search

tbarbugli / cassandra_snapshotter

A tool to backup cassandra nodes using snapshots and incremental backups on S3
Other
222 stars 122 forks source link

Improve documentation on ssh key usage #21

Closed chrislovecnm closed 10 years ago

chrislovecnm commented 10 years ago

Hi all

I am looking for better documentation on how to just use ssh keys, and no password. I am getting an error from fabric that sudo requires a password. Do I need to setup sudo on the remote boxes to all to run the backup w/o password?

Thanks

Chris

tbarbugli commented 10 years ago

Hi, fab will try to use ssh public key authentication to connect to your cluster nodes. The user that you use to connect to the nodes needs sudo (without password prompt).

p.s. ssh user@host1 -vvv

can be quite helpful to debug ssh pubkey issues :)

Cheers, Tommaso

2014-06-11 20:55 GMT+02:00 Chris Love notifications@github.com:

Hi all

I am looking for better documentation on how to just use ssh keys, and no password. I am getting an error from fabric that sudo requires a password. Do I need to setup sudo on the remote boxes to all to run the backup w/o password?

Thanks

Chris

— Reply to this email directly or view it on GitHub https://github.com/tbarbugli/cassandra_snapshotter/issues/21.

chrislovecnm commented 10 years ago

Still having issues with this ...

I am running

cassandra-snapshotter -v --aws-access-key-id=redacted --aws-secret-access-key=redacted --s3-bucket-name=redacted --s3-bucket-region=redacted --s3-ssenc --s3-base-path=redacted backup --hosts=host1,host2,host3 --sshport=redacted

and I am getting this error:

Fatal error: Needed to prompt for a connection or sudo password (host: host1), but input would be ambiguous in parallel mode

ssh works w/o password with user sudo for cassandra-snapshooter, cassandra-snapshotter-agent, and nodetool add work w/o password

I am able to run the command with a different user, with their password and username.

The problem seems to be with Frabic. Do you have an example of sudo setup?

tbarbugli commented 10 years ago

That's odd; what happens if you provide the user to cassandra-snapshotter command explicitly? (--user=username)

2014-06-16 20:36 GMT+02:00 Chris Love notifications@github.com:

Still having issues with this ...

I am running

cassandra-snapshotter -v --aws-access-key-id=redacted --aws-secret-access-key=redacted --s3-bucket-name=redacted --s3-bucket-region=redacted --s3-ssenc --s3-base-path=redacted backup --hosts=host1,host2,host3 --sshport=redacted

and I am getting this error:

Fatal error: Needed to prompt for a connection or sudo password (host: host1), but input would be ambiguous in parallel mode

ssh works w/o password with user sudo for cassandra-snapshooter, cassandra-snapshotter-agent, and nodetool add work w/o password

I am able to run the command with a different user, with their password and username.

— Reply to this email directly or view it on GitHub https://github.com/tbarbugli/cassandra_snapshotter/issues/21#issuecomment-46216894 .

chrislovecnm commented 10 years ago

same ... also tried:

with settings(sudo_prefix="sudo "):
    with show('debug'):
        sudo(cmd, shell=False)

With no luck.

I am encountering a callback to handle_prompt_abort in the frabric source code itself. I am not sure if it is a problem with sudo or ssh.

tbarbugli commented 10 years ago

perhaps a very old fabric version? another thing you can try is changing one sudo command to normal run; this way you should understand if its ssh having trouble connecting or if its a sudo thing. I also had trouble with fabric not playing well with ssh-agent but thats something should be resolved in recent versions of fabric.

2014-06-16 22:00 GMT+02:00 Chris Love notifications@github.com:

same ... also tried:

with settings(sudo_prefix="sudo "): with show('debug'): sudo(cmd, shell=False)

With no luck.

I am encountering a callback to handle_prompt_abort in the frabric source code itself. I am not sure if it is a problem with sudo or ssh.

— Reply to this email directly or view it on GitHub https://github.com/tbarbugli/cassandra_snapshotter/issues/21#issuecomment-46227415 .

chrislovecnm commented 10 years ago

I used pip to install fabric, so that should be fine. It is the ssh connection, using run does not help. I am using ecdsa keys ... so that might be the problem. I have set the key name by hand with no luck. Paramiko debug is not telling me if I am connected. May see if I can turn on more debug via sshd.... Oh fun fun fun

tbarbugli commented 10 years ago

Hi Chris, did you manage to get the snapshotter working in the end?

Tommaso

2014-06-16 22:57 GMT+02:00 Chris Love notifications@github.com:

I used pip to install fabric, so that should be fine. It is the ssh connection, using run does not help. I am using ecdsa keys ... so that might be the problem. I have set the key name by hand with no luck. Paramiko debug is not telling me if I am connected. May see if I can turn on more debug via sshd.... Oh fun fun fun

— Reply to this email directly or view it on GitHub https://github.com/tbarbugli/cassandra_snapshotter/issues/21#issuecomment-46236230 .

chrislovecnm commented 10 years ago

It is in my todo list :) I need to try just using rsa keys instead of esdsa

chrislovecnm commented 10 years ago

Major edit on the comment. I used a previous version where I was not using sudo, and had less issues.

Crazy question. Do we need to use sudo? Most likely this will run w/o sudo, and is probably more secure, since you cannot overwrite files.

Thanks

Chris

chrislovecnm commented 10 years ago

It's ALIVE!!

sudoers file:

backupuser ALL=(ALL) NOPASSWD:/bin/bash -l -c /usr/bin/nodetool *
backupuser ALL=(ALL) NOPASSWD: /bin/bash -l -c cassandra-snapshotter-agent *

Do we need any other commands?

tbarbugli commented 10 years ago

I agree, you should not use sudo unless necessary; on the other hand I believe running without sudo would make the use of this tool way more complex for lot of people.

mandeepm91 commented 8 years ago

I am also facing this issue. Running the following command from my local machine

cassandra-snapshotter --s3-bucket-name=<masked> \
                      --s3-bucket-region=us-east-1 \
                      --s3-base-path=<masked> \
                      --aws-access-key-id=<masked> \
                      --aws-secret-access-key=<masked> \
                      backup \
                      --hosts=<masked> \
                      --user=ubuntu

Here is the error message:

[XX.XX.XX.XX] Executing task 'node_start_backup'

Fatal error: Needed to prompt for a connection or sudo password (host: XX.XX.XX.XX), but input would be ambiguous in parallel mode

Aborting.

Fatal error: One or more hosts failed while executing task 'node_start_backup'

Aborting.
[XX.XX.XX.XX] Executing task 'clear_node_snapshot'
[XX.XX.XX.XX] run: /usr/bin/nodetool clearsnapshot -t "20160331101830"

Fatal error: Needed to prompt for a connection or sudo password (host: XX.XX.XX.XX), but input would be ambiguous in parallel mode

Aborting.

Fatal error: One or more hosts failed while executing task 'clear_node_snapshot'

Aborting.

And have the correct ssh_config setup. Any idea what I might be doing wrong ?