Oracle® Enterprise Manager Grid Control Advanced Installation and Configuration Guide 11g Release 1 (11.1.0.1.0) Part Number E16847-10 |
|
|
PDF · Mobi · ePub |
This appendix explains how you can set up SSH connectivity before installing Oracle Management Agent (Management Agent) on Microsoft Windows platforms. In particular, this appendix covers the following:
SSH (Secure Shell) Setup is the connectivity that is established between the host running Oracle Management Service (OMS) and the host where the Management Agent needs to be installed. This is primarily required for the Agent Deploy application to install Management Agents over HTTP on remote hosts.
The Agent Deployment application is an application that is part of the Enterprise Manager Grid Control console. It is used for deploying Management Agents in your environment using an interactive user interface. The installation of a Management Agent from the source host to the remote destination host happens using SSH, and for this communication to happen over SSH, an SSH setup is required between the two hosts. This also helps to avoid SSH authentication calls during future Agent Deploy operations.
Caution:
The SSH Setup must always be set between the destination hosts and the OMS, and never among the destination hosts.In Enterprise Manager 11g Grid Control Release 1 (11.1.0.1.0), the Agent Deploy application sets up and drops the SSH connectivity automatically, but if the Management Agent is going to be on a Microsoft Windows operating systems, then you need to manually install and configure Cygwin on that host.
Note:
The Agent Deployment Wizard is certified and supported with Cygwin 1.5.Before starting with the SSHD setup, ensure you are not using OpenSSH and MKSNT when using the Agent Deploy application. The Agent Deploy application uses the complete Cygwin suite (full collection of the software tools packaged in Cygwin). To get the complete collection of Cygwin, do the following:
Note:
The Agent Deployment Wizard is certified and supported with Cygwin 1.5.Ensure OpenSSH\bin
and mksnt
are not in your %PATH%
. If they are, remove them by doing the following:
Right-click on My Computer and go to Properties.
In the System Properties window that appears, click Advanced.
In this tab, click Environment Variables.
Here, search for the Path system variable, select it, and if the OpenSSH\bin
and mksnt
are present in the PATH, click Edit.
In the Edit System Variable dialog box that appears, delete these two values from the PATH, and click OK.
Now, stop the SSH Daemon if it is running from OpenSSH. To do this:
Right-click on My Computer, and select Manage.
In the Computer Management window that appears, go to Services under Services and Applications.
In the right-pane, select the SSH daemon service and click the Stop Service icon.
Note:
Ensure you rename the installation directories ofOpenSSH
and MKSNT.
To install the full suite of Cygwin software, go to http://www.cygwin.com
, and install Cygwin in your C:\cygwin
directory.
Note:
If you are installing Cygwin into another directory than what has been previously mentioned, ensure you update the$OMS_INSTANCE_HOME/sysman/prov/resources/ssPaths_msplats.properties
file with the proper Cygwin binary values after installing Oracle Enterprise Manager Grid Control.Caution:
If you are installing Cygwin at a directory that is other thanC:\cygwin
on a remote machine, you must also ensure that Cygwin is installed on the OMS machine at the exact same location.
The Cygwin installation directory should not contain any spaces.
While installing Cygwin, ensure you choose the following binaries:
Zip, unzip binaries from the Archive package.
OpenSSH and dependencies (automatically selected if you choose OpenSSH) from the Net package.
Modify the C:\cygwin\cygwin.bat
file to add the following line:
set CYGWIN=binmode tty ntsec
Ensure cygrunsrv
is installed by going to C:\cygwin\bin
and executing the following:
bash cygrunsrv -h
Note:
If you are prompted to provide a Cygwin value, enterbinmode tty ntsec
. If this returns an error message stating "service does not exist", you are on the right track, and can proceed to the next step.Open a new command prompt and execute the following:
bashssh-host-config
Note:
Enter "no" when prompted to create sshd user account (message reads "sshd user account needs to be created
").
Enter "yes" at all other prompts.
When prompted to answer the question "Which value should the environment variable CYGWIN have when sshd starts?", Oracle recommends that you set the value to at least "ntsec" as shown in the following example. This will enable you to change the user context without having to specify the password.
