Storage Foundation for Oracle® RAC 7.4.1 Configuration and Upgrade Guide - Solaris

Last Published:
Product(s): InfoScale & Storage Foundation (7.4.1)
Platform: Solaris
  1. Section I. Configuring SF Oracle RAC
    1. Preparing to configure SF Oracle RAC
      1.  
        About this document
      2. I/O fencing requirements
        1.  
          Coordinator disk requirements for I/O fencing
        2.  
          CP server requirements
      3. About planning to configure I/O fencing
        1.  
          Typical SF Oracle RAC cluster configuration with disk-based I/O fencing
        2.  
          Typical SF ORACLE RAC cluster configuration with server-based I/O fencing
        3.  
          Recommended CP server configurations
        4.  
          Preparing to configure server-based fencing for SF Oracle RAC
    2. Configuring SF Oracle RAC using the script-based installer
      1. Configuring the SF Oracle RAC components using the script-based installer
        1. Configuring the SF Oracle RAC cluster
          1.  
            Configuring the cluster name
          2.  
            Configuring private heartbeat links
          3.  
            Configuring the virtual IP of the cluster
          4. Configuring SF Oracle RAC in secure mode
            1.  
              Setting up trust relationships for your SF Oracle RAC cluster
          5. Configuring a secure cluster node by node
            1.  
              Configuring the first node
            2.  
              Configuring the remaining nodes
            3.  
              Completing the secure cluster configuration
          6.  
            Adding VCS users
          7.  
            Configuring SMTP email notification
          8.  
            Configuring SNMP trap notification
          9.  
            Configuring global clusters
        2.  
          Creation of SF Oracle RAC configuration files
        3.  
          Stopping and starting SF Oracle RAC processes
      2. Setting up disk-based I/O fencing using installer
        1.  
          Initializing disks as VxVM disks
        2.  
          Identifying disks to use as coordinator disks
        3. Checking shared disks for I/O fencing
          1.  
            Verifying Array Support Library (ASL)
          2.  
            Verifying that the nodes have access to the same disk
          3.  
            Testing the disks using vxfentsthdw utility
        4.  
          Configuring disk-based I/O fencing using installer
        5.  
          Refreshing keys or registrations on the existing coordination points for disk-based fencing using the installer
      3. Setting up server-based I/O fencing using installer
        1.  
          Refreshing keys or registrations on the existing coordination points for server-based fencing using the installer
        2. Setting the order of existing coordination points for server-based fencing using the installer
          1.  
            About deciding the order of existing coordination points
          2.  
            Setting the order of existing coordination points using the installer
      4.  
        Configuring SFDB
    3. Performing an automated SF Oracle RAC configuration
      1.  
        Configuring SF Oracle RAC using response files
      2.  
        Response file variables to configure SF Oracle RAC
      3.  
        Sample response file for configuring SF Oracle RAC
      4.  
        Configuring I/O fencing using response files
      5.  
        Response file variables to configure disk-based I/O fencing
      6.  
        Sample response file for configuring disk-based I/O fencing
      7.  
        Configuring CP server using response files
      8.  
        Response file variables to configure CP server
      9.  
        Sample response file for configuring the CP server on SFHA cluster
      10.  
        Response file variables to configure server-based I/O fencing
      11.  
        Sample response file for configuring server-based I/O fencing
  2. Section II. Post-installation and configuration tasks
    1. Verifying the installation
      1.  
        Performing a postcheck on a node
      2.  
        Verifying SF Oracle RAC installation using VCS configuration file
      3. Verifying LLT, GAB, and cluster operation
        1.  
          Verifying LLT
        2.  
          Verifying GAB
        3.  
          Verifying the cluster
        4.  
          Verifying the cluster nodes
    2. Performing additional post-installation and configuration tasks
      1.  
        Setting the environment variables for SF Oracle RAC
      2.  
