-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
4 changed files
with
112 additions
and
35 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,109 @@ | ||
| <?xml version="1.0" encoding="UTF-8"?> | ||
| <?xml-stylesheet href="urn:x-suse:xslt:profiling:docbook51-profile.xsl" | ||
| type="text/xml" | ||
| title="Profiling step"?> | ||
| <!DOCTYPE chapter | ||
| [ | ||
| <!ENTITY % entities SYSTEM "generic-entities.ent"> | ||
| %entities; | ||
| ]> | ||
|
|
||
| <chapter xml:id="cha-ha-log-in" xml:lang="en" | ||
| xmlns="http://docbook.org/ns/docbook" version="5.1" | ||
| xmlns:xi="http://www.w3.org/2001/XInclude" | ||
| xmlns:xlink="http://www.w3.org/1999/xlink"> | ||
| <title>Logging in to the cluster nodes</title> | ||
| <info> | ||
| <abstract> | ||
| <para> | ||
| &sleha; clusters use passwordless SSH access for communication between the nodes. | ||
| If you set up the cluster with <command>crm cluster init</command>, the script checks | ||
| for SSH keys and generates them if they do not exist. If you set up the cluster | ||
| with the YaST cluster module, you must configure the SSH keys yourself. | ||
| </para> | ||
| <para> | ||
| By default, the cluster performs operations as the &rootuser; user. However, if you cannot | ||
| allow passwordless root SSH access, you can set up the cluster as a user with | ||
| <command>sudo</command> privileges instead. | ||
| </para> | ||
| </abstract> | ||
| <dm:docmanager xmlns:dm="urn:x-suse:ns:docmanager"> | ||
| <dm:bugtracker></dm:bugtracker> | ||
| <dm:translation>yes</dm:translation> | ||
| </dm:docmanager> | ||
| </info> | ||
|
|
||
| <para> | ||
| The following users can set up the cluster on the first node, and add more nodes to the cluster: | ||
| </para> | ||
| <variablelist> | ||
| <varlistentry> | ||
| <term>The &rootuser; user</term> | ||
| <listitem> | ||
| <para> | ||
| Setting up and running the cluster as &rootuser; is &pace;'s default and does not | ||
| require any additional configuration. The &rootuser; user's SSH keys must exist | ||
| (or be generated) locally on the node, not on a remote system. | ||
| </para> | ||
| <para> | ||
| To log into to the first cluster node as the &rootuser; user, run the following command: | ||
| </para> | ||
| <screen><prompt>user@local> </prompt><command>ssh root@<replaceable>NODE1</replaceable></command></screen> | ||
| </listitem> | ||
| </varlistentry> | ||
| <varlistentry> | ||
| <term>A user with <command>sudo</command> privileges (without SSH agent forwarding)</term> | ||
| <listitem> | ||
| <para> | ||
| You will need to specify this user when you add more nodes to the cluster with | ||
| <command>crm cluster join</command>. The user's SSH keys must exist (or be generated) | ||
| locally on the node, not on a remote system. | ||
| </para> | ||
| <para> | ||
| To log into to the first cluster node as a <command>sudo</command> user, run the | ||
| following command: | ||
| </para> | ||
| <screen><prompt>user@local> </prompt><command>ssh <replaceable>USER@NODE1</replaceable></command></screen> | ||
| </listitem> | ||
| </varlistentry> | ||
| <varlistentry> | ||
| <term>A user with <command>sudo</command> privileges (with SSH agent forwarding)</term> | ||
| <listitem> | ||
| <para> | ||
| You can use SSH forwarding to pass your local SSH keys to the cluster nodes. | ||
| This can be useful if you need to avoid storing SSH keys on the nodes, but requires | ||
| additional configuration on your local machine and on the cluster nodes. | ||
| </para> | ||
| <para> | ||
| To log in to the first cluster node with SSH agent forwarding enabled, | ||
| perform the following steps: | ||
| </para> | ||
| <orderedlist> | ||
| <listitem> | ||
| <para> | ||
| On your local machine, start the SSH agent and add your keys to it. For more information, | ||
| see <link xlink:href="&dsc;/sles/html/SLES-all/cha-ssh.html#sec-ssh-authentic-agent"> | ||
| <citetitle>Automated public key logins with ssh-agent</citetitle></link> in | ||
| <citetitle>&secguide;</citetitle> for &sles;. | ||
| </para> | ||
| </listitem> | ||
| <listitem> | ||
| <para> | ||
| Log in to the first node with the <option>-A</option> option to enable | ||
| SSH agent forwarding: | ||
| </para> | ||
| <screen><prompt>user@local> </prompt><command>ssh -A <replaceable>USER@NODE1</replaceable></command></screen> | ||
| </listitem> | ||
| </orderedlist> | ||
| </listitem> | ||
| </varlistentry> | ||
| </variablelist> | ||
| <para> | ||
| When you add nodes to the cluster, you must log in to each node as the same user you set up the first node with. | ||
| </para> | ||
| <important role="compact"> | ||
| <para> | ||
| For simplicity, the commands in this guide assume you are logged in as the &rootuser; user. If you logged in as a <command>sudo</command> user, adjust the commands accordingly. | ||
| </para> | ||
| </important> | ||
| </chapter> |