As an answer to the previously mentioned question, specify a value that is similar to the following and press Enter:
CYGWIN="binmode tty ntsec"
Now, open the /etc/passwd
file, and remove only those entries of the user that you will use to connect to the OMS machine.
For example,
If the user that you are employing to connect to the OMS machine is a local user, execute the following:
/bin/mkpasswd -l –u <USER> >> /etc/passwd
If the user you are employing to connect to the OMS machine is a domain user, execute the following:
/bin/mkpaswd.exe -d -u <USER> >> /etc/passwd /bin/mkgroup.exe -d >> /etc/group mkdir -p /home/<USER> (for example, mkdir -p /home/pjohn) chown <USER> /home/<USER> (for example, chown pjohn /home/pjohn)
Start the SSH daemon.
If the user you are employing to connect to the OMS machine is a domain user, do the following:
Right-click on My Computer, and select Manage.
In the Computer Management dialog box that appears, go to Services and Applications, and select CYGWIN sshd.
Right-click CYGWIN sshd and select Properties.
In the Properties dialog box, go to the Log On tab.
Here, specify the domain/username and password. Click Apply.
Now, go to the CYGWIN command prompt, and execute the following:
chmod 644 /etc/ssh* chmod <USERNAME> /var/empty chmod 755 /var/empty chmod 644 /var/log/sshd.log
Note:
If/var/log/sshd.log
does not exist, you do not have to execute the following command:
chmod 644 /var/log/sshd.log
Start the SSH daemon by executing:
/usr/sbin/sshd
Alternatively, from the same BASH prompt, you can also execute:
cygrunsrv -S sshd
Note:
Usecygrunsrv -E sshd
to stop the SSH daemon.You can now test your cygwin
setup.
To do this, go to a different machine (that has the ssh
client running), and execute the following command:
ssh -l <USERNAME> <localhost> 'date' OR ssh -l <USERNAME> <this node> 'date'
For example,
ssh -l pjohn egal07.db.funds.com 'date'
This command will prompt you to specify the password. When you specify the correct password, the command should return the accurate date.
Note:
Before executing thesshUserSetupNT.sh
script, execute the following commands to ensure the home directory has been correctly set:
Execute echo $HOME
Ensure this displays the home directory of the current user.
If it points to the home directory of another user, execute the following command:
export HOME=<Windows style absolute path of homedir>
Now, execute echo
$HOME
again, to verify the home directory. The $HOME
value must be the same as that passed to -homeDir
This is the script that should be executed to set up SSH on Microsoft Windows platforms. The usage of the script is as follows:
./sshUserSetupNT.sh -user -asUser -asUserGrp -sshLocalDir -homeDir -hosts -hostfile
Note:
After theSSHUserSetupNT.sh
script has been executed, you must verify the successful SSH user setup on all the hosts, individually.
That is, if you have run the script to set up SSH on two hosts (host1, and host2), you must run the following command on each host to verify successful SSH setup:
ssh -l <username> host1 'date' and then run: ssh -l <username> host2 'date'
Caution:
You must execute thesshUserSetupNT.sh
script on the local OMS machine from within the cygwin
(BASH) shell only. The script will fail to execute if done from outside this location.All the previously mentioned options are mandatory, and should be passed while executing the script.
Note:
It is assumed thatC:\cygwin
is the default installation directory for the Cygwin binaries.
If you install cygwin
at a location other than c:\cygwin
(default location), it can cause the SSH setup to fail, and in turn, the agent installation will fail.
To work around this issue, you must either install cygwin
in the default directory (c:\cygwin
), or update the ssPaths_msplats.properties
file with the correct path to the cygwin
binaries. The ssPaths_msplats.properties
is available in <OMS_INSTANCE_HOME>/sysman/prov/resources/
.
You can look into the following remote registry key to find out the correct Cygwin path:
HKEY_LOCAL_MACHINE\SOFTWARE\Cygnus Solutions\Cygwin\mounts v2\/
This script is used on Microsoft Windows platforms to set up SSH from the host on which it is run to the specified remote hosts. After this script is run, you can use SSH to execute commands on the remote hosts, or copy files between the local host and the remote hosts without being prompted for passwords or confirmations.
