So, talking about the patch hack reminded me to say a word about an important thing when building clusters: moving around. If you have hundreds of nodes and have to update one config file, would you like to type your admin password hundreds of times ?
So, the simple way of doing it on a controlled environment is using passwordless SSH keys and passwordless sudo for certain tasks.
SSH Keys: When you SSH to another computer you normally have to type a password, but there’s another way of authenticating and it is a trusted DSA/RSA key. This key is created using the ssh-keygen tool:
$ ssh-keygen -t dsa -b 1024
It’ll ask for a passphrase and there is where you just type ENTER. This will create two files on your ~/.ssh directory: id_dsa and id_dsa.pub. The public file should be copied to all your node’s ~/.ssh directory and renamed as authorized_keys. That’s it, SSH to the node and check that it won’t ask you for a password.
$ ssh node mkdir .ssh (type password) $ scp .ssh/id_dsa.pub node:.ssh/ (type password) $ ssh node mv ~/.ssh/id_dsa.pub ~/.ssh/authorized_keys (type password) $ ssh node (won't ask for a password)
Sudo rules: Sudo helps you to execute things as root without being root but the root must allow that and the way to allow that is to add you to the /etc/sudoers file. Ubuntu already sets you in sudoers if you provided your username on the installation. If not, you should be able to run the visudo application properly.
$ sudo visudo
The line should be something like that on Ubuntu’s sudoers:
%admin ALL=(ALL) ALL
And the quick solution is to change to that:
%admin ALL=NOPASSWD: ALL
When you save and close the editor (:x on vi) will update the sudoers and you’ll be able to run everything as root without typing a password. BEWARE! This approach is very very very insecure so make sure you have all your machines completely separated from your network otherwise it’ll compromise your entire network.
Disclaimer: I use that because, it won’t open any security hole on your machine and in the event of someone breaking into one of the machines via another security hole it’ll compromise all your nodes because they should have exactly the same configurations, so no point trying to make one node secure the other.
So, with all that said, it’s very simple to shutdown the cluster:
for node in `cat /etc/cluster`; do ssh $node sudo halt done
no passwords, no words, just a quick halt.