Two types of ssh authentication need to be configured: communication between nodes and access to nodes from outside the cluster.
Communication Between Nodes
ssh authentication between nodes is required for:
- Connecting via ssh between nodes
- Using the clx tool to collect logs, run diagnostics and perform cluster-wide actions.
- ClustrixDB Upgrades
Key Pair Authentication
Generate the key pair as the database user (clxd) using default filenames.
|shell> ssh username@hostname |
The output will look like:
Generating public/private rsa key pair.
Add this to the list of authorized keys:
| shell> mkdir -p ~/.ssh |
shell> cat id_rsa.pub >> ~/.ssh/authorized_keys
shell> chmod 600 ~/.ssh/authorized_keys
shell> chmod 700 ~/.ssh
Now copy the ~/.ssh/id_rsa.pub, ~/.ssh/id_rsa and ~/.ssh/authorized_keys files to every node in the cluster as the clxd user and verify that they have the same permissions.
To verify that ssh authentication is configured correctly, run this command as the clxd user
shell> /opt/clustrix/bin/clx cmd 'date'
If dates are correctly returned from each node and no passwords are requested, setup is successful.
Repeat these steps for the clxm user.
Remote access to the cluster
Clustrix recommends configuring ssh keys for the clxd user to access the cluster remotely, though you may use an alternate configuration if desired.
If you do not already have one, generate a public key pair and copy it to every node:
|shell> mkdir -p ~clxd/.ssh|
Append the public key to ~clxm/.ssh/authorized_keys
shell> chown -R clxd ~clxd/.ssh