使用 SSH 建立用戶等效性。在集羣就緒服務 (CRS) 和 RAC 安裝過程中,Oracle Universal Installer (OUI) 必須能夠以 oracle 的身份將軟件複製到所有 RAC 節點,而不提示輸入口令。在 Oracle 10g 中,可以使用 ssh 代替 rsh 完成此操作。
要建立用戶等效性,請在兩個節點上以 oracle 用戶身份生成用戶的公鑰和私鑰。打開 rac1 的電源,在這兩個節點上執行以下任務。
在 rac1 上執行
rac1-> mkdir ~/.ssh rac1-> chmod 700 ~/.ssh rac1-> ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/export/home/oracle/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /export/home/oracle/.ssh/id_rsa. Your public key has been saved in /export/home/oracle/.ssh/id_rsa.pub. The key fingerprint is: 87:54:4f:92:ba:ed:7b:51:5d:1d:59:5b:f9:44:da:b6 [email protected] rac1-> ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/export/home/oracle/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /export/home/oracle/.ssh/id_dsa. Your public key has been saved in /export/home/oracle/.ssh/id_dsa.pub. The key fingerprint is: 31:76:96:e6:fc:b7:25:04:fd:70:42:04:1f:fc:9a:26 [email protected]
在 rac2 上執行
rac2-> mkdir ~/.ssh rac2-> chmod 700 ~/.ssh rac2-> ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/export/home/oracle/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /export/home/oracle/.ssh/id_rsa. Your public key has been saved in /export/home/oracle/.ssh/id_rsa.pub. The key fingerprint is: 29:5a:35:ac:0a:03:2c:38:22:3c:95:5d:68:aa:56:66 [email protected] rac2-> ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/export/home/oracle/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /export/home/oracle/.ssh/id_dsa. Your public key has been saved in /export/home/oracle/.ssh/id_dsa.pub. The key fingerprint is: 4c:b2:5a:8d:56:0f:dc:7b:bc:e0:cd:3b:8e:b9:5c:7c [email protected]在 rac1 上執行
rac1-> cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys rac1-> cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys rac1-> ssh rac2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys The authenticity of host 'rac2 (192.168.2.132)' can't be established. RSA key fingerprint is 63:d3:52:d4:4d:e2:cb:ac:8d:4a:66:9f:f1:ab:28:1f. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'rac2,192.168.2.132' (RSA) to the list of known hosts. oracle@rac2's password: rac1-> ssh rac2 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys oracle@rac2's password: rac1-> scp ~/.ssh/authorized_keys rac2:~/.ssh/authorized_keys oracle@rac2's password: authorized_keys 100% 1716 1.7KB/s 00:00
配置rac,到配置節點的等效性。
總結
1.用rsa,dsa加密算法生成成對密碼(每個節點都要生成(雙向通信))
2.將public可以傳給authorized_keys
3.將authorized_keys 複製號每個節點。
遇到的問題
1、當執行ssh rac2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys,提示no route to host(兩個節點在同一網段)。後來我用rac2@ip地址的方式,可以聯通了,提示輸入密碼,我輸了n+1次 都提示 permission denied ,終於發現rac2@ip出了問題,應該是 用戶名@ip,不是主機名@ip
2、文檔的配置不用ip,我認爲是主機名到ip的映射出了問題,在/etc/hosts的文件裏發現ip配錯了,改正後,用主機名就可以了。
3將授權文件複製到每個節點後,仍然每次提示要密碼,。。。。終於發現了,是。ssh的文件件權限過低,(原來777),後來給爲700即可,網上說755也行,沒試。