Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space ML1 and version 5.3

ClustrixDB Xpand recommends connectivity between each node via password-less ssh for clxd xpand (the database daemon user) for use with upgrades. Password-less ssh is also recommended for users that will perform management and monitoring functions (e.g. clxm xpandm user).

By default, a new ClustrixDB Xpand installation will create these two non-root OS accounts (clxd xpand and clxm xpandm).  You will need to set the passwords for those accounts on all of the ClustrixDB Xpand nodes if you haven't already done so before setting up SSH trust:

...

shell> passwd 

...

xpand
Changing password for user

...

xpand.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
# passwd

...

xpandm
Changing password for user

...

xpandm.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

You'll need the passwords to complete the pubkeyinstall in the next section.

clx pubkeyinstall

Log into the Linux server using the user for whom you will configure for password-less SSH authentication. 

The publickeyinstall command for clx will generate key pairs for each node, then copy the public key to all the nodes. The ssh key file will have no password and use the default filename (id_rsa.pub). 

shell> ssh [email protected]          
shell> /opt/clustrix/bin/clx pubkeyinstall      
Enter SSH password for [email protected]:

The output will look like:

server1: Generated key pair in /home/username/.ssh/
server2: Generated key pair in /home/username/.ssh/
server3: Generated key pair in /home/username/.ssh/
server4: Generated key pair in /home/username/.ssh/
server5: Generated key pair in /home/username/.ssh/
server1: Added public keys for nodes: server5, server1, server4, server3, server2
server2: Added public keys for nodes: server5, server1, server4, server3, server2
server3: Added public keys for nodes: server5, server1, server4, server3, server2
server4: Added public keys for nodes: server5, server1, server4, server3, server2
server5: Added public keys for nodes: server5, server1, server4, server3, server2

Repeat these steps for each user.

...

To verify that SSH authentication is configured correctly, run this command:

shell> /opt/clustrix/bin/clx cmd 'date'

If dates are correctly returned from each node and no passwords are requested, setup is successful. 

Now that you have configured passwordlpassword-ess less ssh authentication, proceed to Post-Installation Configuration.

...

When new nodes are added to the cluster, the passwords for the non-root accounts (clxd xpand and clxm xpandm) will need to be manually set on the new nodes.  Then run the clx pubkeyinstall from one of the existing nodes.  It will generate ssh keys on the new nodes and push out the amended authorized_keys file.