You can set up passwordless SSH so that you only need issue configuration commands on one
node in the HA group. (Setting up passwordless SSH is optional, alternatively you can manually copy
commands to each node.)
About this task
To set up passwordless SSH you must configure the
mqm
id on each node, then
generate a key on each node for that user. You then distribute the keys to the other nodes, and test
the connection to add each node to the list of known hosts. Finally you lock down the
mqm
id.
Note: The instructions assume that you are defining an HA group with
separate primary, alternate, and replication interfaces, and you therefore define passwordless SSH
access over the primary and alternate interfaces. If you plan to configure a system with a single IP
address, then you define passwordless SSH access over that single interface.
RDQM requires the
ssh
command to work without interaction, that is, without prompting for a password
and so on.
Procedure
-
On each of the three nodes, complete the following steps to set up the
mqm
user and generate an SSH key:
-
Change the
mqm
home directory to /home/mqm:
-
Create the /home/mqm directory:
-
Add the
mqm
password:
-
Run the interactive shell as
mqm
:
-
Generate the
mqm
authentication key:
ssh-keygen -t rsa -f /home/mqm/.ssh/id_rsa -N ''
-
On each of the three nodes, complete the following steps to add that node's key to the other
two nodes and test the connections for each nodes primary and (if used) alternate addresses:
-
Add the key to the remote nodes
ssh-copy-id -i /home/mqm/.ssh/id_rsa.pub remote_node1_primary_address
ssh-copy-id -i /home/mqm/.ssh/id_rsa.pub remote_node1_alternate_address
ssh-copy-id -i /home/mqm/.ssh/id_rsa.pub remote_node2_primary_address
ssh-copy-id -i /home/mqm/.ssh/id_rsa.pub remote_node2_alternate_address
-
Check passwordless ssh and update known_hosts for remote nodes:
ssh remote_node1_primary_address uname -n
ssh remote_node1_alternate_address uname -n
ssh remote_node2_primary_address uname -n
ssh remote_node2_alternate_address uname -n
For
each connection, you are prompted to confirm that you want to proceed. Confirm for each one to
update the known_hosts. You must complete this before you attempt to configure the HA group using
passwordless SSH.
-
Exit the interactive shell as
mqm
:
-
On each node, as root, complete the following steps to remove the
mqm
password
and lock the id:
-
Remove the
mqm
password:
-
Lock
mqm
:
-
On each node, as root, complete the following steps to set up sudo access for the
mqm
user:
-
Edit the sudoers file by using the visudo
command:
-
Search for the line "
## Allows people in group wheel to run all commands
" and
add the following text below the line:
-
Search for the line "
## Same thing without a password
" and add the following
text below the line:
%mqm ALL=(ALL) NOPASSWD: ALL