VirtualBox de Oracle11g R2 RAC #11 Tweet
VirtualBox de Oracle11g R2 RACのつづきです。
今回は、RACノード間リモートアクセスの構成です。
Oracle11g R2 11.2.0.2.0ではパスフレーズなしでSSHを構成する必要があるのですが、OUIが自動構成してくれるということ、また、インストレーションガイドでもOUIの自動構成を利用するよう推奨されているんですが、今回はちょっと意地悪なことをしてみます。事前にパスワード付きでSSHを構成しておき、OUIがパスワードなしのSSH構成行われていないと認識しちゃんと自動構成してくれるか見てみます。
Oracle Grid Infrastructureインストレーション・ガイド 11gリリース2(11.2)for Linux - 2.13 インストール時におけるSSHの自動構成
Oracle Grid Infrastructureインストレーション・ガイド 11gリリース2(11.2)for Linux - E.1 すべてのクラスタ・ノードでの手動によるSSHの構成
では、さっそくやってみましょう。
- ハードウェア構成(VMなのでVMの構成も含めて)、ソフトウェア構成など
- Linux (CentOS 5.5 x86_64)のインストール
- Openfiler2.3 x86のインストール
- Openfiler2.3 x86によるiSCSIボリュームの構成
- Oracle RACノードでのiSCSIボリュームの構成 その1、その2、その3
- Oracle所有者、Oracle Grid Infrastructureユーザの作成と関連ディレクトリの作成及び環境変数の設定
- Oracle向けLinuxサーバーの構成(カーネルパラメータの設定)
- Oracle RACノード間リモートアクセスの構成とntpの構成
(sshの構成は念のために行った、多分、実施しなくても大丈夫だと思うけど…ついでなので、ちょいと意地悪な実験をしてみた) - ローカルネームサーバの構成
- Oracle RACノード構成ファイルの確認
- Oracle Automatic Storage Management(ASMLib 2.0.5 x84_64)のインストール及び構成
- Oracle11g R2 11.2.0.1.0 RACインストール事前作業
- Oracle11g R2 11.2.0.1.0 Grid Infrastractureのインストール
- Oracle11g R2 11.2.0.1.0 Database softwareのインストール
- Oracle11g R2 11.2.0.1.0 examplesのインストール
- Oracle Cluster databaseの作成
- Net Serviceの確認
- Oralce Grid InsfastructureとDatabase構成の確認
- Clusterの開始と停止の確認
- 簡単なTransparent Application Failover (TAF)の確認
Oracle RACノード間リモートアクセスの構成
(念のために行った、多分、実施しなくても大丈夫だと思うけど…ちょいと意地悪な実験をしてみた)
sshパッケージの確認。(RACを構成する全ノードで)
[root@discus164 etc]# rpm -qa --queryformat "%{NAME}-%{VERSION}-%{RELEASE} (%{ARCH})\n"| grep ssh
openssh-server-4.3p2-41.el5_5.1 (x86_64)
openssh-askpass-4.3p2-41.el5_5.1 (x86_64)
openssh-clients-4.3p2-41.el5_5.1 (x86_64)
openssh-4.3p2-41.el5_5.1 (x86_64)
[root@discus164 etc]#
RACを構成する全ノードのgrid infrastrucreユーザと/oracle所有者で実施する。(Oracle11g 11.2.0.2.0において手動でSSHのユーザ等価化を行う場合、パスフレーズを入力する箇所でパスフレーズを入力せず、[ENTER]キーをタイプすればOKなのですが、今回は、あえてパスフレーズを入力してあります。ログ上ではパスフレーズを入力していないように見えますが.)
[root@discus164 ˜]# su - grid
[grid@discus164 ˜]$
[grid@discus164 ˜]$ mkdir ˜/.ssh
[grid@discus164 ˜]$ chmod 700 ˜/.ssh
[grid@discus164 ˜]$ /usr/bin/ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/grid/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/grid/.ssh/id_dsa.
Your public key has been saved in /home/grid/.ssh/id_dsa.pub.