The list of remote hosts and their user names are specified as command-line parameters to the script.
-asUser
This is the user of the local machine on which the setup must be performed. For example, SYSTEM.
-asuserGrp
This is the group to which the specified asUser
belongs.
-sshLocalDir
This is the full path to the directory where the keys should be generated for the asUser
on the local machine.
-homeDir
This is the full path to the home directory of the current user.
If the /home
key (in regedit
) is seen as a subkey under the Cygnus Solutions key, then the value of the /home
key must have /<username>
as a suffix and then be used as -homeDir
m value.
If the /home
key is not found, go to the Cygwin BASH prompt and check the value of $HOME
. You can now use the same value of $HOME
as the value for -homeDir
.
If $HOME
does not have any value (is empty), then you must update the /etc/passwd
file.
Identifying the Correct Entry in the /etc/passwd File
If the /etc/passwd
file has only one entry for the user, you can simply modify that value. In the event that there are multiple entries in this file, you must first identify the correct entry and then modify it.
To identify the correct entry:
Execute the following command if you have specified a local user during SSH setup:
/bin/mkpasswd -l -u <username>
Execute the following command if you have specified a domain user during SSH setup:
/bin/mkpasswd -d -u <username>
Now, match the output with the corresponding entry in the /etc/passwd
file. This is the entry that you must modify.
Updating the -homeDir value
All values for all users are listed as colon (:) separated entries (or fields). To update the user entry that you have identified previously, go to the penultimate value (or field) of that user entry, and modify the value of the home directory for that user.
Always specify the absolute path needed by Cygwin as value for the home directory. For example, if the path is C:\Documents and Settings\pjohn
, modify it to:
/cygdrive/c/Documents and Settings/pjohn
Or, if the path reads C:\cygwin\pjohn
, modify this to:
/cygdrive/c/cygwin/pjohn
Now, save the password file and reenter the BASH shell.
Note:
If you have used spaces in the$HOME
value (for example, /cygdrive/c/Documents and Settings/pjohn
), specify the $HOME
value in Microsoft Windows style and within double quotation marks (for example, "C:\ Documents and Settings\pjohn"
).Note:
Specify the full path within double quotation marks (" ").Caution:
You must execute thesshUserSetupNT.sh
script on the local OMS machine from within the cygwin
(BASH) shell only. The script will fail to execute if done from outside this location.This section lists the steps you must follow to set up the timezone environment variable on remote hosts.
To verify if the timezone environment variable (TZ) is accessible by the SSH server on the remote hosts, execute the following command from the OMS host:
ssh -l <user_name> -n <remote_node> 'echo $TZ'
If this command does not return the TZ environment variable value, you must set the TZ variable and ensure this is accessible by the SSH server. You can set the TZ environment variable on remote hosts in the following sections:
If the shell being used is BASH, add the following line to the .bashrc
file in the home directory of the user (being used) for ssh
access:
export TZ=<your machine's timezone>
If you are using a CSH shell, then add the following line to the .cshrc
file in that directory:
setenv TZ <your machine's timezone>
Depending on the shell that is present on the host, set the TZ variable by executing the following command:
For a CSH Shell, specify: setenv TZ PST8PDT
Restart the SSH daemon by executing:
sudo /etc/init.d/sshd restart
Now, execute the following command from the OMS home to verify if the SSH server can access the TZ variable.
ssh -l <user_name> -n <node_name> 'echo $TZ'
The timezone variable must be set in the rc
file of the shell that the host is using.
For example, if the host is using a BASH shell, go to the user's home directory ($HOME
) and add the following to the ~/.bashrc
file to set the TZ variable:
TZ=PST8PDT; export TZ
If the host is using a CSH shell, go to $HOME
and add the following to the ~/.cshrc
file:
setenv TZ PST8PDT
Now, execute the following command from the OMS home to verify if the SSH server can access the TZ variable.
ssh -l <user_name> -n <node_name> 'echo $TZ'