Skip to end of metadata
Go to start of metadata

Two types of ssh authentication need to be configured: communication between nodes and access to nodes from outside the cluster. 

Communication Between Nodes

ssh authentication between nodes is required for:

  • Connecting via ssh between nodes
  • Using the clx tool to collect logs, run diagnostics and perform cluster-wide actions.
  • ClustrixDB Upgrades

Key Pair Authentication

Generate the key pair as the database user (clxd) using default filenames. 

shell> ssh username@hostname
shell> ssh-keygen

The output will look like:

Generating public/private rsa key pair.
Enter file in which to save the key (/home/clxd/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/clxd/.ssh/id_rsa.
Your public key has been saved in /home/clxd/.ssh/
The key fingerprint is:
96:f6:07:ef:a7:cc:e3:0c:9a:44:c7:ed:33:fa:cf:62 clxd@node1

Add this to the list of authorized keys:

shell> mkdir -p ~/.ssh
shell> cat >> ~/.ssh/authorized_keys
shell> chmod 600 ~/.ssh/authorized_keys

shell> chmod 700 ~/.ssh

Now copy the  ~/.ssh/,  ~/.ssh/id_rsa and  ~/.ssh/authorized_keys files to every node in the  cluster as the clxd user and verify that they have the same permissions. 

To verify that ssh authentication is configured correctly, run this command as the clxd user

shell> /opt/clustrix/bin/clx cmd 'date'

If dates are correctly returned from each node and no passwords are requested, setup is successful.

Repeat these steps for the clxm user. 

Remote access to the cluster

Clustrix recommends configuring ssh keys for the clxd user to access the cluster remotely, though you may use an alternate configuration if desired. 

If you do not already have one, generate a public key pair and copy it to every node:

shell> mkdir -p ~clxd/.ssh

Append the public key to ~clxm/.ssh/authorized_keys

shell> chown -R clxd ~clxd/.ssh
shell> chmod 700 ~clxd/.ssh
shell> chmod 600 ~clxd/.ssh/authorized_keys
shell> cat >> ~ /.ssh/ authorized_keys

  • No labels