Posts Tagged ‘RSA’

Configuring Operating System Users and Groups in All Nodes
On windows you don’t need to create separate user to install oracle or don’t need to create groups. OUI automatically do it. However on unix you must create the following operating system groups are required if you are installing Oracle RAC for the first time.

•The OSDBA group (typically, dba) -This is the OS user who has SYSDBA privilege.

•The Oracle Inventory group (typically, oinstall) -This group owns all Oracle software installed on the system.

The following operating system users are required

•A user that owns the Oracle software (typically, oracle).

•An unprivileged user (for example, the nobody user on Linux systems).

Create the required groups and users
Do this steps on all nodes of your cluster.
As a root user,

/usr/sbin/groupadd oinstall
/usr/sbin/groupadd dba
useradd -u 200 -g oinstall -G dba -d /home/oracle -r oracle
Change the password by,
passwd oracle

Verify the user by,
id oracle

Note that in this example in stead of using node1 use your original node name and instead of using node2 use your original node name.

Configuring SSH on All Cluster Nodes
When installing Oracle RAC on UNIX and Linux platforms, the software is installed on one node, and OUI uses secure communication to copy the software binary files to the other cluster nodes. OUI uses the Secure Shell (SSH) for the communication.

So you must have configured SSH on all nodes.

•To configure SSH, you must first create Rivest-Shamir-Adleman (RSA) keys and Digital Signature Algorithm (DSA) keys on each cluster node. After you have created the private and public keys, you copy the keys from all cluster node members into an authorized keys file that is identical on each node.

Generating RSA and DSA Keys
1)Log on as oracle user.

2)See whether .ssh directory exist or not. If does not exist then create one.
$ mkdir ~/.ssh
$ chmod 700 ~/.ssh

3)Create the RSA-type public and private encryption keys by,
/usr/bin/ssh-keygen -t rsa
This command creates the public key in the /home/oracle/.ssh/id_rsa.pub file and the private key in the /home/oracle/.ssh/id_rsa file.

4)Create the DSA type public and private keys.
/usr/bin/ssh-keygen -t dsa
This command creates the public key in the /home/oracle/.ssh/id_dsa.pub file and the private key in the /home/oracle/.ssh/id_dsa file.

5)Repeat step 1 through 4 in all the nodes.

Adding the Keys to an Authorized Key File
1)Go to .ssh directory
$ cd ~/.ssh

2)Add the RSA and DSA keys to the authorized_keys files.
$ cat id_rsa.pub >>authorized_keys
$ cat id_dsa.pub >>authorized_keys

3)Using SCP copy the authorized_keys file to the oracle user .ssh directory on a remote node.
scp authorized_keys node2:/home/oracle/.ssh/

4)Using SSH, log in to the node where you copied the authorized_keys file, using the passphrase you created. Then change to the .ssh directory, and using the cat command, add the RSA and DSA keys for the second node to authorized_keys file.
ssh node2
Enter passphrase for key ‘/home/oracle/.ssh/id_rsa’:
cd ~/.ssh
cat id_rsa.pub >> authorized_keys
cat id_dsa.pub >> authorized_keys

5)If you have more than 2 nodes in your cluster, repeat step 3 and step 4 for each node you intend to add to your cluster. Copy the most recently updated authorized_keys file to the next node, then add the public keys for that node to the authorized_keys file.

6)After updating the authorized_keys file on all nodes, use SCP to copy the complete authorized_keys file from the last node to be updated to all the other cluster nodes, overwriting the existing version on the other nodes. For example,
scp authorized_keys node1:/home/oracle/.ssh/

Configure SSH User Equivalency on Cluster Member Nodes
1)Log on as a oracle user.

2)Start the SSH agent and load the SSH keys into memory.
$ exec /usr/bin/ssh-agent $SHELL
$ /usr/bin/ssh-add

3)Complete the SSH configuration by using the ssh command to retrieve the date on each node in the cluster.
$ ssh node1 date
$ ssh node2 date

Read Full Post »