Skip to end of metadata
Go to start of metadata

ClustrixDB requires connectivity between each node via passwordless ssh for clxd (the database daemon user) for use with upgrades. Passwordless ssh is also recommended for users that will perform management and monitoring functions (e.g. clxm user). The following sections provide a few methods for configuring passwordless ssh. These steps should be repeated for each user (e.g. clxd, clxm) and configuration is performed on all nodes. 

Method 1: Configure key pairs via user login 

This method requires that you can log in as the user for which you are configuring keys, which requires that a password be set. 

Log into the Linux server using the user for whom you will configure for passwordless SSH authentication. 

Generate the key pair using default filenames. Simply press ENTER when prompted for any input by the ssh-keygen utility. To be passwordless, this SSH key should have no password.

shell> ssh username@hostname          
shell> ssh-keygen      

The output will look like:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/clxd/.ssh/id_rsa):
Created directory '/home/clxd/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/clxd/.ssh/id_rsa.
Your public key has been saved in /home/clxd/.ssh/
The key fingerprint is:
96:f6:07:ef:a7:cc:e3:0c:9a:44:c7:ed:33:fa:cf:62 clxd@node1

Cat the contents of the file into a new file named authorized_keys:

shell> cd ~/.ssh
shell> cat >> authorized_keys
shell> chmod 600 authorized_keys
shell> chmod 700 ~/.ssh

Copy the contents of the ~/.ssh directory to every node in the cluster as the same Linux user and verify the directory on each server has the same permissions. 

shell> scp -r -p ~/.ssh username@ip_of_next_server

For the configured Linux user, you can now SSH between any of the nodes without being prompted for a password. 


Note: Private keys must be stored using the default name, id_rsa. Non-default private key names are not supported.

Verify SSH Connectivity

To verify that SSH authentication is configured correctly, run this command:

shell> /opt/clustrix/bin/clx cmd 'date'

If dates are correctly returned from each node and no passwords are requested, setup is successful. You can also run clx stat to view the cluster’s status. See The CLX Command-Line Administration Tool for more information.

Repeat these steps for any Linux user that requires passwordless SSH authentication (e.g. clxd, and the clxm users).

Method 2: Configure key pairs for a user with no password 

These steps assume sudo access as root for the ClustrixDB daemon user, clxd.

For daemon users or other users that are only accessed via sudo or su, use the following steps to set up SSH authentication. 

These steps will overwrite any existing ~/.ssh/authorized_keys and ~/.my.cnf files on the nodes for the user being configured.

shell> /opt/clustrix/bin/clx cmd "sudo -u clxd mkdir -p -m700 /home/clxd/.ssh; sudo -u clxd ssh-keygen -f /home/clxd/.ssh/id_rsa -t rsa -N ''"
shell> /opt/clustrix/bin/clx cmd 'cat /home/clxd/.ssh/' | grep ssh-rsa >> /home/clxd/.ssh/authorized_keys
shell> /opt/clustrix/bin/clx push /home/clxd/.ssh/authorized_keys
shell> /opt/clustrix/bin/clx cmd 'chmod 644 /home/clxd/.ssh/authorized_keys; chown -R clxd.clxd /home/clxd/.ssh/'
shell> sudo -u clxd /opt/clustrix/bin/clx cmd "echo $'[client]\nuser=clxd' >> ~/.my.cnf"

Use the steps above to verify SSH connectivity.

Now that you have configured passwordless ssh authentication, proceed to Post-Installation Configuration.

  • No labels