gs_sshexkey
集群在安装过程中,需要在集群中的节点间执行命令,传送文件。因此,安装前需要确保互信是连通的。GaussDB 100提供了gs_sshexkey工具来帮助用户建立互信。
前提条件
- SSH服务已打开。
- SSH端口不会被防火墙关闭。
- 配置文件中各主机名称和IP配置正确。
- 所有机器节点间网络畅通。
- 如果为普通用户建立互信,需要提前在各主机创建相同用户并设置相同密码。
- 如果各主机安装并启动了SELinux服务,需要确保/root和/home目录安全上下文为默认值(root目录:system_u:object_r:home_root_t:s0,home目录:system_u:object_r:admin_home_t:s0)或者关闭掉SELinux服务。
检查系统SELinux状态的方法:执行命令getenforce,如果返回结果是Enforcing ,说明SELinux安装并启用。
检查目录安全上下文的命令:
ls -ldZ /root | awk '{print $4}'ls -ldZ /home | awk '{print $4}'恢复目录安全上下文命令:
restorecon -r -vv /home/restorecon -r -vv /root/语法
- 建立互信
gs_sshexkey -f HOSTFILE [-W PASSWORD] [...] [--skip-hostname-set] [-l LOGFILE]- 显示帮助信息
gs_sshexkey -? | --help- 显示版本号信息
gs_sshexkey -V | --version参数说明
- -f
主机列表,列出所有需要建立互信主机的IP。
说明:
确保hostfile文件中只配置正确的主机IP,不包含其它信息。
- -W
待建互信用户的密码。如果不指定该参数则在建立互信过程中需要交互式输入用户密码。如果各个主机的用户密码不一样时则使用多个-W参数,密码顺序和IP地址需要一一对应,交互式情况下则依次输入对应主机的密码。
- --skip-hostname-set
是否将xml配置文件中主机名与IP的映射关系写入“/etc/hosts”文件中。默认写入,如果指定该参数则不写入。
- -l
指定日志文件的保存路径。
取值范围:任意存在的可访问的绝对路径。
- -?,--help
显示帮助信息。
- -V,--version
显示版本号信息。
示例
- 普通用户建立互信。各主机用户密码相同情况下建立互信。Gauss@234为用户密码。
[omm@plat1 script]#gs_sshexkey -f hostfile -W Gauss@234 Checking network information. All nodes in the network are Normal. Successfully checked network information. Creating SSH trust. Creating the local key file. Successfully created the local key files. Appending local ID to authorized_keys. Successfully appended local ID to authorized_keys. Updating the known_hosts file. Successfully updated the known_hosts file. Appending authorized_key on the remote node. Successfully appended authorized_key on all remote node. Checking common authentication file content. Successfully checked common authentication content. Distributing SSH trust file to all node. Successfully distributed SSH trust file to all node. Verifying SSH trust on all hosts. Successfully verified SSH trust on all hosts. Successfully created SSH trust.- root用户建立互信。
各主机用户密码相同情况下建立互信。Gauss@234为用户密码。
[root@plat1 script]#./gs_sshexkey -f hostfile -W Gauss@234 Checking network information. All nodes in the network are Normal. Successfully checked network information. Creating SSH trust. Creating the local key file. Successfully created the local key files. Appending local ID to authorized_keys. Successfully appended local ID to authorized_keys. Updating the known_hosts file. Successfully updated the known_hosts file. Appending authorized_key on the remote node. Successfully appended authorized_key on all remote node. Checking common authentication file content. Successfully checked common authentication content. Distributing SSH trust file to all node. Successfully distributed SSH trust file to all node. Verifying SSH trust on all hosts. Successfully verified SSH trust on all hosts. Successfully created SSH trust.各主机用户密码相同情况下,在交互式模式下建立互信。[root@plat1 script]#./gs_sshexkey -f hostfile Please enter password for current user[root]. Password: Checking network information. All nodes in the network are Normal. Successfully checked network information. Creating SSH trust. Creating the local key file. Successfully created the local key files. Appending local ID to authorized_keys. Successfully appended local ID to authorized_keys. Updating the known_hosts file. Successfully updated the known_hosts file. Appending authorized_key on the remote node. Successfully appended authorized_key on all remote node. Checking common authentication file content. Successfully checked common authentication content. Distributing SSH trust file to all node. Successfully distributed SSH trust file to all node. Verifying SSH trust on all hosts. Successfully verified SSH trust on all hosts. Successfully created SSH trust.「喜欢这篇文章,您的关注和赞赏是给作者最好的鼓励」关注作者【版权声明】本文为墨天轮用户原创内容,转载时必须标注文章的来源(墨天轮),文章链接,文章作者等基本信息,否则作者和墨天轮有权追究责任。如果您发现墨天轮中有涉嫌抄袭或者侵权的内容,欢迎发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。评论
- root用户建立互信。
- 显示帮助信息
- 建立互信
