HP Serviceguard Toolkits for Database Replication Solutions manual

Page 50

Node2# ssh Node3 cat /.ssh/id_rsa.pub >> /.ssh/authorized_keys

Node2# ssh Node3 cat /.ssh/id_dsa.pub >> /.ssh/authorized_keys

Node2# scp /.ssh/authorized_keys Node3:.ssh/authorized_keys

NOTE: Provide root user’s password when asked.

Node2# exec /usr/bin/ssh-agent $SHELL

Node2# /usr/bin/ssh-add

Identity added: /.ssh/id_rsa (/.ssh/id_rsa)

Identity added: /.ssh/id_dsa (/.ssh/id_dsa)

Node2#

ssh Node2

ls /.ssh

 

Are you sure you

want

to add node Node2 to

the list of known hosts? yes

Note: It may not ask

the above question.

Give ‘root’ user’s password if asked.

Node2# ssh Node3

ls /.ssh

 

Are you sure you

want

to add node Node3 to

the list of known hosts? yes

Note: It may not ask

the above question.

 

On node Node3 (Once the setup on Node2 is complete)

Generate the “known hosts” entry by running the following commands:

Node3# ssh Node3 ls /.ssh

Are you sure you want to add node Node3 to the list of known hosts? yes

Node3# ssh Node2 ls /.ssh

Are you sure you want to add node Node2 to the list of known hosts? yes

The SSH connection without password setup is complete. Verify that the connection is proper and the system executes all the four commands without asking for password. For example:

On node Node3:

Node3# ssh Node3 ls /.ssh

Node3# ssh Node2 ls /.ssh

On node Node2:

Node2# ssh Node2 ls /.ssh

Node2# ssh Node3 ls /.ssh

To set SSH connection without password between multiple nodes for the same IP

After the SSH connection without password is configured between two IPs placed on different nodes, and if any IP is moved to another node, SSH communication displays the Man-in-middle attack error message. If the Standby package moves from Node3 to Node4, similar error occurs when Primary package attempts to write status file to Node4. To avoid this you must edit USER_HOME/.ssh/known_hosts file.

Perform the following steps to solve this issue:

NOTE: Corresponding to Node1 and Node2 in Figure 12 (page 36), consider that IP1 is used as Interconnect traffic IP. Similarly, IP2 is used as Interconnect traffic IP between Node3 and Node4.

1.Consider IP1 is assigned to Node2, and IP2 is assigned to Node3. To configure a SSH connection without password between IP1 and IP2, follow the procedure described in “ To configure SSH connection without password for root user between two nodes” (page 49)

2.After SSH connection without password is set successfully, move IP2 from Node3 to Node4. Now, SSH from IP1 to IP2 shows the following error:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ WARNING: POSSIBLE DNS SPOOFING DETECTED!

@

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@The RSA host key for foo-bar.net has changed, and the key for the corresponding IP address 127.0.0.1

is unchanged. This could either mean that

DNS SPOOFING is happening or the IP address for the host and its host key has changed at the same time.

50 To configure SSH connection without password for root user between two nodes

Page 49 Page 51
Image 50
Page 49 Page 51
Contents HP Part Number Published August Edition Page Contents Glossary Index Introduction Overview AdvantagesSingle-instance Oracle database Supported configurationDependencies Cmmakepkg -i pkgasciifile -m modulefilename outputfilename RAC environment RAC environmentServiceguard toolkit for Oracle Data Guard Data Guard replication between RAC primary and RAC standby Continentalclusters environment Continentalclusters environment Metrocluster and extended distance cluster environments Supported configuration Data Guard setup in an EDC environment Three data center configuration Configuring multiple instances of Oracle Data Guard Multiple Data Guard instances in each Serviceguard cluster# swinstall -s depot path Setting up Oracle Data Guard toolkitInstalling and uninstalling Oracle Data Guard toolkit High availability for data guard broker# swlist -l product T2259AA Files for the ADF module Activestandby Configuring Oracle Data Guard toolkit Package attributesSingle-instance environment For example, /etc/cmcluster/pkg/dgpkgSetting up Oracle Data Guard toolkit #ecmt/oracle/oracle/LISTENERRESTART Servicefailfastenabled no servicehalttimeout RAC environment For example, /etc/cmluster/pkg/racdgpkgWhere ocmnp is the Smnp package for Oracle CLusterware Adding the package to the Serviceguard cluster Maintaining Oracle Data Guard toolkitCluster verification for Oracle Data Guard toolkit Single-instance environmentLimitations TroubleshootingPkg.conf command Startstandbyasprimary to yes Prerequisites Using the DB2 Hadr toolkit Supported configurationWhen primary and standby packages are in the same cluster Event 1 Standby database or Hadr goes downEvent 2 Primary package fails When primary and standby packages are in different clusters Primary and Standby Packages in Different ClustersGo to the /etc/cmcluster/hadrprimary directory Creating packagesTo provide high availability only to primary database Cmmakepkg -m ecmt/db2/db2 -m tkit/db2hadr/db2hadr pkg.confInstancename Hadrip Maintaining packages Managing packagesRunning packages And, $ cmmodpkg -e hadrpkgHalting packages # cmhaltpkg packagenameHost key verification failed. Lost connection Limitations How to contact HP Information to collect before contacting HPDocumentation feedback Warranty informationHP authorized resellers Related information Typographic conventionsTIP Node3# /usr/bin/ssh-keygen -t dsa Db2 get db cfg for db2 database name grep -i hardNode3# /usr/bin/ssh-keygen -t rsa Node2# /usr/bin/ssh-keygen -t rsaPage To add a new key to/home/user/.ssh/knownhosts Page Glossary Index
Top Page Image Contents