The key fingerprint is:
ba:bb:09:72:94:94:d6:29:99:12:7f:d2:a6:a6:60:0a grid@discus164.macdeoracle.jp
[grid@discus164 ˜]$
[root@discus164 ˜]#
[root@discus164 ˜]# su - oracle
[oracle@discus164 ˜]$
[oracle@discus164 ˜]$ mkdir ˜/.ssh
[oracle@discus164 ˜]$ chmod 700 ˜/.ssh
[oracle@discus164 ˜]$
[oracle@discus164 ˜]$ /usr/bin/ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/oracle/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/oracle/.ssh/id_dsa.
Your public key has been saved in /home/oracle/.ssh/id_dsa.pub.
The key fingerprint is:
88:5d:b0:ec:80:8c:59:ed:22:f7:d8:88:6d:6c:41:1a oracle@discus164.macdeoracle.jp
[oracle@discus164 ˜]$
以下の操作はRAC上の1ノードから行えばOK。ただ、gid infrastructureユーザとOracle所有者の両ユーザで行う必要があるのでご注意を。11.2.0.2.0以降では以前のリリースのように神経質にならなくてもいいかもね。sshの構成に関しては……
Oracle Grid Infrastructureユーザから…
[root@discus164 ˜]# su - grid
[grid@discus164 ˜]$
[grid@discus164 ˜]$
[grid@discus164 ˜]$ touch ˜/.ssh/authorized_keys
[grid@discus164 ˜]$ cd ˜/.ssh
[grid@discus164 .ssh]$ ls -l *.pub
-rw-r--r-- 1 grid oinstall 619 11月 24 13:11 id_dsa.pub
[grid@discus164 .ssh]$ ssh discus164 cat ˜/.ssh/id_dsa.pub >> ˜/.ssh/authorized_keys
The authenticity of host 'discus164 (192.168.1.90)' can't be established.
RSA key fingerprint is 15:90:e9:89:98:8e:ed:3f:67:7b:d4:e7:97:6b:58:c5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'discus164,192.168.1.90' (RSA) to the list of known hosts.
grid@discus164's password:
[grid@discus164 .ssh]$ ssh discus264 cat ˜/.ssh/id_dsa.pub >> ˜/.ssh/authorized_keys
The authenticity of host 'discus264 (192.168.1.91)' can't be established.
RSA key fingerprint is 55:80:d3:23:4f:82:44:4b:b8:89:02:d8:69:31:7e:f5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'discus264,192.168.1.91' (RSA) to the list of known hosts.
grid@discus264's password:
[grid@discus164 .ssh]$ scp ˜/.ssh/authorized_keys discus264:.ssh/authorized_keys
grid@discus264's password:
authorized_keys 100% 1238 1.2KB/s 00:00
[grid@discus164 .ssh]$ chmod 600 ˜/.ssh/authorized_keys
[grid@discus164 .ssh]$
[grid@discus164 ˜]$ ssh discus164 hostname
Enter passphrase for key '/home/grid/.ssh/id_dsa':
discus164.macdeoracle.jp
[grid@discus164 ˜]$ ssh discus264 hostname
Enter passphrase for key '/home/grid/.ssh/id_dsa':
discus264.macdeoracle.jp
[grid@discus164 ˜]$
次はOracle所有者で… 11.2.0.2.0以降パスブレーズなしにする必要があるのですがわざと入れてます (^^)
[root@discus164 ˜]# su - oracle
[oracle@discus164 ˜]$ touch ˜/.ssh/authorized_keys
[oracle@discus164 ˜]$ cd ˜/.ssh
[oracle@discus164 .ssh]$ ls -l *.pub
-rw-r--r-- 1 oracle oinstall 621 11月 24 13:14 id_dsa.pub
[oracle@discus164 .ssh]$ ssh discus164 cat ˜/.ssh/id_dsa.pub >> ˜/.ssh/authorized_keys
The authenticity of host 'discus164 (192.168.1.90)' can't be established.
