rac01:
192.168.1.131/24
10.10.10.31/24
rac02:
192.168.1.132/24
10.10.10.32/24
vip:
192.168.1.133
192.168.1.134
127.0.0.1 localhost
192.168.1.131 rac01 rac01
192.168.1.133 rac01-vip rac01-vip
10.10.10.31 rac01-priv rac01-priv
192.168.1.132 rac02 rac02
192.168.1.134 rac02-vip rac02-vip
10.10.10.32 rac02-priv rac02-priv
每次引导集群节点时,原始设备都必须与块设备绑定。
/dev/raw/raw1 /dev/sdc1
/dev/raw/raw2 /dev/sdd1
/dev/raw/raw3 /dev/sde1
/sbin/service rawdevices restart
chown oracle:dba /dev/raw/raw[1-3]
chmod 660 /dev/raw/raw[1-3]
ls -lat /dev/raw/raw*
su - oracle
ln -sf /dev/raw/raw1 /u01/oradata/devdb/asmdisk1
ln -sf /dev/raw/raw2 /u01/oradata/devdb/asmdisk2
ln -sf /dev/raw/raw3 /u01/oradata/devdb/asmdisk3
启动加载引导:
/etc/udev/permissions.d/50-udev.permissions
# raw devices
ram*:root:disk:0660
#raw/*:root:disk:0660
raw/*:oracle:dba:0660
ssh oracle@rac02 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh oracle@rac02 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
在每个主机上,以 oracle 用户身份登录:
mkdir ~/.ssh
chmod 755 ~/.ssh
/usr/bin/ssh-keygen -t rsa
-----------------------------------
/usr/bin/ssh-keygen -t dsa
例如:
$ mkdir ~/.ssh
$ chmod 755 ~/.ssh
$ /usr/bin/ssh-keygen -t rsa
只需在第一个主机上,以 oracle 用户身份登录(复制本地帐户的密钥,以便连接本地主机的 ssh 能够起作用):
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
ssh oracle@ds2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
(如果您要剪切和粘贴这些命令,则分别运行它们。 SSH 每次会提示输入 oracle 的口令,如果同时粘贴这些命令,则第一个命令在提示输入口令之前刷新输入缓冲区,从而导致其他命令将会丢失。)
ssh oracle@ds2 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
chmod 644 ~/.ssh/authorized_keys
例如:
$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
$ ssh oracle@ds2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
The authenticity of host 'ds2 (192.168.200.52)' can't be established.
RSA key fingerprint is d1:23:a7:df:c5:fc:4e:10:d2:83:60:49:25:e8:eb:11.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ds2,192.168.200.52' (RSA) to the list of known hosts.
oracle@ds2's password:
$ ssh oracle@ds2 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
oracle@ds2's password:
$ chmod 644 ~/.ssh/authorized_keys
现在对第二个主机做同样的处理。 请注意,这次 SSH 会提示您输入在创建密钥时所使用的口令短语而非 oracle 的口令。 这是因为第一个主机 (ds1) 现在知道了第二个主机的公共密钥,而 SSH 现在使用的是一种不同的认证协议。
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
ssh oracle@ds1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh oracle@ds1 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
chmod 644 ~/.ssh/authorized_keys
例如:
$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
$ cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
$ ssh oracle@ds1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
The authenticity of host 'ds1 (192.168.200.51)' can't be established.
RSA key fingerprint is bd:0e:39:2a:23:2d:ca:f9:ea:71:f5:3d:d3:dd:3b:65.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'ds1,192.168.200.51' (RSA) to the list of known hosts.
Enter passphrase for key '/home/oracle/.ssh/id_rsa':
$ ssh oracle@ds1 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
Enter passphrase for key '/home/oracle/.ssh/id_rsa':
$ chmod 644 ~/.ssh/authorized_keys
建立用户等效性
最后,在生成密钥、复制文件并重复地输入口令和口令短语(安全性有意思吧?)所有这些工作完成之后,您就可以建立用户等效性了。 在建立用户等效性时,不会再提示您输入口令。
以 oracle 用户身份在将要安装 Oracle 10g 软件的节点 (ds1) 上:
exec /usr/bin/ssh-agent $SHELL
/usr/bin/ssh-add
例如:
$ exec /usr/bin/ssh-agent $SHELL
$ /usr/bin/ssh-add
Enter passphrase for /home/oracle/.ssh/id_rsa:
Identity added: /home/oracle/.ssh/id_rsa (/home/oracle/.ssh/id_rsa)
Identity added: /home/oracle/.ssh/id_dsa (/home/oracle/.ssh/id_dsa)
$ ssh ds2 date
Sun Jun 27 19:07:19 CDT 2004
测试每个方向上所有服务器的连通性是非常重要的。 这样会确保当 OUI 在 CRS 和数据库软件安装期间试图复制文件时不会出现类似以下的消息。 该消息只有在远程节点上第一次执行操作时才会出现,因此通过测试连通性,您不仅确保了远程操作的正常运行,还完成了初始的安全密钥交换。
The authenticity of host 'ds2 (192.168.200.52)' can't be established.
RSA key fingerprint is 8f:a3:19:76:ca:4f:71:85:42:c2:7a:da:eb:53:76:85.
Are you sure you want to continue connecting (yes/no)? yes
ssh rac02 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh rac02 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
scp ~/.ssh/authorized_keys rac02:~/.ssh/authorized_keys
clock=pit nosmp noapic nolapic
ssh rac02 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh rac02 cat ~/.ssh/id_dsa.pub >> ~/.ssh/authorized_keys
scp ~/.ssh/authorized_keys rac02:~/.ssh/authorized_keys
Checking O2CB heartbeat: Not active
[root@rac01 ~]# mount -t ocfs2 -o datavolume,nointr /dev/sdb1 /ocfs
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/7755871/viewspace-735116/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/7755871/viewspace-735116/