Creating Identical Users and Groups on Other Cluster Nodes
The Oracle software users and groups must exist and be identical on all cluster nodes. To create these identical users and groups, you must identify the user ID and group IDs assigned to them on the node where you created them, then create the user and groups with the same name and ID on the other cluster nodes. You must create identical users and groups on other cluster nodes only if you are using local users and groups. If you are using users and groups defined in a directory service such as NIS, they are already identical on each cluster node.Identifying the User and Group IDs
To determine the user ID (UID) and the group IDs (GID) for the groups, follow these steps:
1.
Enter following command:
2. # id oracle
The output from this command is similar to the following:
uid=440(oracle) gid=200(oinstall) groups=201(dba),202(oper)
3.
From the output, identify
the user identity (UID) for the Oracle user and the group identities (GIDs) for
the groups to which it belongs.
Creating the User and Groups on the Other Cluster Nodes
To create the user and groups on the other cluster nodes, repeat the following procedure on each node:
1.
Log in to the cluster
node in which you want to create the user and groups as
root
.
2.
Enter commands as per the
syntax to create the respective groups. Use the
-g
option to specify the
correct GID for each group:3. # /usr/sbin/groupadd -g <group_id> <group_name>
Configuring SSH on all Cluster Nodes
Before you install and use Oracle Real Application Clusters, you must configure secure shell (SSH) for theoracle
user on
all cluster nodes. Oracle Universal Installer uses the ssh
and scp
commands during
installation to run remote commands on and copy files to the other cluster
nodes. You must configure SSH so that these commands do not prompt for a
password.
Note:
This section describes
how to configure OpenSSH version 3. If SSH is not available, then Oracle
Universal Installer attempts to use
rsh
and rcp
instead. However, these services are disabled by default on most
Linux systems.Configuring SSH on Cluster Member Nodes
To configure SSH, complete the following steps on each cluster node:
1.
Log in as the Oracle
user.
2.
If necessary, create the
.ssh
directory in the Oracle
user's home directory and set the correct permissions for it:3. $ mkdir ~/.ssh
4. $ chmod 700 ~/.ssh
6. $ /usr/bin/ssh-keygen -t rsa
At the prompts:
o
Accept the default
location for the key file.
o
Enter and confirm a
different pass phrase from the Oracle user's password.
This command writes the public key to the
~/.ssh/id_rsa.pub
file
and the private key to the ~/.ssh/id_rsa
file. Never distribute the
private key to anyone.
7.
Enter the following command
to generate a DSA key for version 2 of the SSH protocol:
8. $ /usr/bin/ssh-keygen -t dsa
At the prompts:
o
Accept the default
location for the key file.
o
Enter and confirm a pass
phrase that is different from the Oracle user's password.
This command writes the public key to the
~/.ssh/id_dsa.pub
file
and the private key to the ~/.ssh/id_dsa
file. Never distribute the
private key to anyone.
9.
Copy the contents of the
~/.ssh/id_rsa.pub
and ~/.ssh/id_dsa.pub
files
to the ~/.ssh/authorized_keys
file on
this node and to the same file on all other cluster nodes.
Note:
The
~/.ssh/authorized_keys
file on every node must contain the contents
from all of the ~/.ssh/id_rsa.pub
and ~/.ssh/id_dsa.pub
files that you generated on all cluster nodes.
10. Change the permissions on the
~/.ssh/authorized_keys
file on all cluster
nodes:11.$ chmod 600 ~/.ssh/authorized_keysAt this point, if you use
ssh
to log
in to or run a command on another node, you are prompted for the pass phrase
that you specified when you created the DSA key.Enabling SSH User Equivalency on Cluster Member Nodes
To enable Oracle Universal Installer to use thessh
and scp
commands without being
prompted for a pass phrase, follow these steps:
1.
On the system where you
want to run Oracle Universal Installer, log in as the Oracle user.
2.
Enter the following
commands:
3. $ exec /usr/bin/ssh-agent $SHELL
4. $ /usr/bin/ssh-add
5.
At the prompts, enter the
pass phrase for each key that you generated.
If you have configured SSH correctly, then you can use the
ssh
or scp
commands without being
prompted for a password or a pass phrase.
6.
To test the SSH
configuration, enter the following commands from the same terminal session,
testing the configuration of each cluster node:
7. $ ssh nodename1 date
8. $ ssh nodename2 date
No comments:
Post a Comment