        About enabling LDAP authentication for clusters that run in secure mode
      3. About configuring authentication for SFDB tools
        1.  
          Configuring vxdbd for SFDB tools authentication
      4.  
        Configuring Volume Replicator
      5.  
        Running SORT Data Collector to collect configuration information
      6.  
        Changing root user into root role
  3. Section III. Upgrade of SF Oracle RAC
    1. Planning to upgrade SF Oracle RAC
      1.  
        About the upgrade
      2.  
        Supported upgrade paths
      3.  
        Creating backups
      4.  
        Considerations for upgrading SF Oracle RAC to 7.4.1 on systems configured with an Oracle resource
      5.  
        Using Install Bundles to simultaneously install or upgrade full releases (base, maintenance, rolling patch), and individual patches
    2. Performing a full upgrade of SF Oracle RAC using the product installer
      1.  
        About full upgrades
      2.  
        Preparing to perform a full upgrade to SF Oracle RAC 7.4.1
      3. Upgrading to SF Oracle RAC 7.4.1
        1.  
          Upgrading SF Oracle RAC using the Veritas installation program
        2.  
          Upgrading SFDB
    3. Performing an automated full upgrade of SF Oracle RAC using response files
      1.  
        Upgrading SF Oracle RAC using a response file
      2.  
        Response file variables to upgrade SF Oracle RAC
      3.  
        Sample response file for upgrading SF Oracle RAC
    4. Performing a phased upgrade of SF Oracle RAC
      1.  
        About phased upgrade
      2. Performing a phased upgrade of SF Oracle RAC from version 6.2.1 and later release
        1.  
          Step 1: Performing pre-upgrade tasks on the first half of the cluster
        2.  
          Step 2: Upgrading the first half of the cluster
        3.  
          Step 3: Performing pre-upgrade tasks on the second half of the cluster
        4.  
          Step 4: Performing post-upgrade tasks on the first half of the cluster
        5.  
          Step 5: Upgrading the second half of the cluster
        6.  
          Step 6: Performing post-upgrade tasks on the second half of the cluster
    5. Performing a rolling upgrade of SF Oracle RAC
      1.  
        About rolling upgrade
      2.  
        Preparing to perform a rolling upgrade to SF Oracle RAC 7.4.1
      3.  
        Performing a rolling upgrade using the product installer
    6. Upgrading SF Oracle RAC using Live Upgrade or Boot Environment upgrade
      1.  
        About ZFS Boot Environment (BE) upgrade
      2.  
        Supported upgrade paths for Boot Environment upgrade
      3. Performing Boot Environment upgrade on Solaris 11 systems
        1.  
          Creating a new Solaris 11 BE on the primary boot disk
        2.  
          Upgrading SF Oracle RAC using the installer for upgrading BE on Solaris 11
        3.  
          Completing the SF Oracle RAC upgrade on BE on Solaris 11
        4.  
          Verifying Solaris 11 BE upgrade
        5.  
          Reverting to the primary BE on a Solaris 11 system
    7. Performing post-upgrade tasks
      1.  
        Relinking Oracle RAC libraries with the SF Oracle RAC libraries
      2.  
        Setting or changing the product license level
      3.  
        Resetting DAS disk names to include host name in FSS environments
      4.  
        Upgrading disk layout versions
      5.  
        CVM master node needs to assume the logowner role for VCS managed VVR resources
      6.  
        Switching on Quotas
      7.  
        Upgrading the disk group version
  4. Section IV. Installation and upgrade of Oracle RAC
    1. Before installing Oracle RAC
      1.  
        Important preinstallation information for Oracle RAC
      2.  
        About preparing to install Oracle RAC
      3. Preparing to install Oracle RAC using the SF Oracle RAC installer or manually
        1.  
          Identifying the public virtual IP addresses for use by Oracle
        2.  
          Setting the kernel parameters
        3.  
          Verifying that packages and patches required by Oracle are installed
        4.  
          Verifying the user nobody exists
        5.  
          Launching the SF Oracle RAC installer
        6. Creating users and groups for Oracle RAC
          1.  
            Creating the Oracle user and groups using the SF Oracle RAC script-based installer
          2.  
            Creating the Oracle user and groups manually
        7. Creating storage for OCR and voting disk
          1.  
            Creating storage for OCR and voting disk using the SF Oracle RAC script-based installer
