Tuesday, February 20, 2007

Oracle 10g RAC installation: 08 Establishing Oracle user equivalence

To estabilish Oracle user equivalence we have to use ssh-keygen to generate for each node a public and a private key for the Oracle user.
Before you begin this step, be sure you have in your /etc/hosts file the right configuration of your network. My network configuration currently is like in the picture.


Start one of your node. I have started first rac2, login as root user, open a terminal and login as oracle user (su - oracle). As you can see your home directory should be like in the following picture.


Then type
ssh-keygen -t rsa -b 1024
When asked "Enter file in which to save the key" type enter (you will choose the default option, /home/oracle/.ssh/id_rsa)
Then you will be asked for a passphrase and to type again the same (give an empty passphrase). At this point we have created our public key.

Now start your first node and execute the same steps:
STEP 1 - Login as root user, open a terminal and login as oracle user (su - oracle).
STEP 2 - Type ssh-keygen -t rsa -b 1024
STEP 3 - Type enter when asked "Enter file in which to save the key"
STEP 4 - Type your passphrase (leave it empty) when asked and re-type it again (leave it empty again)

Now if you go into the directory .ssh from the oracle home user and type ls you will see only two files like in the picture.


Type cd .. and from oracle home directory from rac1 type
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys


Then type
ssh rac2 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
When asked for the authenticity type yes and then type the oracle user's password for rac2.


Now you can from the first node type:
scp ~/.ssh/authorized_keys rac2:~/.ssh/authorized_keys
or you can execute as oracle user from rac2 the same previous commands:
cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
ssh rac1 cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
At this point we can execute every command from one node to the other using ssh without being prompted for a password just as the following pictures where I typed ssh rac1 hostname from rac2 and ssh rac2 hostname from rac1: the output will be the hostname of the remote machine.

Now test every entries (except the VIP addresses) in the /etc/hosts file from both nodes and verify that no password is asked.

From rac2:
ssh rac1 hostname
ssh rac1-priv hostname


From rac1:
ssh rac2 hostname
ssh rac2-priv hostname