RSA key fingerprint is 15:90:e9:89:98:8e:ed:3f:67:7b:d4:e7:97:6b:58:c5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'discus164,192.168.1.90' (RSA) to the list of known hosts.
oracle@discus164's password:
[oracle@discus164 .ssh]$ ssh discus264 cat ˜/.ssh/id_dsa.pub >> ˜/.ssh/authorized_keys
The authenticity of host 'discus264 (192.168.1.91)' can't be established.
RSA key fingerprint is 55:80:d3:23:4f:82:44:4b:b8:89:02:d8:69:31:7e:f5.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'discus264,192.168.1.91' (RSA) to the list of known hosts.
oracle@discus264's password:
[oracle@discus164 .ssh]$ scp ˜/.ssh/authorized_keys discus264:.ssh/authorized_keys
oracle@discus264's password:
authorized_keys 100% 1242 1.2KB/s 00:00
[oracle@discus164 .ssh]$ chmod 600 ˜/.ssh/authorized_keys
[oracle@discus164 .ssh]$ cd
[oracle@discus164 ˜]$
[oracle@discus164 ˜]$
[oracle@discus164 ˜]$ ssh discus164 hostname
Enter passphrase for key '/home/oracle/.ssh/id_dsa':
discus164.macdeoracle.jp
[oracle@discus164 ˜]$ ssh discus264 hostname
Enter passphrase for key '/home/oracle/.ssh/id_dsa':
discus264.macdeoracle.jp
[oracle@discus164 ˜]$
確認! gird infrastructureユーザとOracle所有者の両方で。
[oracle@discus164 ˜]$
[oracle@discus164 ˜]$ exec /usr/bin/ssh-agent $SHELL
[oracle@discus164 ˜]$ /usr/bin/ssh-add
Enter passphrase for /home/oracle/.ssh/id_dsa:
Identity added: /home/oracle/.ssh/id_dsa (/home/oracle/.ssh/id_dsa)
[oracle@discus164 ˜]$
[oracle@discus164 ˜]$
[oracle@discus164 ˜]$ ssh discus164 hostname
discus164.macdeoracle.jp
[oracle@discus164 ˜]$ ssh discus264 hostname
discus264.macdeoracle.jp
[oracle@discus164 ˜]$
[oracle@discus164 ˜]$ exit
exit
[root@discus164 ˜]# su - grid
[grid@discus164 ˜]$ exec /usr/bin/ssh-agent $SHELL
[grid@discus164 ˜]$ /usr/bin/ssh-add
Enter passphrase for /home/grid/.ssh/id_dsa:
Identity added: /home/grid/.ssh/id_dsa (/home/grid/.ssh/id_dsa)
[grid@discus164 ˜]$ ssh discus164 hostname
discus164.macdeoracle.jp
[grid@discus164 ˜]$ ssh discus264 hostname
discus264.macdeoracle.jp
[grid@discus164 ˜]$
最後に、sttyコマンドよるインストールエラーメッセージ抑止(全ノードの grid/oracleユーザで実施)
[grid@discus164 ˜]$ su - oracle
パスワード:
[oracle@discus164 ˜]$ vi .bashrc
[oracle@discus164 ˜]$ cat .bashrc
# .bashrc
# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi
# User specific aliases and functions
if [ -t 0 ]; then
stty intr ^C
fi
[oracle@discus164 ˜]$
ここで、やる予定ではなかったのですが、次いでなのでNTPの設定もついでにやっちゃいました。
Host OS側で公開NTPサーバと同期、VirtualBox上に作成したRACを構成する各Guest OSは、Host OSをNTPサーバとして同期する。
このようにしておけば公開NTPサーバを参照するのはHost OSだけなので余計な問い合わせを押さえることができますよね。
RACを構成する全ノード及び、iSCSIでも同じ構成にしてあります。ちなみに、192.168.1.2がHost OS
/etc/ntp.confと/etc/sysconfig/ntpdで構成します。ntpはslewモードで調整するよう設定します。
[root@discus164 ˜]# cat /etc/ntp.conf
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
#restrict -6 ::1
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#broadcast 192.168.1.255 key 42 # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 key 42 # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 key 42 # manycast client
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.
