Mesosphere DCOS, Azure, Docker, VMware & Everything Between – Part 3

After clearing out all the security-related tweaks and configurations and having all of our DC/OS cluster nodes installed with the docker engine, It’s time to create the SSH authorized keys file and establish the trust relationships between the bootstrap node to all other nodes in the cluster.

In order for the bootstrap node to be able to securely communicate and open SSH tunnel to other nodes and for the other nodes to be able to pull the DC/OS configuration script during installation, we first need to generate private and public keys using ssh-keygen tool and add the public key into the bootstrap authorized_keys file.

Notice the I put “” in the second line. This is actually a DC/OS installation prerequisite, to generate SSH keys without a passphrase.  

Next, we need to pass the authorized_keys values from the bootstrap to each node in our cluster. On the bootstrap node, run the following command and provide your nodes passwords. Although this is a one-time action, you need to do this for each node. This will establish trust between the bootstrap and the other nodes and will allow a secure SSH tunnel without needing to enter a password.

A couple of other DC/OS installation prerequisite is to remove password authentication and allow for the root user to login to the node without a password. Run those one-liners I’ve created on each node (but not on the bootstrap) and reboot the node.

Please note that once you reboot the node, you won’t be able to SSH it and will need to have the authorized keys on your laptop (for example) or to have VM console access. This is why I am working on the bootstrap node, it makes things a bit easier for me.

Alternatively, you could have SSH the cluster nodes from the bootstrap node and run those lines, whatever is easier for you.

SSH keys configurations done – it’s snapshot time!

In the next part, we will install our 3 DC/OS master nodes, 3 private agent nodes to form our cluster and have it up and running.

Be the first to comment

Leave a Reply