          2. Creating storage for OCR and voting disk manually
            1.  
              Adding the storage resources to the VCS configuration
          3.  
            Configuring atleast resource dependency for OCR and voting disks
        8. Configuring private IP addresses for Oracle RAC 11.2.0.1
          1. Configuring the private IP address and PrivNIC resource
            1.  
              Configuring the private IP address and PrivNIC using the SF Oracle RAC script-based installer
            2.  
              Configuring the private IP address and PrivNIC resource manually
          2. Configuring the private IP address information and MultiPrivNIC resource
            1.  
              Configuring the MultiPrivNIC and private IP address information using the SF Oracle RAC script-based installer
            2.  
              Configuring MultiPrivNIC and private IP addresses manually
          3.  
            Verifying the VCS configuration for PrivNIC and MultiPrivNIC
        9. Configuring private IP addresses for Oracle RAC 11.2.0.2 and later versions
          1.  
            Using link aggregation or NIC bonding
          2. Using Oracle High Availability IP (HAIP)
            1.  
              Configuring static IP addresses for HAIP using the SF Oracle RAC script-based installer
            2.  
              Configuring static IP addresses for HAIP manually
        10.  
          Verifying that multicast is functional on all private network interfaces
        11.  
          Creating Oracle Clusterware/Grid Infrastructure and Oracle database home directories manually
        12.  
          Setting up user equivalence
        13.  
          Verifying whether the Veritas Membership library is linked to Oracle libraries
    2. Installing Oracle RAC
      1.  
        About installing Oracle RAC
      2. Installing the Oracle Clusterware/Grid Infrastructure software
        1.  
          Installing Oracle Clusterware/Grid Infrastructure using the SF Oracle RAC script-based installer
        2.  
          Installing Oracle Clusterware/Grid Infrastructure using the Oracle Universal Installer
      3.  
        Configuring LLT links in the GPnP profile
      4. Installing the Oracle RAC database software
        1.  
          Installing the Oracle RAC database using the SF Oracle RAC script-based installer
        2.  
          Installing the Oracle RAC database using the Oracle Universal Installer
      5. Verifying the Oracle Clusterware/Grid Infrastructure and database installation
        1.  
          Node numbering discrepancies in Oracle RAC 11g Release 2 and later versions
    3. Performing an automated Oracle RAC installation
      1.  
        About installing Oracle RAC using response files
      2.  
        Before you install
      3.  
        Installing Oracle RAC
      4.  
        Response file variable definitions for Oracle RAC
      5.  
        Sample response file for installing Oracle RAC
    4. Performing Oracle RAC post-installation tasks
      1.  
        Adding Oracle RAC patches or patchsets
      2. Configuring the CSSD resource
        1.  
          Configuring the CSSD resource using the SF Oracle RAC script-based installer
        2.  
          Configuring the CSSD resource manually
      3.  
        Preventing automatic startup of Oracle Clusterware/Grid Infrastructure
      4. Relinking the SF Oracle RAC libraries with Oracle RAC
        1.  
          Relinking the SF Oracle RAC libraries with Oracle RAC using the SF Oracle RAC script-based installer
        2. Relinking SF Oracle RAC libraries with Oracle RAC manually
          1.  
            Linking the ODM library
      5.  
        Creating the Oracle RAC database
      6. Configuring VCS service groups for Oracle RAC
        1.  
          Supported types of database management
        2. Sample service group configurations
          1.  
            Sample service group configurations with the VCS Oracle agent
          2.  
            Sample service group configurations without the VCS Oracle agent
        3.  
          Configuring VCS service groups manually for traditional Oracle databases
        4.  
          Configuring VCS service groups manually for container Oracle databases
        5.  
          Managing database restart after failure
        6.  
          Location of VCS log files
      7.  
        Preventing automatic database startup
      8.  
        Removing existing PrivNIC or MultiPrivNIC resources
      9.  
        Removing permissions for communication
    5. Upgrading Oracle RAC
