Pigsty requires an administrative user that can SSH password-free to other nodes from the meta-node and execute the
sudo command password-free.
Pigsty recommends that the creation of the administrative user, privilege configuration and key distribution be done during the Provisioning phase of the VM as part of the delivered content.
The default user for sandbox environments,
vagrant, is already configured with password-free login and password-free sudo by default, and you can use vagrant to login to all database nodes from the host or sandbox meta-node. For production environments, i.e. when the machine is delivered, there should already be such a user configured with unencrypted remote SSH login and unencrypted sudo.
If not, the user will need to create it himself. If the user has root privileges, they can also perform the initialization directly with root identity, and Pigsty can complete the creation of the administrative user during the initialization process. The relevant configuration parameters include.
Whether to create an admin user on each node (password-free sudo with ssh), which will be created by default.
Pigsty by default creates an admin user named
admin (uid=88) that can SSH-free access to other nodes in the environment from the meta-node and perform password-free sudo.
uid of the administrator user, default is
Name of the admin user, default is
Does the SSH key for the admin user get exchanged between the machines currently executing the command?
The exchange is performed by default, so that the administrator can quickly jump between machines.
Key written to admin
Users with the corresponding private keys can log in as administrators.
By default, Pigsty will create the administrator user
uid=88 and exchange that user’s key cluster-wide.
node_admin_pks given in the public key will be installed to the
authorized_keys of the admin account, and the user with the corresponding private key can directly log in remotely without encryption.
Configure SSH nopass access
On the meta node, assume the username of the user executing the command is
Generate the key
Execute the following command as user
vagrant to generate a public-private key pair for
vagrant to use for login.
- Default public key:
- Default private key:
Install the key
Add the public key to the corresponding user on the machine you need to log in to:
If you already have direct password access to the remote machine, you can copy the public key directly via
# Enter the password to complete the public key copy ssh-copy-id <ip>
# Embed the password directly into the command to avoid interactive password entry sshpass -p <password> ssh-copy-id <ip>
Then you can log in to the remote machine via password-free SSH for that user.
Configure nopass SUDO
Assuming the username is
vagrant, add the following entry via the
visudo command, or by creating the
%vagrant ALL=(ALL) NOPASSWD: ALL
Then the vagrant user can execute all commands without