1. Reference
  2. TimesTen Scaleout Utilities
  3. ttGridAdmin
  4. Grid Operations
  5. Configure SSH (gridSshConfig)

Configure SSH (gridSshConfig)

The gridSshConfig command configures a set of TimesTen Scaleout hosts for passwordless SSH connection, as needed or as specified. 

ttGridAdmin gridSshConfig [ [-mgmtAddress addr1 [addr2]]
                          [-dataAddress addr1 [addr2 [addr3...]]]
                          [-repoAddress addr1 [addr2 [addr3...]]] ] |
                          [-internalAddress addr1 [addr2 [addr3...]]]

Either use the -mgmtAddress option, -dataAddress option, and -repoAddress option (as applicable) or use the -internalAddress option, which cannot be used with any other option. Each address can be an IPv4 address, an IPv6 address, or (typically) a DNS name. Also see Address Formats.

You are prompted for the operating system password of the operating system user executing the command. That user must exist with the same password, UID, and group membership on every host to be configured.

Choose one of these modes of operation for the gridSshConfig command:

  • Run ttGridAdmin from outside a TimesTen instance, where TIMESTEN_HOME is not set, using the -mgmtAddress option (to specify management instance hosts), the -dataAddress option (to specify data instance hosts), and, as needed, the -repoAddress option (to specify repository hosts). Run ttGridAdmin from the TimesTen installation bin directory in this case. Passwordless SSH will be configured between hosts only as needed for TimesTen Scaleout to function.

  • Run ttGridAdmin from inside a TimesTen instance, where TIMESTEN_HOME is set. None of the options is necessary in this case. TimesTen determines from the grid model what each host is used for (management, data, or repository) and configures passwordless SSH between hosts only as needed for TimesTen Scaleout to function.

  • Run ttGridAdmin from outside a TimesTen instance, where TIMESTEN_HOME is not set, using the -internalAddress option to specify all-to-all passwordless SSH between all specified hosts, regardless of how the hosts are used (management, data, or repository). Run ttGridAdmin from the TimesTen installation bin directory in this case, but this mode of operation is NOT recommended, for security reasons.

After the gridSshConfig command is executed by a user, that user should be able to connect between hosts through SSH as needed without specifying a password (for example, between management hosts or from management hosts to data hosts). The ttGridAdmin utility will confirm this in its output after execution of the command.

Note:

You may choose to manually configure passwordless SSH between the hosts of your grid, as needed, without using gridSshConfig.

Options

The gridSshConfig command has the options:

Option Description

-mgmtAddress addr1 [addr2 ]

Addresses of hosts with management instances to configure for passwordless SSH access, as necessary.

-dataAddress addr1 [addr2 [addr3...]]

Addresses of hosts with data instances to configure for passwordless SSH access, as necessary.

-repoAddress addr1 [addr2 [addr3...]]

Addresses of hosts with repositories to configure for passwordless SSH access, as necessary.

-internalAddress addr1 [addr2 [addr3...]]

Addresses of hosts to configure for all-to-all passwordless SSH access.

Use of this option is NOT recommended, for security reasons.

You cannot use this option with any other option.

Examples

This example is run on mysys1.example.com, outside of any TimesTen instance, from the installation bin directory. It is run for four hosts (two management and two data). 

% ./ttGridAdmin gridSshConfig -mgmtAddress mysys1.example.com mysys2.example.com -dataAddress 
mysys3.example.com mysys4.example.com
Enter password:
Setup ssh configuration on local system.................................................OK
Setup ssh configuration on mysys1.example.com...........................................OK
Setup ssh configuration on mysys2.example.com...........................................OK
Setup ssh configuration on mysys3.example.com...........................................OK
Setup ssh configuration on mysys4.example.com...........................................OK
Setup passwordless ssh from local system to mysys1.example.com..........................OK
Setup passwordless ssh from local system to mysys2.example.com..........................OK
Setup passwordless ssh from local system to mysys3.example.com..........................OK
Setup passwordless ssh from local system to mysys4.example.com..........................OK
Setup passwordless ssh from mysys1.example.com to mysys1.example.com....................OK
Setup passwordless ssh from mysys1.example.com to mysys2.example.com....................OK
Setup passwordless ssh from mysys1.example.com to mysys3.example.com....................OK
Setup passwordless ssh from mysys1.example.com to mysys4.example.com....................OK
Setup passwordless ssh from mysys2.example.com to mysys1.example.com....................OK
Setup passwordless ssh from mysys2.example.com to mysys2.example.com....................OK
Setup passwordless ssh from mysys2.example.com to mysys3.example.com....................OK
Setup passwordless ssh from mysys2.example.com to mysys4.example.com....................OK

Passwordless ssh working between hosts:

From\To            mysys1.example.com mysys2.example.com mysys3.example.com mysys4.example.com
---------          ------------------ ------------------ ------------------ ------------------
*us*               Yes                Yes                Yes                Yes
mysys1.example.com Yes                Yes                Yes                Yes
mysys2.example.com Yes                Yes                Yes                Yes
mysys3.example.com N/A                N/A                N/A                N/A
mysys4.example.com N/A                N/A                N/A                N/A

Notes

  • In specifying host addresses, for each host use the same format—fully qualified domain name, host name, or IP address—that is used in the -internalAddress or -address option of the hostCreate (or gridCreate) command. For example, do not specify mysys1 for gridSshConfig then mysys1.example.com for hostCreate.

  • You can run gridSshConfig multiple times without harm. If you want to enable passwordless SSH on additional hosts later, you can run the command again for those hosts without impacting the hosts already configured.

  • In the event of any failure during execution, the command will continue to complete the configuration on as many hosts as it can.

  • "Permission denied" errors in the error logs may indicate the password you provided was incorrect or that there is another permissions issue that prevents the command from completing successfully (for example, inappropriate permissions for the user home directory, where the .ssh directory is placed).