在所有節點間配置ssh
在安裝rac的多個步驟都需要從一個節點拷貝文件到其他節點中,這要求各個節點間互相訪問不需要輸入密碼,否則安裝就會失敗。
這一步驟就是要配置ssh,使得rac的各個節點間不需要密碼就可以互相訪問。
以下步驟要求在Oracle用戶下執行:
Ø 在所有節點生成RSA和DSA Keys
過程需要回車幾次。
Rac1中執行步驟如下:
[root@rac1 ~]# su - oracle
[oracle@rac1 ~]$ mkdir ~/.ssh
[oracle@rac1 ~]$ chmod 700 ~/.ssh
[oracle@rac1 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
f3:df:90:e7:a7:47:7b:47:52:b1:f0:09:07:39:1b:c7 oracle@rac1
[oracle@rac1 ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
8d:57:66:6c:77:9b:2a:1a:60:4e:18:6c:43:f3:15:3d oracle@rac1
在rac2中執行如下:
[root@rac2 ~]# su - oracle
[oracle@rac2 ~]$ mkdir ~/.ssh
[oracle@rac2 ~]$ chmod 700 ~/.ssh
[oracle@rac2 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
c8:93:83:8e:1f:51:0c:76:e7:42:75:a9:b0:12:04:f0 oracle@rac2
[oracle@rac2 ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
e1:56:2f:f8:22:df:af:b3:f9:94:e3:15:dc:17:30:5foracle@rac2
Ø 添加密鑰信息到驗證文件中
這一系列步驟只需要在其中一個節點執行就可以了(這裡選擇rac1):
首先生成一個驗證文件(ssh登錄時會讀取這個文件的信息),用來存儲各個密鑰信息:
bash-3.00$ touch ~/.ssh/authorized_keys
把各個節點的密鑰信息都放在上一步新建的驗證文件中:
[oracle@rac1 ~]$ cd ~/.ssh
[oracle@rac1 .ssh]$ ssh rac1 cat ~/.ssh/id_rsa.pub >> authorized_keys
The authenticity of host 'rac1 (192.168.1.111)' can't be established.
RSA key fingerprint is e6:b8:99:04:5c:2a:42:a4:6b:18:6d:5d:69:59:b2:2e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'rac1,192.168.1.111' (RSA) to the list of known hosts.
oracle@rac1's password:
[oracle@rac1 .ssh]$ ssh rac2 cat ~/.ssh/id_rsa.pub >> authorized_keys
The authenticity of host 'rac2 (192.168.1.222)' can't be established.
RSA key fingerprint is e6:b8:99:04:5c:2a:42:a4:6b:18:6d:5d:69:59:b2:2e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'rac2,192.168.1.222' (RSA) to the list of known hosts.
oracle@rac2's password:
[oracle@rac1 .ssh]$ ssh rac1 cat ~/.ssh/id_dsa.pub >> authorized_keys
[oracle@rac1 .ssh]$ ssh rac2 cat ~/.ssh/id_dsa.pub >> authorized_keys
oracle@rac2's password:
Ø 在rac1把存儲公鑰信息的驗證文件傳送到rac2上
[oracle@rac1 .ssh]$ pwd
/home/oracle/.ssh
[oracle@rac1 .ssh]$ scp authorized_keys rac2:`pwd`
oracle@rac2's password:
authorized_keys 100% 1644 1.6KB/s 00:00
Ø 設置驗證文件的權限
在每一個節點執行:
bash-3.00$ chmod 600 ~/.ssh/authorized_keys
Ø 啟用用戶一致性
在你要運行OUI的節點以oracle用戶運行(這裡選擇rac1):
[oracle@rac1 .ssh]$ exec /usr/bin/ssh-agent $SHELL
[oracle@rac1 .ssh]$ ssh-add
Identity added: /home/oracle/.ssh/id_rsa (/home/oracle/.ssh/id_rsa)
Identity added: /home/oracle/.ssh/id_dsa (/home/oracle/.ssh/id_dsa)
Ø 驗證ssh配置是否正確
以oracle用戶在所有節點分別執行:
ssh rac1 date
ssh rac2 date
ssh rac1-priv date
ssh rac2-priv date
如果不需要輸入密碼就可以輸出時間,說明ssh驗證配置成功。必須把以上命令在兩個節點都運行,每一個命令在第一次執行的時候需要輸入yes。
如果不運行這些命令,即使ssh驗證已經配好,安裝clusterware的時候也會出現錯誤:
The specified nodes are not clusterable
因為,配好ssh後,還需要在第一次訪問時輸入yes,才算是真正的無障礙訪問其他服務器。
