2.6 配置ssh/rsh协议 (在所有节点上)
这里我们介绍了ssh/rsh协议的配置。实际安装中,用户只需要配置其中的一个协议(推荐使用SSH 协议)。
2.6.1 SSH 协议
在每个节点上创建.ssh目录并生成RSA Key
1) 以oracle用户登录
2) 检查在在/home/oracle/下是否已有.ssh目录
如果没有.ssh目录,请创建该目录
mkdir ~/.ssh
创建后修改目录权限
[oracle@rac1_13 ~]$ chmod 700 ~/.ssh
3) 生成rsa key
[oracle@rac1_13 ~]$ /usr/bin/ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_rsa.
Your public key has been saved in /home/oracle/.ssh/id_rsa.pub.
The key fingerprint is:
3f:d2:e4:a3:ee:a1:58:e5:73:92:39:0d:8e:3f:9b:11 oracle@rac1_13
4) 在每个节点上重复以上步骤
将所有的RSA Key添加到文authorized_keys
1) 在节点rac1_13上面,将RSA Key添加到文件authorized_keys
[oracle@rac1_13 ~]$ cd .ssh
[oracle@rac1_13 .ssh]$ cat id_rsa.pub >> authorized_keys
[oracle@rac1_13 .ssh]$ ls
authorized_keys id_rsa id_rsa.pub
2) 将节点rac1_13上的 authorized_keys 抄送到节点rac2_13
[oracle@rac1_13 .ssh]$ scp authorized_keys rac2_13:/home/oracle/.ssh/
The authenticity of host 'rac2_13 (10.182.108.88)' can't be established.
RSA key fingerprint is e6:dc:07:c3:d5:2a:45:43:66:72:d3:44:17:4d:54:42.
Are you sure you want to continue connecting (yes/no) yes
Warning: Permanently added 'rac2_13,10.182.108.88' (RSA) to the list of known hosts.
oracle@rac2_13's password:
authorized_keys 100% 224 0.2KB/s 00:00
3) 在节点rac2_13上,将该节点的RSA Key也添加到authorized_keys
[oracle@rac2_13 .ssh]$ cat id_rsa.pub >> authorized_keys
4) 当所有节点的RSA Key都添加到authorized_keys时,将authorized_keys文件抄送到每个节点
在节点上启用SSH协议
1) 在每个节点上执行 SSH hostname date
[oracle@rac1_13 .ssh]$ ssh rac1_13 date
The authenticity of host 'rac1_13 (10.182.108.86)' can't be established.
RSA key fingerprint is e6:dc:07:c3:d5:2a:45:43:66:72:d3:44:17:4d:54:42.
Are you sure you want to continue connecting (yes/no) yes
Warning: Permanently added 'rac1_13,10.182.108.86' (RSA) to the list of known hosts.
Enter passphrase for key '/home/oracle/.ssh/id_rsa':
Sun Apr 20 23:31:06 EDT 2008
[oracle@rac1_13 .ssh]$ ssh rac2_13 date
…
在节点rac2_13上重复以上步骤
2) 在每个节点上启动SSH Agent,并将SSH keys装载到内存
[oracle@rac1_13 .ssh]$ exec /usr/bin/ssh-agent $SHELL
[oracle@rac1_13 .ssh]$ /usr/bin/ssh-add
[oracle@rac2_13 ~]$ exec /usr/bin/ssh-agent $SHELL
[oracle@rac2_13 ~]$ /usr/bin/ssh-add
·验证SSH 协议
[oracle@rac1_13 .ssh]$ ssh rac1_13 date
Sun Apr 20 23:40:04 EDT 2008
[oracle@rac1_13 .ssh]$ ssh rac2_13 date
Sun Apr 20 23:40:09 EDT 2008
[oracle@rac1_13 .ssh]$ ssh rac2_13-priv date
Sun Apr 20 23:41:20 EDT 2008
…
到这里SSH信任访问协议配置完毕。
2.6.2 RSH 协议
·检查系统是否已经安装rsh协议所需的包
[root@rac1_13 rpm]# rpm -q rsh rsh-server
rsh-0.17-25.4
rsh-server-0.17-25.4
确认 Disable SELinux
执行 system-config-securitylevel
编辑/etc/xinetd.d/rsh文件,将 disable 属性设置为 no
运行以下命令重新装载xinetd
[root@rac1_13 rpm]# chkconfig rsh on
[root@rac1_13 rpm]# chkconfig rlogin on
[root@rac1_13 rpm]# service xinetd reload
Reloading configuration: [ OK ]
创建/etc/hosts.equiv文件,将可信节点信息加入到文件中
[root@rac1_13 rpm]# more /etc/hosts.equiv
+rac1_13 oracle
+rac1_13-priv oracle
+rac2_13 oracle
+rac2_13-priv oracle
修改/etc/hosts.equiv文件的属性
