0IAtS+4CRWZ8aegPlCDm7COF0XAmHiKtb1CTaUxJRsBk7azxAZr+mXXW72E+ylioefra6My4duuszECPbaMdNNPXEAEpqEzcaCYa1/z2hMRWKIzXMn+RUzvSeqbPiTFnQTWc+XStswC2qOuHKcyZV9L9H7NVV0hub58bq3/OZL1bohBGcwv hadoop@node02
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDS0xBtQx1MhdB+KVPKRaUyjouPE8Sz/G7/WMGx9q1FqV/KWEyTBUfTDfyZ3GNERz07pOPOKyPQ3GHOfu887JpMdemmdHUxDodMm5b9x167lN8/JkcRTVrK446Cm4fbkxHzQxShdGX6thhcA1IMyIl4ja6NQrJ5+yIoJNVkvGUHAZKjlktbh2W4BuPCYbLyegtN2ZPtAvfD1iiTxH5z1ynlFPvmYtr2HwukVB15cmGvjiTGpvgHOrDcY171NuTH0bBaeQALPqm9yw5mIHW0ygmmS2yS6HXPEJTRsC+YAAbXh2JIZzp2h+3W+CqrSAk2lUPeIDiOp9+o1cZ5TpMi2fSZ hadoop@node03
現在的情況是node01有三家的鑰匙,她已經可以免密登錄另外兩家;
[hadoop@node01 ~]$ ssh node02
Last login: Thu Nov 21 22:33:38 2019 from node01
[hadoop@node02 ~]$ exit
logout
Connection to node02 closed.
[hadoop@node01 ~]$ ssh node03
Last login: Thu Nov 21 22:32:43 2019
[hadoop@node03 ~]$ exit
logout
Connection to node03 closed.
這時候node01對node02和node03說,你們倆不要再各自分發鑰匙了,我這的鑰匙盒子有咱們三家的鑰匙,我把鑰匙盒子複製一份給你們吧;
調整文件夾和文件的權限(三臺機器都要執行)
先調整文件夾~/.ssh的權限:
chmod 700 ~/.ssh
再調整文件~/.ssh/authorized_keys的權限:
chmod 600 ~/.ssh/authorized_keys
試一下,應該已經可以三臺機器互相免密登錄了,免密登錄配置完成~~~撒花~~~