Configure SSH (gridSshConfig)
The gridSshConfig
command configures a set of TimesTen Scaleout hosts for passwordless SSH connection, as needed or as specified.
ttGridAdmin gridSshConfig [ [-mgmtAddress addr1 [addr2]] [-dataAddress addr1 [addr2 [addr3...]]] [-repoAddress addr1 [addr2 [addr3...]]] ] | [-internalAddress addr1 [addr2 [addr3...]]]
Either use the -mgmtAddress
option, -dataAddress
option, and -repoAddress
option (as applicable) or use the -internalAddress
option, which cannot be used with any other option. Each address can be an IPv4 address, an IPv6 address, or (typically) a DNS name. Also see Address Formats.
You are prompted for the operating system password of the operating system user executing the command. That user must exist with the same password, UID, and group membership on every host to be configured.
Choose one of these modes of operation for the gridSshConfig
command:
-
Run
ttGridAdmin
from outside a TimesTen instance, whereTIMESTEN_HOME
is not set, using the-mgmtAddress
option (to specify management instance hosts), the-dataAddress
option (to specify data instance hosts), and, as needed, the-repoAddress
option (to specify repository hosts). RunttGridAdmin
from the TimesTen installationbin
directory in this case. Passwordless SSH will be configured between hosts only as needed for TimesTen Scaleout to function. -
Run
ttGridAdmin
from inside a TimesTen instance, whereTIMESTEN_HOME
is set. None of the options is necessary in this case. TimesTen determines from the grid model what each host is used for (management, data, or repository) and configures passwordless SSH between hosts only as needed for TimesTen Scaleout to function. -
Run
ttGridAdmin
from outside a TimesTen instance, whereTIMESTEN_HOME
is not set, using the-internalAddress
option to specify all-to-all passwordless SSH between all specified hosts, regardless of how the hosts are used (management, data, or repository). RunttGridAdmin
from the TimesTen installationbin
directory in this case, but this mode of operation is NOT recommended, for security reasons.
After the gridSshConfig
command is executed by a user, that user should be able to connect between hosts through SSH as needed without specifying a password (for example, between management hosts or from management hosts to data hosts). The ttGridAdmin
utility will confirm this in its output after execution of the command.
Note:
You may choose to manually configure passwordless SSH between the hosts of your grid, as needed, without using gridSshConfig
.
Options
The gridSshConfig
command has the options:
Option | Description |
---|---|
|
Addresses of hosts with management instances to configure for passwordless SSH access, as necessary. |
|
Addresses of hosts with data instances to configure for passwordless SSH access, as necessary. |
|
Addresses of hosts with repositories to configure for passwordless SSH access, as necessary. |
|
Addresses of hosts to configure for all-to-all passwordless SSH access. Use of this option is NOT recommended, for security reasons. You cannot use this option with any other option. |
Examples
This example is run on mysys1.example.com
, outside of any TimesTen instance, from the installation bin
directory. It is run for four hosts (two management and two data).
% ./ttGridAdmin gridSshConfig -mgmtAddress mysys1.example.com mysys2.example.com -dataAddress mysys3.example.com mysys4.example.com Enter password: Setup ssh configuration on local system.................................................OK Setup ssh configuration on mysys1.example.com...........................................OK Setup ssh configuration on mysys2.example.com...........................................OK Setup ssh configuration on mysys3.example.com...........................................OK Setup ssh configuration on mysys4.example.com...........................................OK Setup passwordless ssh from local system to mysys1.example.com..........................OK Setup passwordless ssh from local system to mysys2.example.com..........................OK Setup passwordless ssh from local system to mysys3.example.com..........................OK Setup passwordless ssh from local system to mysys4.example.com..........................OK Setup passwordless ssh from mysys1.example.com to mysys1.example.com....................OK Setup passwordless ssh from mysys1.example.com to mysys2.example.com....................OK Setup passwordless ssh from mysys1.example.com to mysys3.example.com....................OK Setup passwordless ssh from mysys1.example.com to mysys4.example.com....................OK Setup passwordless ssh from mysys2.example.com to mysys1.example.com....................OK Setup passwordless ssh from mysys2.example.com to mysys2.example.com....................OK Setup passwordless ssh from mysys2.example.com to mysys3.example.com....................OK Setup passwordless ssh from mysys2.example.com to mysys4.example.com....................OK Passwordless ssh working between hosts: From\To mysys1.example.com mysys2.example.com mysys3.example.com mysys4.example.com --------- ------------------ ------------------ ------------------ ------------------ *us* Yes Yes Yes Yes mysys1.example.com Yes Yes Yes Yes mysys2.example.com Yes Yes Yes Yes mysys3.example.com N/A N/A N/A N/A mysys4.example.com N/A N/A N/A N/A
Notes
-
In specifying host addresses, for each host use the same format—fully qualified domain name, host name, or IP address—that is used in the
-internalAddress
or-address
option of thehostCreate
(orgridCreate
) command. For example, do not specifymysys1
forgridSshConfig
thenmysys1.example.com
forhostCreate
. -
You can run
gridSshConfig
multiple times without harm. If you want to enable passwordless SSH on additional hosts later, you can run the command again for those hosts without impacting the hosts already configured. -
In the event of any failure during execution, the command will continue to complete the configuration on as many hosts as it can.
-
"Permission denied" errors in the error logs may indicate the password you provided was incorrect or that there is another permissions issue that prevents the command from completing successfully (for example, inappropriate permissions for the user home directory, where the
.ssh
directory is placed).