Sunday, April 1, 2012

ssh User equivalence



[oracle@RACG1 grid]$ ./runcluvfy.sh stage -pre crsinst -n RACG1,RACG2 -r 11gR2 -fixup -verbose

Performing pre-checks for cluster services setup

Checking node reachability...


Check: Node reachability from node "RACG1"

  Destination Node                      Reachable?
  ------------------------------------  ------------------------
  RACG1                                 yes
  RACG2                                 yes
Result: Node reachability check passed from node "RACG1"

Checking user equivalence...


Check: User equivalence for user "oracle"

  Node Name                             Comment
  ------------------------------------  ------------------------
  RACG1                                 failed
  RACG2                                 failed
Result: PRVF-4007 : User equivalence check failed for user "oracle"

ERROR:

User equivalence unavailable on all the specified nodes
Verification cannot proceed

Pre-check for cluster services setup was unsuccessful on all the nodes.

-- TO AVOID 

PRVF-4007 : User equivalence check failed for user "oracle 



Setup ssh User equivalence in 11gR2





In new 11GR2 ssh User equivalence can be setup as below. 


[oracle@RACG1 grid]$ ll
total 40
drwxrwxrwx  9 oracle oinstall 4096 Apr  1 08:11 doc
drwxrwxrwx  4 oracle oinstall 4096 Apr  1 08:11 install
drwxrwxrwx  2 oracle oinstall 4096 Apr  1 08:11 response
drwxrwxrwx  2 oracle oinstall 4096 Apr  1 08:11 rpm
-rwxrwxrwx  1 oracle oinstall 3795 Apr  1 08:11 runcluvfy.sh
-rwxrwxrwx  1 oracle oinstall 3227 Apr  1 08:11 runInstaller
drwxrwxrwx  2 oracle oinstall 4096 Apr  1 09:05 sshsetup
drwxrwxrwx 14 oracle oinstall 4096 Apr  1 08:11 stage
-rwxrwxrwx  1 oracle oinstall 4228 Apr  1 08:11 welcome.html


cd sshsetup
./sshUserSetup.sh -user oracle -hosts NODE1,NODE2 -advanced -exverify -confirm

Below is method to setup ssh Manually step-by-step. 



ON NODE-1

TESTP1@:/home/oracle : $mkdir -p ~/.ssh
TESTP1@:/home/oracle : $chmod 700 ~/.ssh
TESTP1@:/home/oracle : $/usr/bin/ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
4a:3b:fe:ea:03:d3:cf:6f:d3:06:fb:1a:ed:1e:b0:6b oracle@TESTP1.localdomain.com
TESTP1@:/home/oracle : $/usr/bin/ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
5e:cb:46:cc:d8:f1:01:44:3e:7a:20:eb:ce:5d:d4:15 oracle@TESTP1.localdomain.com

ON NODE-2

TESTP2@:/home/oracle : $mkdir -p ~/.ssh
TESTP2@:/home/oracle : $chmod 700 ~/.ssh
TESTP2@:/home/oracle : $/usr/bin/ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
dc:4e:e7:c3:ee:71:84:e7:2e:72:99:3d:b0:0a:2b:f9 oracle@TESTP2.localdomain.com
TESTP2@:/home/oracle : $/usr/bin/ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
5a:49:d4:e2:b9:5d:e9:f8:f5:bb:ce:7c:4b:f4:dd:6c oracle@TESTP2.localdomain.com

ON NODE-1

TESTP1@:/home/oracle : $ssh TESTP1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
The authenticity of host 'testp1 (192.168.100.181)' can't be established.
RSA key fingerprint is 27:ac:4b:9a:e3:d2:ae:6d:2b:71:99:8d:b9:c0:b1:a7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'testp1,192.168.100.181' (RSA) to the list of known hosts.
oracle@testp1's password:
TESTP1@:/home/oracle : $ssh TESTP1 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
TESTP1@:/home/oracle : $scp /home/oracle/.ssh/authorized_keys oracle@TESTP2:~/.ssh/
oracle@testp2's password:
authorized_keys                                                                                                          100% 1030     1.0KB/s   00:00

ON NODE-2

TESTP2@:/home/oracle/.ssh : $ssh TESTP2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
The authenticity of host 'testp2 (192.168.100.182)' can't be established.
RSA key fingerprint is 27:ac:4b:9a:e3:d2:ae:6d:2b:71:99:8d:b9:c0:b1:a7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'testp2,192.168.100.182' (RSA) to the list of known hosts.
oracle@testp2's password:
TESTP2@:/home/oracle/.ssh : $ssh TESTP2 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
TESTP2@:/home/oracle/.ssh : $scp /home/oracle/.ssh/authorized_keys oracle@TESTP1:~/.ssh/
The authenticity of host 'testp1 (192.168.100.181)' can't be established.
RSA key fingerprint is 27:ac:4b:9a:e3:d2:ae:6d:2b:71:99:8d:b9:c0:b1:a7.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'testp1,192.168.100.181' (RSA) to the list of known hosts.
oracle@testp1's password:
authorized_keys                                                                                                          100% 2060     2.0KB/s   00:00

--Confirm ssh on both Nodes. 

TESTP1@:/home/oracle : $ssh TESTP2 date
Mon Aug  6 09:20:48 EDT 2012
TESTP1@:/home/oracle : $ssh TESTP1 date
Mon Aug  6 09:20:43 EDT 2012

TESTP2@:/home/oracle/.ssh : $ssh TESTP2 date
Mon Aug  6 09:20:37 EDT 2012
TESTP2@:/home/oracle/.ssh : $ssh TESTP1 date
Mon Aug  6 09:20:31 EDT 2012



It should Ask for password only first time.  if it ask ,,,Do as below temporary 

------perform below step on BOTH NODE. 

exec /usr/bin/ssh-agent $SHELL
/usr/bin/ssh-add
Identity added: /home/oracle/.ssh/id_rsa (/home/oracle/.ssh/id_rsa)

  • login as root
  • vi /etc/sshd_config 
  • mark no instead of yes at line 
passwordauthentication no 



No comments:

Post a Comment