      1.  
        Preparing to upgrade Oracle RAC
      2.  
        Upgrading Oracle RAC binaries
      3. Migrating the Oracle RAC database
        1.  
          Performing post-upgrade tasks
  5. Section V. Adding and removing nodes
    1. Adding a node to SF Oracle RAC clusters
      1.  
        About adding a node to a cluster
      2.  
        Before adding a node to a cluster
      3. Adding a node to a cluster using the Veritas InfoScale installer
        1. Preparing the new nodes for installing Oracle RAC using the installer
          1.  
            Creating Oracle user and groups on the new node
          2.  
            Configuring the PrivNIC resource for Oracle Clusterware
          3.  
            Configuring the MultiPrivNIC resource for Oracle Clusterware and Oracle UDP IPC
      4. Adding the node to a cluster manually
        1.  
          Starting Veritas Volume Manager (VxVM) on the new node
        2.  
          Configuring cluster processes on the new node
        3. Setting up the node to run in secure mode
          1.  
            Configuring the authentication broker on node sys5
        4.  
          Starting fencing on the new node
        5.  
          After adding the new node
        6. Configuring server-based fencing on the new node
          1.  
            Adding the new node to the vxfen service group
        7.  
          Configuring Cluster Volume Manager (CVM) and Cluster File System (CFS) on the new node
        8.  
          Configuring the ClusterService group for the new node
        9. Preparing the new node manually for installing Oracle RAC
          1.  
            Configuring the PrivNIC resource for Oracle Clusterware
          2.  
            Configuring the MultiPrivNIC resource for Oracle Clusterware and UDP IPC
          3.  
            Starting VCS on the new node
          4.  
            Creating Oracle Clusterware/Grid Infrastructure and Oracle database home directories on the new node
      5. Adding a node to the cluster using the SF Oracle RAC response file
        1.  
          Response file variables to add a node to an SF Oracle RAC cluster
        2.  
          Sample response file for adding a node to an SF Oracle RAC cluster
      6. Configuring private IP addresses for Oracle RAC 11.2.0.2 and later versions on the new node
        1.  
          Using link aggregation or NIC bonding
        2.  
          Using Oracle High Availability IP (HAIP)
      7.  
        Adding the new node to Oracle RAC
      8.  
        Adding nodes to a cluster that is using authentication for SFDB tools
      9.  
        Updating the Storage Foundation for Databases (SFDB) repository after adding a node
      10.  
        Sample configuration file for adding a node to the cluster
    2. Removing a node from SF Oracle RAC clusters
      1.  
        About removing a node from a cluster
      2.  
        Removing a node from a cluster
      3.  
        Modifying the VCS configuration files on existing nodes
      4.  
        Modifying the Cluster Volume Manager (CVM) configuration on the existing nodes to remove references to the deleted node
      5.  
        Removing the node configuration from the CP server
      6.  
        Removing security credentials from the leaving node
      7.  
        Updating the Storage Foundation for Databases (SFDB) repository after removing a node
      8.  
        Sample configuration file for removing a node from the cluster
  6. Section VI. Configuration of disaster recovery environments
    1. Configuring disaster recovery environments
      1.  
        Disaster recovery options for SF Oracle RAC
      2.  
        Hardware requirements for campus cluster
      3.  
        Supported replication technologies for global clusters
      4.  
        About setting up a campus cluster for disaster recovery
      5.  
        About setting up a global cluster environment for SF Oracle RAC
      6.  
        About configuring a parallel global cluster using Volume Replicator (VVR) for replication
  7. Section VII. Installation reference
    1. Appendix A. Installation scripts
      1.  
        Installation script options
      2.  
        About using the postcheck option
    2. Appendix B. Tunable files for installation
      1.  
        About setting tunable parameters using the installer or a response file
      2.  
        Setting tunables for an installation, configuration, or upgrade
      3.  
        Setting tunables with no other installer-related operations
      4.  
        Setting tunables with an un-integrated response file
