Existen varios metodos de autentificacion remota, los cuales permiten tener un entorno seguro de conexion a distintos nodos.
Para la configuracion de OracleRAC es necesario tener cuentas de usuarios equivalentes, ya que deben ser iguales en la configuracion de variables de ambiente, puntos de montaje, claves y permisos.
La equivalencia permite acceder a los distintos nodos que conforman el cluster sin necesidad de ingresar la clave al momento de conectarse via ssh.
En Linux deberiamos primero saber si tenemos instalado el OpenSSH SSH daemon o sshd. Este proceso permite escuchar conexiones entrantes para conectarse a cualquier ambiente.
conectarse al ambiente Linux y ejecutar el siguiente comando:
[oracle@vmrac2 ~]$ pgrep sshd
Si no devuelve ningun numero de proceso, quiere decir que no esta activo.
En mi caso, yo baje el siguiente RPM rsh-server-0.17-38.el5.i386.rpm y se instala de la siguiente manera.
rpm -Uvh rsh-server-0.17-38.el5.i386.rpm
Cuando ya esta configurado el ssh, nuevamente consultamos si existen procesos relacionados con el daemon sshd:
[oracle@vmrac2 ~]$ pgrep sshd
2376
2989
2991
6778
6780
Ahora, vamos a configurar la equivalencia del usuario, que en este caso le llame oracle. Este proceso debe ser realizado en cada uno de los nodos.
Nodo vmrac1:
[oracle@vmrac1 ~]$ mkdir -p ~/.ssh
[oracle@vmrac1 ~]$ chmod 700 ~/.ssh
[oracle@vmrac1 ~]$ /usr/bin/ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
65:c8:c1:9c:17:ea:31:fb:76:a6:c8:1f:11:e4:96:b0 oracle@vmrac1.andoria.cl
[oracle@vmrac1 ~]$ /usr/bin/ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
59:36:7d:96:14:61:7b:32:80:b8:d5:d0:65:32:3a:45 oracle@vmrac1.andoria.cl
Nodo vmrac2:
[oracle@vmrac2 ~]$ mkdir -p ~/.ssh
[oracle@vmrac2 ~]$ chmod 700 ~/.ssh
[oracle@vmrac2 ~]$ mkdir -p ~/.ssh
[oracle@vmrac2 ~]$ chmod 700 ~/.ssh
[oracle@vmrac2 ~]$ /usr/bin/ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
42:4a:96:db:fe:29:a3:a4:ac:05:1d:ac:ee:45:49:3d oracle@vmrac2.andoria.cl
[oracle@vmrac2 ~]$ /usr/bin/ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
55:d7:f1:9e:b9:78:61:fd:2b:88:26:be:e9:03:c9:d0 oracle@vmrac2.andoria.cl
Hasta aqui, tenemos en cada uno de los nodos la llave publica para acceder a cada uno de los nodos. Esta llave deber ser distribuida en cada uno de los nodos del Cluster para lograr la equivalencia en las cuentas de usuario.
Nodo vmrac1:
[oracle@vmrac1 ~]$ cd .ssh
[oracle@vmrac1 .ssh]$ touch ~/.ssh/authorized_keys
[oracle@vmrac1 .ssh]$ ls -ltr
total 16
-rw-r--r-- 1 oracle oinstall 406 Jun 16 03:52 id_rsa.pub
-rw------- 1 oracle oinstall 1675 Jun 16 03:52 id_rsa
-rw-r--r-- 1 oracle oinstall 614 Jun 16 03:52 id_dsa.pub
-rw------- 1 oracle oinstall 672 Jun 16 03:52 id_dsa
-rw-r--r-- 1 oracle oinstall 0 Jun 16 03:52 authorized_keys
[oracle@vmrac1 .ssh]$ ssh vmrac1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
The authenticity of host 'vmrac1 (192.168.1.47)' can't be established.
RSA key fingerprint is 1f:6e:e1:d9:91:bc:5c:5e:b8:23:49:2f:a8:5c:4f:53.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'vmrac1,192.168.1.47' (RSA) to the list of known hosts.
oracle@vmrac1's password:
[oracle@vmrac1 .ssh]$ ssh vmrac1 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
Nodo vmrac2:
ssh vmrac2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
The authenticity of host 'vmrac2 (192.168.1.48)' can't be established.
RSA key fingerprint is 1f:6e:e1:d9:91:bc:5c:5e:b8:23:49:2f:a8:5c:4f:53.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'vmrac2,192.168.1.48' (RSA) to the list of known hosts.
oracle@vmrac2's password:
[oracle@vmrac2 ~]$ ssh vmrac2 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
Desde el nodo vmrac1:
[oracle@vmrac1 .ssh]$ scp ~/.ssh/authorized_keys vmrac2:.ssh/authorized_keys
oracle@vmrac2's password:
authorized_keys 100% 2040 2.0KB/s 00:00
Finalmente, probamos que efectivamente la configuracion de la equivalencia de usuarios sea la correcta:
Desde el Nodo vmrac1:
[oracle@vmrac1 .ssh]$ ssh vmrac1
Last login: Tue Jun 16 03:50:25 2009 from vmrac1.andoria.cl
[oracle@vmrac1 ~]$ ssh vmrac2
Last login: Tue Jun 16 04:25:34 2009 from vmrac1.andoria.cl
Desde el nodo vmrac2:
[oracle@vmrac2 .ssh]$ ssh vmrac1
Last login: Tue Jun 16 03:54:15 2009 from vmrac2.andoria.cl
Chequeo de equivalencia ejecutando el siguiente comando:
[oracle@vmrac1 cluvfy]$ ./runcluvfy.sh stage -pre crsinst -n vmrac1,vmrac2 -verbose
Extracto de ejecucion:
Check: User equivalence for user "oracle"
Node Name Comment
------------------------------------ ------------------------
vmrac1 passed
vmrac2 passed
Result: User equivalence check passed for user "oracle".
Esto es todo amigos!!!
Saludos.
No comments:
Post a Comment