If you build and manage Linux clusters, you need to easily SSH and SCP among all the nodes without entering a password each time. Some cluster software requires that ability, so it can move files and software and run commands among all the members. Oracle RAC is an example. The Clusterware Verification Utility will fail the user equivalence test without a proper SSH setup.
The usual method for accomplishing this SSH setup is to (simplified for illustration):
On node 1
On node 2
On node n
.
.
.
This is silly. Since I try to eliminate as much repetition as possible in order to decrease build time, I scripted something up that you still run on each node, but it automates the rest.
To save myself from having to manually copy the scripts over, I have a package dropped into a user’s home directory as part of a kickstart build. So it’s just a matter of untarring the file, building the node list and launching the script.
Be aware of the security risks of using ssh keys without passwords. The way around that is to create them with a password and use ssh-agent. If you’re Ok with no password, by all means – but protect the private keys.
This utility, called dist_ssh_keys, uses a shell script and an expect script that will:
Here it is in action
[oracle@F10 dist_ssh_keys-0.4]$ ./dist_keys.sh oracle
Generating SSH keysChecking node network connectivity…
Propagating public key to nodes…
Finished – a log is available in propagate-keys.log
[oracle@F10 dist_ssh_keys-0.4]$
Make sure expect is installed on all the cluster nodes.
The dist_ssh_keys package is available here dist_ssh_keys-0.4.tgz
It contains:
dist_keys.sh
copy-keys-v.4.exp
README
Try it out. Let me know what you think, if it can be improved. Right now a password is supplied as an argument to the script, so I need to find a way to supply that without a shoulder surfer seeing it, or the password showing up in the process list.
[...] the rest here: Propagate SSH keys across a Linux Cluster Posted in: Software, Super [...]