      5.  
        Preparing the tunables file
      6.  
        Setting parameters for the tunables file
      7.  
        Tunables value parameter definitions
    3. Appendix C. Sample installation and configuration values
      1.  
        About the installation and configuration worksheets
      2. SF Oracle RAC worksheet
        1.  
          Cluster Server component information
        2.  
          I/O fencing information
        3.  
          SF Oracle RAC add user information
        4.  
          Global cluster information
      3.  
        Oracle RAC worksheet
      4.  
        Replicated cluster using VVR worksheet
      5.  
        Replicated cluster using SRDF worksheet
      6.  
        Required installation information for Oracle Clusterware/Grid Infrastructure
      7.  
        Required installation information for Oracle database
    4. Appendix D. Configuration files
      1.  
        About VCS configuration file
      2.  
        About the LLT and GAB configuration files
      3.  
        About I/O fencing configuration files
      4.  
        Packaging related SMF services on Solaris 11
      5. Sample configuration files
        1.  
          sfrac02_main.cf file
        2.  
          sfrac03_main.cf file
        3.  
          sfrac04_main.cf file
        4.  
          sfrac05_main.cf file
        5.  
          sfrac06_main.cf file
        6.  
          sfrac07_main.cf and sfrac08_main.cf files
        7.  
          sfrac09_main.cf and sfrac10_main.cf files
        8.  
          sfrac11_main.cf file
        9.  
          sfrac12_main.cf and sfrac13_main.cf files
        10.  
          sfrac14_main.cf file
        11.  
          sfrac15_main.cf and sfrac16_main.cf files
        12.  
          sfrac17_main.cf file
        13. Sample configuration files for CP server
          1.  
            Sample main.cf file for CP server hosted on a single node that runs VCS
          2.  
            Sample main.cf file for CP server hosted on a two-node SFHA cluster
          3.  
            Sample CP server configuration (/etc/vxcps.conf) file output
    5. Appendix E. Configuring the secure shell or the remote shell for communications
      1.  
        About configuring secure shell or remote shell communication modes before installing products
      2.  
        Manually configuring passwordless ssh
      3.  
        Setting up ssh and rsh connection using the installer -comsetup command
      4.  
        Setting up ssh and rsh connection using the pwdutil.pl utility
      5.  
        Restarting the ssh session
      6.  
        Enabling and disabling rsh for Solaris
    6. Appendix F. Automatic Storage Management
      1.  
        About ASM in SF Oracle RAC environments
      2.  
        ASM configuration with SF Oracle RAC
      3. Configuring ASM in SF Oracle RAC environments
        1.  
          Creating database storage for ASM
        2.  
          Creating ASM disk groups and instances
        3.  
          Verifying the ASM setup
        4.  
          Configuring VCS service groups for database instances on ASM
      4. Configuring Flex ASM in SF Oracle RAC environments
        1.  
          Creating storage for Flex ASM
        2.  
          Verifying the Flex ASM setup
        3.  
          Configuring VCS service groups for database instances on ASM for Flex ASM cluster
    7. Appendix G. Creating a test database
      1.  
        About creating a test database
      2. Creating a database for Oracle
        1.  
          Creating the database storage on CFS
    8. Appendix H. High availability agent information
      1. About agents
        1.  
          VCS agents included within SF Oracle RAC
        2.  
          VCS agents for Oracle included within SF Oracle RAC
      2. CVMCluster agent
        1.  
          Entry points for CVMCluster agent
        2.  
          Attribute definition for CVMCluster agent
        3.  
          CVMCluster agent type definition
        4.  
          CVMCluster agent sample configuration
      3. CVMVxconfigd agent
        1.  
          Entry points for CVMVxconfigd agent
        2.  
          Attribute definition for CVMVxconfigd agent
        3.  
          CVMVxconfigd agent type definition
        4.  
          CVMVxconfigd agent sample configuration
      4. CVMVolDg agent
        1.  
          Entry points for CVMVolDg agent
        2.  
          Attribute definition for CVMVolDg agent
        3.  
          CVMVolDg agent type definition
        4.  
          CVMVolDg agent sample configuration
      5. CFSMount agent