#server 127.127.1.0
#fudge 127.127.1.0 stratum 10
# Drift file. Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
driftfile /var/lib/ntp/drift
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
server 192.168.1.2
server 192.168.1.2
server 192.168.1.2
restrict 192.168.1.2 mask 255.255.255.255 nomodify notrap noquery
[root@discus164 ˜]#
[root@discus164 ˜]# cat /etc/sysconfig/ntpd
# Drop root to id 'ntp:ntp' by default.
OPTIONS="-x -u ntp:ntp -p /var/run/ntpd.pid"
# Set to 'yes' to sync hw clock after successful ntpdate
SYNC_HWCLOCK=yes
# Additional options for ntpdate
NTPDATE_OPTIONS="-B"
[root@discus164 ˜]#
HostOS側は公開NTPサーバと同期するので以下のような設定にしてあります。
[root@lampeye ˜]# cat /etc/ntp.conf
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
# Hosts on local network are less restricted.
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server -4 ntp.nict.jp minpoll 8 maxpoll 12
server -4 ntp.nict.jp minpoll 8 maxpoll 12
server -4 ntp.nict.jp minpoll 8 maxpoll 12
#broadcast 192.168.1.255 key 42 # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 key 42 # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 key 42 # manycast client
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.
server 127.127.1.0 #local clock
fudge 127.127.1.0 stratum 10
# Drift file. Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
driftfile /var/lib/ntp/drift
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
restrict ntp.nict.jp mask 255.255.255.255 nomodify notrap noquery
[root@lampeye ˜]#
[root@lampeye ˜]# cat /etc/sysconfig/ntpd
# Drop root to id 'ntp:ntp' by default.
OPTIONS="-x -u ntp:ntp -p /var/run/ntpd.pid"
# Set to 'yes' to sync hw clock after successful ntpdate
SYNC_HWCLOCK=yes
# Additional options for ntpdate
NTPDATE_OPTIONS="-B"
[root@lampeye ˜]#
service ntpd restart で再起動。しばらくしてから…
Host OSがntpサーバと同期できているか確認!!
[root@lampeye ˜]# ntpq -np
remote refid st t when poll reach delay offset jitter
==============================================================================
*210.171.226.40 .NICT. 1 u 38 1024 377 10.447 59.103 9.904
127.127.1.0 .LOCL. 10 l 22 64 377 0.000 0.000 0.001
[root@lampeye ˜]#
公開NTPサーバと同期できています。:)
次はRACを構成する各ノードでHost OSと同期しているか確認します。"*"が表示されているのでうまくいっているようですね。 :)
[root@discus164 ˜]# ntpq -np
remote refid st t when poll reach delay offset jitter
==============================================================================
*192.168.1.2 210.171.226.40 2 u 95 128 377 0.179 121.450 39.443
[root@discus164 ˜]#
[root@discus264 ˜]# ntpq -np
remote refid st t when poll reach delay offset jitter
==============================================================================
*192.168.1.2 210.171.226.40 2 u 5 128 377 0.288 214.652 43.610
[root@discus264 ˜]#
[root@arowana2 ˜]# ntpq -np
remote refid st t when poll reach delay offset jitter
==============================================================================
*192.168.1.2 210.171.226.40 2 u 35 128 377 0.278 -83.188 0.087
[root@arowana2 ˜]#
ということで次回へつづく。
これまでのあらすじ
・Mac de Oracle - 10万円未満 de RAC (11g編)#28
・VirtualBox de RAC (Oracle11g R1編) #1
・VirtualBox de RAC (Oracle11g R1編) #2
・VirtualBox de Oracle11g R2 RAC #1
・VirtualBox de Oracle11g R2 RAC #2 - 事前調査など…
・VirtualBox de Oracle11g R2 RAC #3
・VirtualBox de Oracle11g R2 RAC #4
・VirtualBox de Oracle11g R2 RAC #5
・VirtualBox de Oracle11g R2 RAC #6
・VirtualBox de Oracle11g R2 RAC #7
・VirtualBox de Oracle11g R2 RAC #8
・VirtualBox de Oracle11g R2 RAC #9
・VirtualBox de Oracle11g R2 RAC #10
| 固定リンク | 0
コメント