Designing Disaster Recovery Clusters using Metroclusters and Continentalclusters, Reprinted October 2011 (5900-1881)
Complete the following steps to set up the SSH environment for Continentalclusters A.08.00 on all
nodes of all clusters to be configured in a Continentalclusters:
1. Set a password for the Continentalclusters user, conclusr, on all nodes of all clusters to be
configured in a Continentalclusters:
a. Log in as root user.
b. Set the password for conclusr on the node
passwd conclusr
passwd conclusr
2. Setup SSH equivalence between the nodes in the Continentalclusters.
a. Log in to any node in the Continentalclusters as conclusr.
b. Create a text file and add the fully qualified domain names (FQDN) of all nodes in all
clusters to be configured in the Continentalclusters.
For example consider a Continentalclusters with two sites, Site A and Site B, each having
two nodes Node 1 and Node 2. Create a text file, <host-list-file>, with the
following entries:
Node1.cup.hp.com
Node2.cup.hp.com
Node1.ind.hp.com
Node2.ind.hp.com
c. Run the following command to create and distribute the SSH keys.
csshsetup -r -k rsa -f <host-list-file>
The SSH keys set up trust among all the Continentalclusters nodes. This command also
prompts for the password of the user conclusr, for every node specified in the file
created in step 2b. When prompted, enter the password.
After the keys are created and distributed, the SSH connection is tested. If any errors are
detected in the SSH connection, then an error message is displayed. Rectify the error on the
node, and run the following command:
csshsetup -r -k rsa -f <host-list-file>
To add a node to Continentalclusters, run the csshsetup command with the updated
<host-list-file> from a node that is already part of the Continentalclusters. To delete
a node from Continentalclusters, run the csshsetup command with the updated
<host-list-file> from any other node that is still part of the Continentalclusters. After
deleting the node from Continentalclusters, delete the user conclusr from the desired node.
The csshsetup command is a part of distributed systems administration utility. For more
details, see Distributed Systems Administration Utilities User's Guide at http://www.hp.com/
go/hpux-serviceguard-docs.
NOTE: The csshsetup command uses the HOME environment variable to determine the
location of the SSH directories and files. This command fails if the HOME variable is not set
appropriately. If the HOME variable is empty or is not set, then run the following command to
ensure that the csshsetup command works accurately:
export HOME=<home_dir_location>
3. The conclusr should have a USER_ROLE of MONITOR. Starting with Serviceguard version
A.11.19, all users on a node have this role by default. To confirm if conclusr has MONITOR
access, on each node that belongs to Continentalclusters, log in as conclusr and run the
command /usr/sbin/cmviewcl.
In case conclusr does not have MONITOR access, the execution of the command will fail
with the following error:$ /usr/sbin/cmviewcl Permission denied to 127.0.0.1 cmviewcl:
Building the Continentalclusters Configuration 61