ClustrixDB requires connectivity between each node via passwordless ssh for clxd (the database daemon user) for use with upgrades. Passwordless ssh is also recommended for users that will perform management and monitoring functions (e.g. clxm user). The following sections provide a few methods for configuring passwordless ssh. These steps should be repeated for each user (e.g. clxd, clxm) and configuration is performed on all nodes.
Method 1: Configure key pairs via user login
This method requires that you can log in as the user for which you are configuring keys, which requires that a password be set.
Log into the Linux server using the user for whom you will configure for passwordless SSH authentication.
Generate the key pair using default filenames. Simply press ENTER when prompted for any input by the ssh-keygen utility. To be passwordless, this SSH key should have no password.
shell> ssh username@hostname
The output will look like:
Generating public/private rsa key pair. Enter file in which to save the key (/home/clxd/.ssh/id_rsa): Created directory '/home/clxd/.ssh'.
Cat the contents of the id_rsa.pub file into a new file named authorized_keys:
shell> cd ~/.ssh
Copy the contents of the ~/.ssh directory to every node in the cluster as the same Linux user and verify the directory on each server has the same permissions.
shell> scp -r -p ~/.ssh username@ip_of_next_server
For the configured Linux user, you can now SSH between any of the nodes without being prompted for a password.
Note: Private keys must be stored using the default name, id_rsa. Non-default private key names are not supported.
Verify SSH Connectivity
To verify that SSH authentication is configured correctly, run this command:
shell> /opt/clustrix/bin/clx cmd 'date'
If dates are correctly returned from each node and no passwords are requested, setup is successful. You can also run clx stat to view the cluster’s status. See The CLX Command-Line Administration Tool for more information.
Repeat these steps for any Linux user that requires passwordless SSH authentication (e.g. clxd, and the clxm users).
Method 2: Configure key pairs for a user with no password
These steps assume sudo access as root for the ClustrixDB daemon user, clxd.
For daemon users or other users that are only accessed via sudo or su, use the following steps to set up SSH authentication.
These steps will overwrite any existing ~/.ssh/authorized_keys and ~/.my.cnf files on the nodes for the user being configured.
shell> /opt/clustrix/bin/clx cmd "sudo -u clxd mkdir -p -m700 /home/clxd/.ssh; sudo -u clxd ssh-keygen -f /home/clxd/.ssh/id_rsa -t rsa -N ''" shell> /opt/clustrix/bin/clx cmd 'cat /home/clxd/.ssh/id_rsa.pub' | grep ssh-rsa >> /home/clxd/.ssh/authorized_keys shell> /opt/clustrix/bin/clx push /home/clxd/.ssh/authorized_keys shell> /opt/clustrix/bin/clx cmd 'chmod 644 /home/clxd/.ssh/authorized_keys; chown -R clxd.clxd /home/clxd/.ssh/' shell> sudo -u clxd /opt/clustrix/bin/clx cmd "echo $'[client]\nuser=clxd' >> ~/.my.cnf"
Use the steps above to verify SSH connectivity.
Now that you have configured passwordless ssh authentication, proceed to Post-Installation Configuration.