Configuring Batch Installation

Skip this section if single-node installation is used. To install software on devices in batches, perform the following operations and test the connectivity of the target devices.

1. Upload ascend-deployer directory to the user's home directory (for example, $HOME) on a Linux server. If you download ascend-deployer on a Linux server, skip this step.
2. Configure the IP addresses and usernames of other target devices on the Linux server running ascend-deployer.

   Go to the ascend-deployer directory, edit the inventory_file file, add the IP address and username of the target device, and run the :wq command to save the file and exit. The format is as follows:

   [ascend]
   localhost ansible_connection='local'
   ip_address_1 ansible_ssh_user='root' # root user
   ip_address_2 ansible_ssh_user='root' # root user
   ip_address_3 ansible_ssh_user='username' # non-root user

   

   The usernames of the remote device are configured in the inventory file. Both the root user and non-root users can access them. For details about software that can be installed by non-root users, see Table 1. If you want to install the software listed in Table 1 as a non-root user, set ansible_ssh_user in the inventory file to the root user and install sys_pkg (system components). Then, set ansible_ssh_user to the non-root user and install the software listed in Table 1.

3. Configure key authentication.
   1. Run the following command on the management server (where ascend-deployer is deployed) to generate an SSH key:
      To ensure security, change the value of umask to 0077 before running the following command and restore the value to the original one after the command is executed.

      ssh-keygen -t rsa -b 3072

      When "Enter file in which to save the key" is displayed, press Enter to use the default settings. To ensure security, you are advised to enter the key password (complying with the password complexity requirements) when the message "Enter passphrase" is displayed.

      

      The preceding is an example. Pay attention to the risks of using and keeping the SSH key and key password, especially the risks when the key is not encrypted. You need to perform related configurations according to the security policies of your organization, such as password complexity requirements and security configurations (protocols, cipher suites, key lengths, and whether ssh-keygen can be used).

   2. Run the following command to copy the public key of the management server to other target devices:

      ssh-copy-id -i ~/.ssh/id_rsa.pub <user>@<ip>

      Replace <user> and <ip> with the username and IP address configured in the inventory_file file in the previous step.

   3. Verify that the management server can log in to other target devices.

      ssh <user>@<ip>

      Replace <user> and <ip> with the username and IP address configured in the inventory_file file in the previous step.

4. Configure the SSH agent to manage the SSH key to avoid entering the key password during the batch installation using the ascend-deployer tool. Run the following commands to set the SSH agent:
   1. Start the bash process of the SSH agent.

      ssh-agent bash

   2. Add a private key to the SSH agent.

      ssh-add ~/.ssh/id_rsa

      When the message "Enter passphrase for /root/.ssh/id_rsa:" is displayed after the preceding commands are executed, enter the key password set in 1.

   

   After the subsequent batch installation is complete, run the exit command to exit the bash process of the SSH agent to prevent security risks.

5. Go to the ascend-deployer directory and run the ./install.sh --check command to test the connectivity of the target devices.

   Ensure that all devices can be properly connected. If a device fails to be connected, check whether the network connection of the device is normal and whether SSHD is enabled.