        1.  
          Entry points for CFSMount agent
        2.  
          Attribute definition for CFSMount agent
        3.  
          CFSMount agent type definition
        4.  
          CFSMount agent sample configuration
      6. CFSfsckd agent
        1.  
          Entry points for CFSfsckd agent
        2.  
          Attribute definition for CFSfsckd agent
        3.  
          CFSfsckd agent type definition
        4.  
          CFSfsckd agent sample configuration
      7. PrivNIC agent
        1.  
          Functions of the PrivNIC agent
        2. Attributes of the PrivNIC agent
          1.  
            Optional attributes of the PrivNIC agent
        3.  
          States of the PrivNIC agent
        4.  
          Sample service group configuration with the PrivNIC agent
        5.  
          Type definition of the PrivNIC resource
        6.  
          Sample configuration of the PrivNIC resource
      8. MultiPrivNIC agent
        1.  
          Managing high availability of private interconnects
        2.  
          Functions of the MultiPrivNIC agent
        3.  
          Required attributes of the MultiPrivNIC agent
        4.  
          States of the MultiPrivNIC agent
        5.  
          Sample service group configuration with the MultiPrivNIC agent
        6.  
          Type definition of the MultiPrivNIC resource
        7.  
          Sample configuration of the MultiPrivNIC resource
      9. CSSD agent
        1.  
          Functions of the CSSD agent
        2.  
          Attributes of the CSSD agent
        3.  
          States of the CSSD agent
        4.  
          Disabling monitoring of Oracle Grid Infrastructure processes temporarily
        5.  
          Sample service group configurations with the CSSD agent
        6.  
          Type definition of the CSSD resource
        7.  
          Sample configuration of the CSSD resource
      10. VCS agents for Oracle
        1. Oracle agent functions
          1.  
            Startup and shutdown options for the pluggable database (PDB)
          2.  
            Recommended startup modes for pluggable database (PDB) based on container database (CDB) startup modes
          3.  
            Monitor options for the Oracle agent in traditional database and container database
          4.  
            Monitor for the pluggable database
          5.  
            Info entry point for Cluster Server agent for Oracle
          6.  
            Action entry point for Cluster Server agent for Oracle
        2. Resource type definition for the Oracle agent
          1.  
            Attribute definitions for the Oracle agent
          2.  
            About the Sid attribute in a policy managed database
        3.  
          Netlsnr agent functions
        4. Resource type definition for the Netlsnr agent
          1.  
            Attribute definition for the Netlsnr agent
        5.  
          ASMDG agent functions
        6. Resource type definition for the ASMDG agent
          1.  
            Attribute definition for the ASMDG agent
      11. CRSResource agent
        1.  
          Functions of the CRSResource agent
        2.  
          States of the CRSResource agent
        3.  
          Attributes of the CRSResource agent
        4. VCS service group dependencies with the CRSResource agent
          1.  
            How CRSResource agent handles failures
          2. Fault configurations with CRSResource agent
            1.  
              Scenario 1: CRSResource fault at system startup
            2.  
              Scenario 2: CRSResource fault when resource is brought offline
        5.  
          Resource type definition for the CRSResource agent
        6.  
          Sample configuration for the CRSResource agent
    9. Appendix I. SF Oracle RAC deployment scenarios
      1.  
        SF Oracle RAC cluster with UDP IPC and PrivNIC agent
      2.  
        SF Oracle RAC cluster for multiple databases with UDP IPC and MultiPrivNIC agent
      3.  
        SF Oracle RAC cluster with isolated Oracle traffic and MultiPrivNIC agent
      4.  
        SF Oracle RAC cluster with NIC bonding, UDP IPC, and PrivNIC agent
      5. Configuration diagrams for setting up server-based I/O fencing
        1.  
          Two unique client clusters served by 3 CP servers
        2.  
          Client cluster served by highly available CPS and 2 SCSI-3 disks
        3.  
          Two node campus cluster served by remote CP server and 2 SCSI-3 disks
        4.  
          Multiple client clusters served by highly available CP server and 2 SCSI-3 disks

