我们在使用CentOS系统时候,安装RAC时,需要配置各个节点的互信关系,使rsh、rlogin、rcp等命令不需要输入密码可以操作其他节点。除了按照管法rac安装文档中的方法配置ssh之外,还可以通过修改.rhosts等文件实现互信。在unix(如aix)中,可以简单修改/etc/hosts.equiv实现,但是Linux中比较麻烦,需要一些其他的步骤,下面我们来演示在CentOS系统中配置方法:
CentOS系统时需要在各个节点上完成如下操作
1、检查在CentOS系统中rsh-server包是否已经安装
[root@rac1 ~]# rpm -qa|grep -i ^rsh-server
rsh-server-0.17-40.el5
如果没有安装使用rpm -ivh 命令安装
2、确保/etc/xinetd.d/rlogin中存在disable = no这一行
- [root@rac1 ~]# cat /etc/xinetd.d/rlogin
- # default: on
- # description: rlogind is the server for the rlogin(1) program. The server
- # provides a remote login facility with authentication based on
- # privileged port numbers from trusted hosts.
- service login
- {disable = no
- socket_type = stream
- wait = no
- user = root
- log_on_success += USERID
- log_on_failure += USERID
- server = /usr/sbin/in.rlogind}
3、确保/etc/xinetd.d/rsh中存在disable = no这一行
- [root@rac1 ~]# cat /etc/xinetd.d/rsh
- # default: on
- # description: The rshd server is the server for the rcmd(3) routine and,
- # consequently, for the rsh(1) program. The server provides
- # remote execution facilities with authentication based on
- # privileged port numbers from trusted hosts.
- service shell
- {
- disable = no
- socket_type = stream
- wait = no
- user = root
- log_on_success += USERID
- log_on_failure += USERID
- server = /usr/sbin/in.rshd
- }
4、在CentOS系统重启xinetd服务
[root@rac1 ~]# service xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
5、在CentOS系统编辑/etc/securetty,确保存在rexec、rsh、rlogin三行
- [root@rac1 ~]# cat /etc/securetty
- console
- vc/1
- vc/2
- vc/3
- vc/4
- vc/5
- vc/6
- vc/7
- vc/8
- vc/9
- vc/10
- vc/11
- tty1
- tty2
- tty3
- tty4
- tty5
- tty6
- tty7
- tty8
- tty9
- tty10
- tty11
- rexec
- rsh
- rlogin
6、在CentOS系统编辑/etc/hosts.equiv文件,如下所示
- [root@rac1 ~]# cat /etc/hosts.equiv
- +rac1 oracle
- +rac2 oracle
- +rac1-priv oracle
- +rac2-priv oracle
- +rac1 root
- +rac2 root
- +rac1-priv root
- +rac2-priv root
7、在CentOS系统编辑/etc/hosts文件,如下所示
- [root@rac1 ~]# cat /etc/hosts
- # Do not remove the following line, or various programs
- # that require network functionality will fail.
- 127.0.0.1 localhost.localdomain localhost
- ::1 localhost6.localdomain6 localhost6
- #public
- 192.168.2.101 rac1.localdomain rac1
- 192.168.2.102 rac2.localdomain rac2
- #private
- 192.168.0.101 rac1-priv.localdomain rac1-priv
- 192.168.0.102 rac2-priv.localdomain rac2-priv
- #virtual
- 192.168.2.111 rac1-vip.localdomain rac1-vip
- 192.168.2.112 rac2-vip.localdomain rac2-vip
8、在CentOS系统编辑~/.rhosts,如下所示
[root@rac1 ~]# cat ~/.rhosts
+rac1 root
+rac2 root
+rac1-priv root
+rac2-priv root
9、测试rlogin和rsh是否可以不用输入密码登录其他节点
- [root@rac1 ~]# rlogin rac2
- connect to address 192.168.2.102 port 543: Connection refused
- Trying krb4 rlogin...
- connect to address 192.168.2.102 port 543: Connection refused
- trying normal rlogin (/usr/bin/rlogin)
- Last login: Wed Jan 13 08:39:17 from rac1
- [root@rac2 ~]# hostname
- rac2.localdomain
- [root@rac2 ~]# exit
- logout
- rlogin: connection closed.
- [root@rac1 ~]# rsh rac2
- connect to address 192.168.2.102 port 543: Connection refused
- Trying krb4 rlogin...
- connect to address 192.168.2.102 port 543: Connection refused
- trying normal rlogin (/usr/bin/rlogin)
- Last login: Wed Jan 13 08:47:22 from rac1
- [root@rac2 ~]# hostname
- rac2.localdomain
- [root@rac2 ~]# exit
- logout
- rlogin: connection closed.
这样,我们就完成了在CentOS系统配置rsh,rcp,scp多节点互通,而且不需要密码。
【编辑推荐】