本文介绍如何通过SSH配置用户等效性,使Oracle Universal Installer能在RAC节点间无密码复制文件,适用于Oracle 10g的集群就绪服务和RAC安装过程。
本文摘自Vincent Chan 的oracle rac在vmware上安装那篇文章
使用 SSH 建立用户等效性。在集群就绪服务 (CRS) 和 RAC 安装过程中,Oracle Universal Installer (OUI) 必须能够以 oracle 的身份将软件复制到所有 RAC 节点,而不提示输入口令。在Oracle 10g中,可以使用 ssh 代替 rsh 完成此操作。
要建立用户等效性,请在两个节点上以 oracle 用户身份生成用户的公钥和私钥。打开 rac1 的电源,在这两个节点上执行以下任务。
在 rac1 上执行
rac1-> mkdir ~/.ssh
rac1-> chmod 700 ~/.ssh
rac1-> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key(/export/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in/export/home/oracle/.ssh/id_rsa.
Your public key has been saved in/export/home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
87:54:4f:92:ba:ed:7b:51:5d:1d:59:5b:f9:44:da:b6oracle@rac1.mycorpdomain.com
rac1-> ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key(/export/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in/export/home/oracle/.ssh/id_dsa.
Your public key has been saved in/export/home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
31:76:96:e6:fc:b7:25:04:fd:70:42:04:1f:fc:9a:26 oracle@rac1.mycorpdomain.com
在 rac2 上执行
rac2-> mkdir ~/.ssh
rac2-> chmod 700 ~/.ssh
rac2-> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key(/export/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in/export/home/oracle/.ssh/id_rsa.
Your public key has been saved in/export/home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
29:5a:35:ac:0a:03:2c:38:22:3c:95:5d:68:aa:56:66oracle@rac2.mycorpdomain.com
rac2-> ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key(/export/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in/export/home/oracle/.ssh/id_dsa.
Your public key has been saved in/export/home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
4c:b2:5a:8d:56:0f:dc:7b:bc:e0:cd:3b:8e:b9:5c:7coracle@rac2.mycorpdomain.com
在 rac1 上执行
rac1-> cat ~/.ssh/id_rsa.pub >>~/.ssh/authorized_keys
rac1-> cat ~/.ssh/id_dsa.pub >>~/.ssh/authorized_keys
rac1-> ssh rac2 cat ~/.ssh/id_rsa.pub>> ~/.ssh/authorized_keys
The authenticity of host 'rac2 (192.168.0.120)'can't be established.
RSA key fingerprint is63:d3:52:d4:4d:e2:cb:ac:8d:4a:66:9f:f1:ab:28:1f.
Are you sure you want to continueconnecting (yes/no)? yes
Warning: Permanently added 'rac2,192.168.0.120'(RSA) to the list of known hosts.
oracle@rac2's password:
rac1-> ssh rac2 cat ~/.ssh/id_dsa.pub>> ~/.ssh/authorized_keys
oracle@rac2's password:
rac1-> scp ~/.ssh/authorized_keysrac2:~/.ssh/authorized_keys
oracle@rac2's password:
authorized_keys 100% 1716 1.7KB/s 00:00
--安装之后发现,仍然需要密码,原来是.ssh的上级目录给的权限太大了,chmod 700 ~之后就正常了.注:权限太大也不行.
在每个节点上测试连接。验证当您再次运行以下命令时,系统是否不提示您输入口令。
ssh rac1 date
ssh rac2 date
ssh rac1-priv date
ssh rac2-priv date
ssh rac1.mycorpdomain.com date
ssh rac2.mycorpdomain.com date
ssh rac1-priv.mycorpdomain.com date
ssh rac2-priv.mycorpdomain.com date
扫一扫
938
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
