Improve documentation on ssh key usage about cassandra_snapshotter HOT 12 CLOSED

Hi,
fab will try to use ssh public key authentication to connect to your
cluster nodes.
The user that you use to connect to the nodes needs sudo (without password
prompt).

p.s.
ssh user@host1 -vvv

can be quite helpful to debug ssh pubkey issues :)

Cheers,
Tommaso

2014-06-11 20:55 GMT+02:00 Chris Love [email protected]:

Hi all

I am looking for better documentation on how to just use ssh keys, and no
password. I am getting an error from fabric that sudo requires a password.
Do I need to setup sudo on the remote boxes to all to run the backup w/o
password?

Thanks

Chris

—
Reply to this email directly or view it on GitHub
#21.

from cassandra_snapshotter.

Still having issues with this ...

I am running

cassandra-snapshotter -v --aws-access-key-id=redacted --aws-secret-access-key=redacted --s3-bucket-name=redacted --s3-bucket-region=redacted --s3-ssenc --s3-base-path=redacted backup --hosts=host1,host2,host3 --sshport=redacted

and I am getting this error:

Fatal error: Needed to prompt for a connection or sudo password (host: host1), but input would be ambiguous in parallel mode

ssh works w/o password with user
sudo for cassandra-snapshooter, cassandra-snapshotter-agent, and nodetool add work w/o password

I am able to run the command with a different user, with their password and username.

The problem seems to be with Frabic. Do you have an example of sudo setup?

from cassandra_snapshotter.

That's odd; what happens if you provide the user to cassandra-snapshotter
command explicitly? (--user=username)

2014-06-16 20:36 GMT+02:00 Chris Love [email protected]:

Still having issues with this ...

I am running

cassandra-snapshotter -v --aws-access-key-id=redacted --aws-secret-access-key=redacted --s3-bucket-name=redacted --s3-bucket-region=redacted --s3-ssenc --s3-base-path=redacted backup --hosts=host1,host2,host3 --sshport=redacted

and I am getting this error:

Fatal error: Needed to prompt for a connection or sudo password (host: host1), but input would be ambiguous in parallel mode

ssh works w/o password with user
sudo for cassandra-snapshooter, cassandra-snapshotter-agent, and nodetool
add work w/o password

I am able to run the command with a different user, with their password
and username.

—
Reply to this email directly or view it on GitHub
#21 (comment)
.

from cassandra_snapshotter.

same ... also tried:

with settings(sudo_prefix="sudo "):
    with show('debug'):
        sudo(cmd, shell=False)

With no luck.

I am encountering a callback to handle_prompt_abort in the frabric source code itself. I am not sure if it is a problem with sudo or ssh.

from cassandra_snapshotter.

perhaps a very old fabric version?
another thing you can try is changing one sudo command to normal run; this
way you should understand if its ssh having trouble connecting or if its a
sudo thing.
I also had trouble with fabric not playing well with ssh-agent but thats
something should be resolved in recent versions of fabric.

2014-06-16 22:00 GMT+02:00 Chris Love [email protected]:

same ... also tried:

with settings(sudo_prefix="sudo "):
with show('debug'):
sudo(cmd, shell=False)

With no luck.

I am encountering a callback to handle_prompt_abort in the frabric source
code itself. I am not sure if it is a problem with sudo or ssh.

—
Reply to this email directly or view it on GitHub
#21 (comment)
.

from cassandra_snapshotter.

I used pip to install fabric, so that should be fine. It is the ssh connection, using run does not help. I am using ecdsa keys ... so that might be the problem. I have set the key name by hand with no luck. Paramiko debug is not telling me if I am connected. May see if I can turn on more debug via sshd.... Oh fun fun fun

from cassandra_snapshotter.

Hi Chris,
did you manage to get the snapshotter working in the end?

Tommaso

2014-06-16 22:57 GMT+02:00 Chris Love [email protected]:

I used pip to install fabric, so that should be fine. It is the ssh
connection, using run does not help. I am using ecdsa keys ... so that
might be the problem. I have set the key name by hand with no luck.
Paramiko debug is not telling me if I am connected. May see if I can turn
on more debug via sshd.... Oh fun fun fun

—
Reply to this email directly or view it on GitHub
#21 (comment)
.

from cassandra_snapshotter.

It is in my todo list :) I need to try just using rsa keys instead of esdsa

from cassandra_snapshotter.

Major edit on the comment. I used a previous version where I was not using sudo, and had less issues.

Crazy question. Do we need to use sudo? Most likely this will run w/o sudo, and is probably more secure, since you cannot overwrite files.

Thanks

Chris

from cassandra_snapshotter.

It's ALIVE!!

sudoers file:

backupuser ALL=(ALL) NOPASSWD:/bin/bash -l -c /usr/bin/nodetool *
backupuser ALL=(ALL) NOPASSWD: /bin/bash -l -c cassandra-snapshotter-agent *

Do we need any other commands?

from cassandra_snapshotter.

I agree, you should not use sudo unless necessary; on the other hand I believe running without sudo would make the use of this tool way more complex for lot of people.

from cassandra_snapshotter.

I am also facing this issue. Running the following command from my local machine

cassandra-snapshotter --s3-bucket-name=<masked> \
                      --s3-bucket-region=us-east-1 \
                      --s3-base-path=<masked> \
                      --aws-access-key-id=<masked> \
                      --aws-secret-access-key=<masked> \
                      backup \
                      --hosts=<masked> \
                      --user=ubuntu

Here is the error message:

[XX.XX.XX.XX] Executing task 'node_start_backup'

Fatal error: Needed to prompt for a connection or sudo password (host: XX.XX.XX.XX), but input would be ambiguous in parallel mode

Aborting.

Fatal error: One or more hosts failed while executing task 'node_start_backup'

Aborting.
[XX.XX.XX.XX] Executing task 'clear_node_snapshot'
[XX.XX.XX.XX] run: /usr/bin/nodetool clearsnapshot -t "20160331101830"

Fatal error: Needed to prompt for a connection or sudo password (host: XX.XX.XX.XX), but input would be ambiguous in parallel mode

Aborting.

Fatal error: One or more hosts failed while executing task 'clear_node_snapshot'

Aborting.

And have the correct ssh_config setup. Any idea what I might be doing wrong ?

from cassandra_snapshotter.