[root@rac1_13 rpm]# chown root:root /etc/hosts.equiv
[root@rac1_13 rpm]# chmod 775 /etc/hosts.equiv
修改rsh的路径
[root@rac1_13 rpm]# which rsh
/usr/kerberos/bin/rsh
[root@rac1_13 rpm]# cd /usr/kerberos/bin
[root@rac1_13 bin]# mv rsh rsh.original
[root@rac1_13 bin]# which rsh
/usr/bin/rsh
验证RSH协议,以oracle 用户
[oracle@rac1_13 ~]$ rsh rac1_13 date
Wed Apr 16 22:13:32 EDT 2008
[oracle@rac1_13 ~]$ rsh rac1_13-priv date
Wed Apr 16 22:13:40 EDT 2008
[oracle@rac1_13 ~]$ rsh rac2_13 date
Wed Apr 16 22:13:48 EDT 2008
[oracle@rac1_13 ~]$ rsh rac2_13-priv date
Wed Apr 16 22:13:56 EDT 2008
[oracle@rac2_13 ~]$ rsh rac1_13 date
Wed Apr 16 22:14:33 EDT 2008
[oracle@rac2_13 ~]$ rsh rac1_13-priv date
Wed Apr 16 22:14:41 EDT 2008
[oracle@rac2_13 ~]$ rsh rac2_13 date
Wed Apr 16 22:14:47 EDT 2008
[oracle@rac2_13 ~]$ rsh rac2_13-priv date
Wed Apr 16 22:14:54 EDT 2008
2.7 配置用户环境 (在所有节点上)
root 用户
编辑/etc/bashrc 文件,加入以下语句
if [ -t 0 ]; then
stty intr ^C
fi
oracle用户环境配置
编辑文件 /etc/security/limits.conf,加入以下内容
oracle soft nproc 2047
oracle hard nproc 16384
oracle soft nofile 1024
oracle hard nofile 65536
编辑文件/etc/pam.d/login 文件,加入以下内容
session required pam_limits.so
编辑/etc/profile,加入以下内容
if [ $USER = "oracle" ]; then
if [ $SHELL = "/bin/ksh" ]; then
ulimit -u 16384
ulimit -n 65536
else
ulimit -u 16384 -n 65536
fi
umask 022
fi
2.8 NFS 服务设置
我们计划将Clusterware和RAC DB的相关文件都放在NFS目录中。
NFS服务器端设置
1) 10.182.108.27 作为NFS服务器
2) 在NFS服务器的本地磁盘上创建共享目录
/crs_13
/racdb_13
3) 编辑/etc/exports文件
/crs_13 10.182.108.0/255.255.255.0(rw,sync,no_root_squash)
/racdb_13 10.182.108.0/255.255.255.0(rw,sync,no_root_squash)
在RAC节点上创建安装目录
[root@rac1_13 etc]# mkdir /crs_13
[root@rac1_13 etc]# chown -R root:oinstall /crs_13/
[root@rac1_13 etc]# chmod -R 775 /crs_13/
[root@rac1_13 etc]# mkdir /racdb_13
[root@rac1_13 etc]# chown -R oracle:dba /racdb_13/
[root@rac1_13 etc]# chmod -R 775 /racdb_13/
[root@rac2_13 ~]# mkdir /crs_13
[root@rac2_13 ~]# chown -R root:oinstall /crs_13/
[root@rac2_13 ~]# chmod -R 775 /crs_13/
[root@rac2_13 ~]# mkdir /racdb_13
[root@rac2_13 ~]# chown -R oracle:dba /racdb_13/
[root@rac2_13 ~]# chmod -R 775 /racdb_13/
在RAC节点上配置NFS服务
编辑/etc/fstab 文件,将NFS目录加入文件
10.182.108.27:/crs_13 /crs_13 nfs rw,bg,hard,nointr,rsize=32768,wsize=32768,tcp,actimeo=0,vers=3,timeo
=600
10.182.108.27:/racdb_13 /racdb_13 nfs rw,bg,hard,nointr,rsize=32768,wsize=32768,tcp,actimeo=0,vers=3,timeo
=600
在NFS服务器端和客户端重启NFS服务
service nfs restart
df –h检查NFS目录是否已经mount上
[root@rac1_13 etc]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
3.9G 1.6G 2.1G 43% /
/dev/hda1 99M 8.3M 86M 9% /boot
none 513M 0 513M 0% /dev/shm
10.182.108.27:/crs_13
127G 7.8G 113G 7% /crs_13
10.182.108.27:/racdb_13
127G 7.8G 113G 7% /racdb_13
[root@rac2_13 ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
3.9G 1.6G 2.1G 43% /
/dev/hda1 99M 8.3M 86M 9% /boot
none 513M 0 513M 0% /dev/shm
10.182.108.27:/crs_13
127G 7.8G 113G 7% /crs_13
10.182.108.27:/racdb_13
127G 7.8G 113G 7% /racdb_13
