Xpand recommends connectivity between each node via password-less ssh for xpand (the database daemon user) for use with upgrades. Password-less ssh is also recommended for users that will perform management and monitoring functions (e.g. xpandm user).
By default, a new Xpand installation will create these two non-root OS accounts (xpand and xpandm). You will need to set the passwords for those accounts on all of the Xpand nodes if you haven't already done so before setting up SSH trust:
shell> passwd xpand
You'll need the passwords to complete the pubkeyinstall in the next section.
Log into the Linux server using the user for whom you will configure for password-less SSH authentication.
The publickeyinstall command for clx will generate key pairs for each node, then copy the public key to all the nodes. The ssh key file will have no password and use the default filename (id_rsa.pub).
shell> ssh [email protected]
shell> /opt/clustrix/bin/clx pubkeyinstall
Enter SSH password for [email protected]:
The output will look like:
server1: Generated key pair in /home/username/.ssh/
Repeat these steps for each user.
To verify that SSH authentication is configured correctly, run this command:
shell> /opt/clustrix/bin/clx cmd 'date'
If dates are correctly returned from each node and no passwords are requested, setup is successful.
Now that you have configured password-less ssh authentication, proceed to Post-Installation Configuration.
When new nodes are added to the cluster, the passwords for the non-root accounts (xpand and xpandm) will need to be manually set on the new nodes. Then run the clx pubkeyinstall from one of the existing nodes. It will generate ssh keys on the new nodes and push out the amended authorized_keys file.