HARRIS Jimmy \(AXA-Tech-AU\)
2007-May-09 06:31 UTC
Automatic distribution of ssh public keys and server host keys
I''m in the process of automating the build of Oracle RAC nodes running on Linux but there''s one part I can''t quite get my head around. Oracle RAC requires that the oracle user on each node has an authorized_keys file containing the public keys of the oracle user on every other node. It also requires that the known_hosts file contains host keys for all other nodes to avoid the "Do you wish to add the host key" message. I haven''t had nay problems getting Puppet to automatically create SSH keys if they don''t exist but I''m not sure of the best way to collect new host and oracle public keys and distribute them to existing nodes. Is anyone is doing something similar or does anyone have any tips? Cheers, James ********************************************************************************* Important Note This email (including any attachments) contains information which is confidential and may be subject to legal privilege. If you are not the intended recipient you must not use, distribute or copy this email. If you have received this email in error please notify the sender immediately and delete this email. Any views expressed in this email are not necessarily the views of AXA-Tech Australia. Thank you. **********************************************************************************
David Schmitt
2007-May-09 07:20 UTC
Re: Automatic distribution of ssh public keys and server host keys
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 09 May 2007, HARRIS Jimmy (AXA-Tech-AU) wrote:> I''m in the process of automating the build of Oracle RAC nodes running > on Linux but there''s one part I can''t quite get my head around. > > Oracle RAC requires that the oracle user on each node has an > authorized_keys file containing the public keys of the oracle user on > every other node. It also requires that the known_hosts file contains > host keys for all other nodes to avoid the "Do you wish to add the host > key" message. > > I haven''t had nay problems getting Puppet to automatically create SSH > keys if they don''t exist but I''m not sure of the best way to collect new > host and oracle public keys and distribute them to existing nodes. > > Is anyone is doing something similar or does anyone have any tips?This can be done by using the export/collect features, which are enabled by setting "storeyonfigs=true" on the puppetmaster. You can then export resources from individual nodes and collect them on another host. For a example see the http://reductivelabs.com/trac/puppet/wiki/Authorized_keysRecipe by windowsrefund or my own ssh-manifests at http://club.black.co.at:82/svn/manifests/trunk/manifests/classes/ssh.pp Regards, David - -- - - hallo... wie gehts heute? - - *hust* gut *rotz* *keuch* - - gott sei dank kommunizieren wir über ein septisches medium ;) -- Matthias Leeb, Uni f. angewandte Kunst, 2005-02-15 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGQXZb/Pp1N6Uzh0URAl/GAJ9JVkAZ0kxutJpUbOIIgXOnr5r2oQCbBbsZ OpmXlZfrYar8VVhUbvOlqWI=14hS -----END PGP SIGNATURE-----