+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 11 to 14 of 14

Setting up SSH Public key-based authentication for DPF (Partitioning)

  1. Re: Setting up SSH Public key-based authentication for DPF (Partitioning)

    "Ian" wrote in message
    news:WyXjm.35174$rD6.33498@newsfe01.iad...
    > Ah, I see.
    >
    > This article talks about two methods of setting up authentication:
    > host-based authentication and public key authentication. It didn't
    > even occur to me that you were thinking about setting up host-based
    > authentication.
    >
    > There is no requirement for DPF to use host-based authentication; and
    > generally I would avoid host based authentication because it is much
    > more complicated to configure (as you've found) and it has a number of
    > security implications (the article even mentions these).
    >
    > I strongly recommend that you use public key authentication. It is
    > generally simpler to set up, and it eliminates the confusion that you
    > are experiencing.

    The command that I referenced that specifies the host name IS for public key
    authentication according to the link I provided. I did not use host based
    authentication and was not asking about that. This command below was listed
    in the section on Public Key Authentication in the post I provided (although
    I understand it is optional).

    ssh-keyscan -t dsa machineA,machineA.my.domain.com,1.1.1.1
    >>~/.ssh/known_hosts

    Notice that the machineA is the host name.

    Here is the link again:
    http://www.ibm.com/developerworks/da...tml#config_db2

    > As Liam said, DB2 will use only the hostname (or fully qualified hostname)
    > when it comes to issuing commands across all partitions
    > or hosts. The switch network (column 4 in db2nodes.cfg) is used
    > ONLY by the FCM for inter-partition communication.

    Yes. This was the only quesiton I had.

    > Holy cow, calm down. There is no confusion (on my part) -- I have been
    > using DPF (EEE) since it was released in 1997.
    >
    > Pro tip: When someone is trying to help you, don't patronize them.

    I wasn't trying to patronize anyone (and don't think I did). If I was wrong
    about whether your misunderstood my question, just say so. I think you are a
    little too thin-skinned about this. As far as confusion, I still think that
    someone is still confused (either me, you, or the person who wrote the
    article I posted before).

    > Anyway: With ssh public-key authentication, you have a private key
    > (~/.ssh/id_dsa or ~/.ssh/id_rsa) and a public key (~/.ssh/id_dsa.pub
    > or ~/.ssh/id_rsa.pub). This has nothing to do with the network
    > configuration of the machines you're using.
    >
    > If you're interested in learning about public key cryptography
    > (which is used in LOTS of applications, like ssh, web browsers (part of
    > SSL), secure email (S/MIME), you can check out the wikipedia page:
    >
    > http://en.wikipedia.org/wiki/Public-key_cryptography
    > Ian

    I am not really interested in the details of public key authentication. I
    already have it working, and just wanted to know if DB2 DPF needed it for
    private network communications (No) in addition to the public network as
    shown in the examples of the link I posted. In general the DPF documentation
    is not very good in this respect, in that they mention how to specify a
    private network in the db2nodes.cfg, but pretty much ignore that kind of
    setup in all other documentation as if it is not being used.


  2. Re: Using db2iset command for DPF (Partitioning) to registerinstances NFS mounted

    On Aug 22, 4:03*am, "Mark A" wrote:
    > "Liam" wrote in message
    >
    > news:b56f25d2-cee8-4471-8ad4-3ede4dde2eb6@k19g2000yqn.googlegroups.com...
    >
    > > The destination used in the ssh calls is derived from the 'hostname'
    > > field of the db2nodes.cfg file, so 'ServerA' in your case (not
    > > 'switch1'). *Note that we will actually use the fully-qualified
    > > hostname - if you only specify 'ServerA', we'll attempt to determine
    > > the fully-qualified name - 'ServerA.fully.qualified.domain'.
    >
    > > Cheers,
    > > Liam.
    >
    > Thanks for the answer. Since you seem knowledgeable about DPF, I will ask
    > you another question. I could not get the instance created on my admin node
    > to be fully recognized on my data nodes (did not show up with db2ilist and
    > the db2set variables for the instance were missing), even though the home
    > directory of the instance was NFS shared to the data nodes from the NFS
    > server on the admin node.
    >
    > To solve this problem I was able to use the db2iset -a
    > command on the data nodes to add the instance to the local registry and then
    > everything worked fine. But nowhere is the command db2iset mentioned in the
    > install instructions, and it is not even in the Command Reference manual
    > (where all the other commands under /opt/ibm/db2/V9.7/instance are
    > documented). It was almost a fluke that I found it.
    >
    > Any idea why the db2iset command is not documented? Is it not needed in most
    > DPF installs? I am using DB2 9.7 on RHEL5.2 with 1 admin physical node and 2
    > data physical nodes.

    I believe db2iset is only used internally by DB2's install and
    instance-update code. My guess is that something did not get setup
    properly during the install or when adding your new nodes to the DPF
    instance. I'm not too familiar with db2 install/setup code though.

    Cheers,
    Liam.

  3. Re: Using db2iset command for DPF (Partitioning) to register instances NFS mounted

    "Liam" wrote in message
    news:034e36d8-3c25-4745-ade9-355535e69ca5@z31g2000yqd.googlegroups.com...
    On Aug 22, 4:03 am, "Mark A" wrote:
    > I believe db2iset is only used internally by DB2's install and
    > instance-update code. My guess is that something did not get setup
    > properly during the install or when adding your new nodes to the DPF
    > instance. I'm not too familiar with db2 install/setup code though.
    >
    >Cheers,
    > Liam.

    Thanks.

    I read somewhere that it gets run on all nodes when db2start is run, but I
    had already manually run it on all nodes and everything worked fine after
    that.


  4. Re: Using db2iset command for DPF (Partitioning) to register instances NFS mounted

    Mark A wrote:

    > "Liam" wrote in message
    > news:034e36d8-3c25-4745-ade9-355535e69ca5@z31g2000yqd.googlegroups.com...
    > On Aug 22, 4:03 am, "Mark A" wrote:
    >> I believe db2iset is only used internally by DB2's install and
    >> instance-update code. My guess is that something did not get setup
    >> properly during the install or when adding your new nodes to the DPF
    >> instance. I'm not too familiar with db2 install/setup code though.
    >>
    >>Cheers,
    >> Liam.
    >
    > Thanks.
    >
    > I read somewhere that it gets run on all nodes when db2start is run, but I
    > had already manually run it on all nodes and everything worked fine after
    > that.

    Yes, db2start adds the instance to the instance list, so you'd be ok then.
    Everything is working properly here.
+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
« Previous Thread | Next Thread »