Skip to end of metadata
Go to start of metadata

ClustrixDB recommends connectivity between each node via password-less ssh for clxd (the database daemon user) for use with upgrades. Password-less ssh is also recommended for users that will perform management and monitoring functions (e.g. clxm user).

By default, a new ClustrixDB installation will create these two non-root OS accounts (clxd and clxm).  You will need to set the passwords for those accounts on all of the ClustrixDB nodes if you haven't already done so before setting up SSH trust:

# passwd clxd
Changing password for user clxd.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
# passwd clxm
Changing password for user clxm.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

You'll need the passwords to complete the pubkeyinstall in the next section.

clx pubkeyinstall

Log into the Linux server using the user for whom you will configure for password-less SSH authentication. 

The publickeyinstall command for clx will generate key pairs for each node, then copy the public key to all the nodes. The ssh key file will have no password and use the default filename (id_rsa.pub). 

shell> ssh [email protected]          
shell> /opt/clustrix/bin/clx pubkeyinstall      
Enter SSH password for [email protected]:

The output will look like:

server1: Generated key pair in /home/username/.ssh/
server2: Generated key pair in /home/username/.ssh/
server3: Generated key pair in /home/username/.ssh/
server4: Generated key pair in /home/username/.ssh/
server5: Generated key pair in /home/username/.ssh/
server1: Added public keys for nodes: server5, server1, server4, server3, server2
server2: Added public keys for nodes: server5, server1, server4, server3, server2
server3: Added public keys for nodes: server5, server1, server4, server3, server2
server4: Added public keys for nodes: server5, server1, server4, server3, server2
server5: Added public keys for nodes: server5, server1, server4, server3, server2

Repeat these steps for each user.

Verify SSH Connectivity

To verify that SSH authentication is configured correctly, run this command:

shell> /opt/clustrix/bin/clx cmd 'date'

If dates are correctly returned from each node and no passwords are requested, setup is successful. 

Now that you have configured passwordl-ess ssh authentication, proceed to Post-Installation Configuration.

Adding New Nodes

When new nodes are added to the cluster, the passwords for the non-root accounts (clxd and clxm) will need to be manually set on the new nodes.  Then run the clx pubkeyinstall from one of the existing nodes.  It will generate ssh keys on the new nodes and push out the amended authorized_keys file.

  • No labels