(Optional) Connecting to a Remote Server
MindCluster Ascend Deployer can remotely connect to target servers for software installation through SSH key-based authentication (password-free login) or SSH password-based authentication. You are advised to perform the following steps to perform SSH key-based authentication. Password-free login must be configured when HCCN parameters are configured.
For SSH password-based authentication, configure the ansible_ssh_pass field in the server installation and deployment parameters (i.e. inventory_file) based on the software package to be installed.
Skip this step for single-server installation.
Prerequisites
You have downloaded required software packages.
Configuring SSH Key-based Authentication
- Configure key-based authentication.
- Generate an SSH key on the management server (MindCluster Ascend Deployer executor).
To ensure security, change the value of umask to 0077 before running the following command and restore the value to the original one after the command is executed.
(During remote login, you are advised to change the umask value in the .bashrc file in the home directory and place the operation command in the first line of the .bashrc file.) Run the :wq! command to save the file and exit. Run the source ~/.bashrc command for the modification to take effect immediately.ssh-keygen -t rsa -b 3072
When "Enter file in which to save the key" is displayed, press Enter to use the default settings. To ensure security, you are advised to enter the key password (complying with the password complexity requirements) when the message "Enter passphrase" is displayed.
The preceding is an example. Pay attention to the risks of using and keeping the SSH key and key password, especially the risks when the key is not encrypted. You need to perform related configurations according to the security policies of your organization, such as password complexity requirements and security configurations (protocols, cipher suites, key lengths, and whether ssh-keygen can be used).
- Run the following command to copy the public key of the management server to other target devices:
ssh-copy-id -i ~/.ssh/id_rsa.pub <user>@<ip>
Replace <user> with the login account and <ip> with the IP address of the target server. The username and IP address configured in this step must be the same as those configured in inventory_file.
- Verify that the management server can log in to other target devices.
ssh <user>@<ip>
Replace <user> with the login account and <ip> with the IP address of the target server.
- Log out of the current server.
exit
- Generate an SSH key on the management server (MindCluster Ascend Deployer executor).
- Configure the SSH agent on the management server to manage the SSH key to avoid entering the key password during the batch installation using MindCluster Ascend Deployer. Run the following commands to set the SSH agent:
- Start the bash process of the SSH agent.
ssh-agent bash
- Add a private key to the SSH agent.
ssh-add ~/.ssh/id_rsa
When the message "Enter passphrase for /root/.ssh/id_rsa:" is displayed after the preceding commands are executed, enter the key password set in step 2.
After the subsequent batch installation is complete, run the exit command to exit the bash process of the SSH agent to prevent security risks.
- Start the bash process of the SSH agent.