Remote Server Connection
ascend-deployer can remotely connect to other target servers through SSH key authentication (password-free login) or SSH password authentication. You are advised to follow the steps below to perform SSH key authentication. For SSH password authentication, configure the ansible_ssh_pass field in the inventory_file according to the software packages to be installed.
- After the package download is complete, upload the entire ascend-deployer directory to the user home directory (for example, $HOME) on a Linux server. If you use ascend-deployer for package download on a Linux server, skip this step.
- Configure key authentication.
- Run the following command on the management server (where ascend-deployer is deployed) to generate an SSH key.
For security purpose, change the current umask value to 0077 before running the following command. After the command is executed, restore the original umask value. (During remote login, you are advised to change the umask value in the .bashrc file in the home directory and place the operation command in the first line of the .bashrc file.)
ssh-keygen -t rsa -b 3072
When "Enter file in which to save the key" is displayed, press Enter to use the default settings. To ensure security, you are advised to enter the key password (complying with the password complexity requirements) when the message "Enter passphrase" is displayed.
The preceding is an example. Pay attention to the risks of using and keeping the SSH key and key password, especially the risks when the key is not encrypted. You need to perform related configurations according to the security policies of your organization, such as password complexity requirements and security configurations (protocols, cipher suites, key lengths, and whether ssh-keygen can be used).
- Run the following command to copy the public key of the management server to other target devices:
ssh-copy-id -i ~/.ssh/id_rsa.pub <user>@<ip>
Replace <user> with the login account and <ip> with the IP address of the target server. The username and IP address configured in this step must be the same as those configured in the inventory_file.
- Verify that the management server can log in to other target devices.
ssh <user>@<ip>
Replace <user> with the login account and <ip> with the IP address of the target server.
- Log out of the current server.
exit
- Run the following command on the management server (where ascend-deployer is deployed) to generate an SSH key.
- Configure the SSH agent to manage the SSH key to avoid entering the key password during the batch installation using the ascend-deployer tool. Run the following commands to set the SSH agent:
- Start the bash process of the SSH agent.
ssh-agent bash
- Add a private key to the SSH agent.
ssh-add ~/.ssh/id_rsa
When the message "Enter passphrase for /root/.ssh/id_rsa:" is displayed after the preceding commands are executed, enter the key password set in 2.
After the subsequent batch installation is complete, run the exit command to exit the bash process of the SSH agent to prevent security risks.
- Start the bash process of the SSH agent.