11.2.0.3 RAC 全過程--8.Oracle RAC ssh Configure

$ORACLE_HOME/oui/bin/runInstaller -updateNodeList ORACLE_HOME=$ORACLE_HOME "CLUSTER_NODES=RAC02" -local
$ORA_CRS_HOME/bin/racgons remove_config RAC03:6200
$ORA_CRS_HOME/bin/racgons remove_config RAC01:6200
srvctl remove nodeapps -n RAC03
srvctl remove nodeapps -n RAC01
$ORA_CRS_HOME/oui/bin/runInstaller -updateNodeList ORACLE_HOME=$ORA_CRS_HOME "CLUSTER_NODES=RAC02" CRS=TRUE

-----------------------------------------------------------------------------------------------------------
                                         /ssh configure
-----------------------------------------------------------------------------------------------------------

Create RSA and DSA keys on each node:
Complete the following steps on each node:
Log in as the oracle user.
If necessary, create the .ssh directory in the oracle user's home directory and set the correct permissions on it:
$ mkdir -p ~/.ssh

$ chmod 700 ~/.ssh

$ chmod 700
Enter the following commands to generate an RSA key for version 2 of the SSH protocol:

$ /usr/bin/ssh-keygen -t rsa
At the prompts:
Accept the default location for the key file.
Enter and confirm a pass phrase that is different from the oracle user's password.
This command writes the public key to the ~/.ssh/id_rsa.pub file and the private key to the ~/.ssh/id_rsa file. Never distribute the private key to anyone.

Enter the following commands to generate a DSA key for version 2 of the SSH protocol:

$ /usr/bin/ssh-keygen -t dsa
At the prompts:
Accept the default location for the key file
Enter and confirm a pass phrase that is different from the oracle user's password
This command writes the public key to the ~/.ssh/id_dsa.pub file and the private key to the ~/.ssh/id_dsa file. Never distribute the private key to anyone.
Add keys to an authorized key file:
Complete the following steps:
On the local node, determine if you have an authorized key file (~/.ssh/authorized_keys). If the authorized key file already exists, then proceed to step 2. Otherwise, enter the following commands:

$ touch ~/.ssh/authorized_keys

$ cd ~/.ssh

$ ls
You should see the id_dsa.pub and id_rsa.pub keys that you have created.
Using SSH, copy the contents of the ~/.ssh/id_rsa.pub and ~/.ssh/id_dsa.pub files to the file ~/.ssh/authorized_keys, and provide the oracle user password as prompted. This process is illustrated in the following syntax example with a two-node cluster, with nodes node1 and node2, where the oracle user path is /home/oracle:

[oracle@node1 .ssh]$ ssh rac01 cat /home/oracle/.ssh/id_rsa.pub >> authorized_keys

oracle@node1's password:

[oracle@node1 .ssh]$ ssh rac01 cat /home/oracle/.ssh/id_dsa.pub >> authorized_keys

[oracle@node1 .ssh$ ssh rac02 cat /home/oracle/.ssh/id_rsa.pub >> authorized_keys

oracle@node2's password:

[oracle@node1 .ssh$ ssh rac02 cat /home/oracle/.ssh/id_dsa.pub >>authorized_keys

oracle@node2's password:

 

 

grid@node1 .ssh]$ ssh rac01 cat /home/grid/.ssh/id_rsa.pub >> authorized_keys

grid@node1's password:

grid@node1 .ssh]$ ssh rac01 cat /home/grid/.ssh/id_dsa.pub >> authorized_keys

grid@node1 .ssh$ ssh rac02 cat /home/grid/.ssh/id_rsa.pub >> authorized_keys

grid@node2's password:

grid@node1 .ssh$ ssh rac02 cat /home/grid/.ssh/id_dsa.pub >>authorized_keys

grid@node2's password:

Note:
Repeat this process for each node in the cluster.
Use SCP (Secure Copy) or SFTP (Secure FTP) to copy the authorized_keys file to the oracle user .ssh directory on a remote node. The following example is with SCP, on a node called node2, where the oracle user path is /home/oracle:

[oracle@node1 .ssh]scp authorized_keys rac02:/home/oracle/.ssh/
Repeat step 2 and 3 for each cluster node member. When you have added keys from each cluster node member to the authorized_keys file on the last node you want to have as a cluster node member, then use SCP to copy the complete authorized_keys file back to each cluster node member
Note:
the oracle user's /.ssh/authorized_keys file on every node must contain the contents from all of the /.ssh/id_rsa.pub and /.ssh/id_dsa.pub files that you generated on all cluster nodes.
Change the permissions on the oracle user's /.ssh/authorized_keys file on all cluster nodes:

$ chmod 600 ~/.ssh/authorized_keys

At this point, if you use ssh to log in to or run a command on another node, you are prompted for the pass phrase that you specified when you created the DSA key.
2.4.7.2 Enabling SSH User Equivalency on Cluster Member Nodes
To enable Oracle Universal Installer to use the ssh and scp commands without being prompted for a pass phrase, follow these steps:
On the system where you want to run Oracle Universal Installer, log in as the oracle user.
Enter the following commands:

$ exec /usr/bin/ssh-agent $SHELL

$ /usr/bin/ssh-add
At the prompts, enter the pass phrase for each key that you generated.