| Configure RAC Nodes for Remote Access
Perform the following configuration procedures on all nodes in the cluster!
When running the Oracle Universal Installer on a RAC node, it will use the rsh (or ssh) command to copy the Oracle software to all other nodes within the RAC cluster. The oracle UNIX account on the node running the Oracle Installer (runInstaller) must be trusted by all other nodes in your RAC cluster. Therefore you should be able to run r* commands like rsh, rcp, and rlogin on the Linux server you will be running the Oracle installer from, against all other Linux servers in the cluster without a password. The rsh daemon validates users using the /etc/hosts.equiv file or the .rhosts file found in the user's (oracle's) home directory. (The use of rcp and rsh are not required for normal RAC operation. However rcp and rsh should be enabled for RAC and patchset installation.)
Oracle added support in Oracle RAC 10g Release 1 for using the Secure Shell (SSH) tool suite for setting up user equivalence. This article, however, uses the older method of rcp for copying the Oracle software to the other nodes in the cluster. When using the SSH tool suite, the scp (as opposed to the rcp) command would be used to copy the software in a very secure manner.
First, let's make sure that we have the rsh RPMs installed on each node in the RAC cluster:
# rpm -q rsh rsh-server
rsh-0.17-25.3
rsh-server-0.17-25.3
From the above, we can see that we have the rsh and rsh-server installed. Were rsh not installed, we would run the following command from the CD where the RPM is located:
# su -
# rpm -ivh rsh-0.17-25.3.i386.rpm rsh-server-0.17-25.3.i386.rpm
To enable the "rsh" and "rlogin" services, the "disable" attribute in the /etc/xinetd.d/rsh file must be set to "no" and xinetd must be reloaded. Do that by running the following commands on all nodes in the cluster:
# su -
# chkconfig rsh on
# chkconfig rlogin on
# service xinetd reload
Reloading configuration: [ OK ]
To allow the "oracle" UNIX user account to be trusted among the RAC nodes, create the /etc/hosts.equiv file on all nodes in the cluster:
# su -
# touch /etc/hosts.equiv
# chmod 600 /etc/hosts.equiv
# chown root.root /etc/hosts.equiv
Now add all RAC nodes to the /etc/hosts.equiv file similar to the following example for all nodes in the cluster:
# cat /etc/hosts.equiv
+linux1 oracle
+linux2 oracle
+int-linux1 oracle
+int-linux2 oracle
Note: In the above example, the second field permits only the oracle user account to run rsh commands on the specified nodes. For security reasons, the /etc/hosts.equiv file should be owned by root and the permissions should be set to 600. In fact, some systems will only honor the content of this file if the owner is root and the permissions are set to 600.
Before attempting to test your rsh command, ensure that you are using the correct version of rsh. By default, Red Hat Linux puts /usr/kerberos/sbin at the head of the $PATH variable. This will cause the Kerberos version of rsh to be executed.
I will typically rename the Kerberos version of rsh so that the normal rsh command is being used. Use the following:
# su -
# which rsh
/usr/kerberos/bin/rsh
# mv /usr/kerberos/bin/rsh /usr/kerberos/bin/rsh.original
# mv /usr/kerberos/bin/rcp /usr/kerberos/bin/rcp.original
# mv /usr/kerberos/bin/rlogin /usr/kerberos/bin/rlogin.original
# which rsh
/usr/bin/rsh
You should now test your connections and run the rsh command from the node that will be performing the Oracle Clusterware and 10g RAC installation. I will be using the node linux1 to perform all installs so this is where I will run the following commands from:
# su - oracle
$ rsh linux1 ls -l /etc/hosts.equiv
-rw------- 1 root root 68 Sep 27 23:37 /etc/hosts.equiv
$ rsh int-linux1 ls -l /etc/hosts.equiv
-rw------- 1 root root 68 Sep 27 23:37 /etc/hosts.equiv
$ rsh linux2 ls -l /etc/hosts.equiv
-rw------- 1 root root 68 Sep 27 23:37 /etc/hosts.equiv
$ rsh int-linux2 ls -l /etc/hosts.equiv
-rw------- 1 root root 68 Sep 27 23:37 /etc/hosts.equiv
|