Manually configuring passwordless ssh

The ssh program enables you to log into and execute commands on a remote system. ssh enables encrypted communications and an authentication process between two untrusted hosts over an insecure network.

In this procedure, you first create a DSA key pair. From the key pair, you append the public key from the source system to the authorized_keys file on the target systems.

Figure: Creating the DSA key pair and appending it to target systems illustrates this procedure.

Figure: Creating the DSA key pair and appending it to target systems

Creating the DSA key pair and appending it to target systems

If you are installing Oracle, you must configure a DSA key and an RSA key for the Oracle user in addition to the DSA key required for the root user to install SF Oracle RAC.

Read the ssh documentation and online manual pages before enabling ssh. Contact your operating system support provider for issues regarding ssh configuration.

Visit the Openssh website that is located at: http://www.openssh.com/ to access online manuals and other resources.

To create the DSA key pair

  1. On the source system (sys1), log in as root, and navigate to the root directory.
    sys1 # cd /
  2. Make sure the /.ssh directory is on all the target installation systems (sys2 in this example). If that directory is not present, create it on all the target systems and set the write permission to root only:

    Solaris 11:

    sys2 # mkdir /root/.ssh

    Change the permissions of this directory, to secure it.

    Solaris 11:

    sys2 # chmod go-w /root/.ssh
  3. To generate a DSA key pair on the source system, type the following command:
    sys1 # ssh-keygen -t dsa

    System output similar to the following is displayed:

    Generating public/private dsa key pair.
Enter file in which to save the key (//.ssh/id_dsa):

    For Solaris 11:

    Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
  4. Press Enter to accept the default location of /.ssh/id_dsa.
  5. When the program asks you to enter the passphrase, press the Enter key twice.
    Enter passphrase (empty for no passphrase):

    Do not enter a passphrase. Press Enter.

    Enter same passphrase again:

    Press Enter again.

To append the public key from the source system to the authorized_keys file on the target system, using secure file transfer

  1. Make sure the secure file transfer program (SFTP) is enabled on all the target installation systems (sys2 in this example).

    To enable SFTP, the /etc/ssh/sshd_config file must contain the following two lines:

    PermitRootLogin           yes
  Subsystem          sftp      /usr/lib/ssh/sftp-server
  2. If the lines are not there, add them and restart ssh.

    To restart ssh on Solaris 11, type the following command:

  3. From the source system (sys1), move the public key to a temporary file on the target system (sys2).

    Use the secure file transfer program.

    In this example, the file name id_dsa.pub in the root directory is the name for the temporary file for the public key.

    Use the following command for secure file transfer: 

    sys1 # sftp sys2

    If the secure file transfer is set up for the first time on this system, output similar to the following lines is displayed:

    Connecting to sys2 ...
The authenticity of host 'sys2 (10.182.00.00)' 
can't be established. DSA key fingerprint is
fb:6f:9f:61:91:9d:44:6b:87:86:ef:68:a6:fd:88:7d.
Are you sure you want to continue connecting (yes/no)?
  4. Enter yes.

    Output similar to the following is displayed:

    Warning: Permanently added 'sys2,10.182.00.00' 
(DSA) to the list of known hosts.
root@sys2 password:
  5. Enter the root password of sys2.
  6. At the sftp prompt, type the following command:
    sftp> put /.ssh/id_dsa.pub

    The following output is displayed:

    Uploading /.ssh/id_dsa.pub to /id_dsa.pub
  7. To quit the SFTP session, type the following command:
    sftp> quit
  8. To begin the ssh session on the target system (sys2 in this example), type the following command on sys1:
    sys1 # ssh sys2

    Enter the root password of sys2 at the prompt:

    password:
  9. After you log in to sys2, enter the following command to append the id_dsa.pub file to the authorized_keys file:
    sys2 # cat /id_dsa.pub >> /.ssh/authorized_keys
  10. After the id_dsa.pub public key file is copied to the target system (sys2), and added to the authorized keys file, delete it. To delete the id_dsa.pub public key file, enter the following command on sys2:
    sys2 # rm /id_dsa.pub
  11. To log out of the ssh session, enter the following command:
    sys2 # exit
  12. Run the following commands on the source installation system. If your ssh session has expired or terminated, you can also run these commands to renew the session. These commands bring the private key into the shell environment and make the key globally available to the user root:
    sys1 # exec /usr/bin/ssh-agent $SHELL
sys1 # ssh-add
      Identity added: //.ssh/id_dsa

    This shell-specific step is valid only while the shell is active. You must execute the procedure again if you close the shell during the session.

To verify that you can connect to a target system

  1. On the source system (sys1), enter the following command:
    sys1 # ssh -l root sys2 uname -a

    where sys2 is the name of the target system.

  2. The command should execute from the source system (sys1) to the target system (sys2) without the system requesting a passphrase or password.
  3. Repeat this procedure for each target system.