【五】配置共享存储及建立主机关系

5.1 ASM磁盘管理配置规划

磁盘组OCR_VOTE，3个1G互为镜像

1）OCR：存储CRS资源配置信息

2）VOTE 仲裁盘，记录节点状态

磁盘组 DATA，2个5G互为镜像

Data Disk：存放datafile、controlfile、redologfile、spfile等。

磁盘组 FRA，2个4G互为镜像

Recovery Area：存放flashback database log、archive log、rman backup等。

5.2 Udev方法映射ASM磁盘

在Linux上创建ASM磁盘有两种方法：

①ASMlib方法：Linux 5版之前支持

②Udev方法：Linux5版（包括5版）之后推荐使用

下面我们使用Udev方法提供ASM磁盘：

Node1:（root用户）

[root@tim1 ~]# ll /dev/sdc*
brw-r----- 1 root disk 8, 32 Apr 17 20:16 /dev/sdc
brw-r----- 1 root disk 8, 33 Apr 17 20:16 /dev/sdc1
brw-r----- 1 root disk 8, 42 Apr 17 20:16 /dev/sdc10
brw-r----- 1 root disk 8, 43 Apr 17 20:16 /dev/sdc11
brw-r----- 1 root disk 8, 34 Apr 17 20:16 /dev/sdc2
brw-r----- 1 root disk 8, 35 Apr 17 20:16 /dev/sdc3
brw-r----- 1 root disk 8, 36 Apr 17 20:16 /dev/sdc4
brw-r----- 1 root disk 8, 37 Apr 17 20:16 /dev/sdc5
brw-r----- 1 root disk 8, 38 Apr 17 20:16 /dev/sdc6
brw-r----- 1 root disk 8, 39 Apr 17 20:16 /dev/sdc7
brw-r----- 1 root disk 8, 40 Apr 17 20:16 /dev/sdc8
brw-r----- 1 root disk 8, 41 Apr 17 20:16 /dev/sdc9
[root@tim1 ~]#vi /etc/udev/rules.d/60-raw.rules 按照example编写如下：
ACTION=="add", ENV{MAJOR}=="8",ENV{MINOR}=="33",RUN+="/bin/raw /dev/raw/raw1 %M %m"
ACTION=="add", ENV{MAJOR}=="8",ENV{MINOR}=="34",RUN+="/bin/raw /dev/raw/raw2 %M %m"
ACTION=="add", ENV{MAJOR}=="8",ENV{MINOR}=="35",RUN+="/bin/raw /dev/raw/raw3 %M %m"
ACTION=="add", ENV{MAJOR}=="8",ENV{MINOR}=="36",RUN+="/bin/raw /dev/raw/raw4 %M %m"
ACTION=="add", ENV{MAJOR}=="8",ENV{MINOR}=="37",RUN+="/bin/raw /dev/raw/raw5 %M %m"
ACTION=="add", ENV{MAJOR}=="8",ENV{MINOR}=="38",RUN+="/bin/raw /dev/raw/raw6 %M %m"
ACTION=="add", ENV{MAJOR}=="8",ENV{MINOR}=="39",RUN+="/bin/raw /dev/raw/raw7 %M %m"
ACTION=="add", ENV{MAJOR}=="8",ENV{MINOR}=="40",RUN+="/bin/raw /dev/raw/raw8 %M %m"
ACTION=="add", ENV{MAJOR}=="8",ENV{MINOR}=="41",RUN+="/bin/raw /dev/raw/raw9 %M %m"
ACTION=="add", ENV{MAJOR}=="8",ENV{MINOR}=="42",RUN+="/bin/raw /dev/raw/raw10 %M %m"
ACTION=="add", ENV{MAJOR}=="8",ENV{MINOR}=="43",RUN+="/bin/raw /dev/raw/raw11 %M %m"
KERNEL=="raw[1-9]", OWNER="grid", GROUP="dba", MODE="660"
KERNEL=="raw10", OWNER="grid", GROUP="dba", MODE="660"
KERNEL=="raw11", OWNER="grid", GROUP="dba", MODE="660"
[root@tim1 ~]# start_udev
[root@tim1 ~]# ll /dev/raw/raw*
crw-rw---- 1 grid dba 162, 1 Apr 17 21:10 /dev/raw/raw1
crw-rw---- 1 grid dba 162, 10 Apr 17 21:10 /dev/raw/raw10
crw-rw---- 1 grid dba 162, 11 Apr 17 21:10 /dev/raw/raw11
crw-rw---- 1 grid dba 162, 2 Apr 17 21:10 /dev/raw/raw2
crw-rw---- 1 grid dba 162, 3 Apr 17 21:10 /dev/raw/raw3
crw-rw---- 1 grid dba 162, 4 Apr 17 21:10 /dev/raw/raw4
crw-rw---- 1 grid dba 162, 5 Apr 17 21:10 /dev/raw/raw5
crw-rw---- 1 grid dba 162, 6 Apr 17 21:10 /dev/raw/raw6
crw-rw---- 1 grid dba 162, 7 Apr 17 21:10 /dev/raw/raw7
crw-rw---- 1 grid dba 162, 8 Apr 17 21:10 /dev/raw/raw8
crw-rw---- 1 grid dba 162, 9 Apr 17 21:10 /dev/raw/raw9

Node2: 同上

5.3 建立主机间的信任关系

5.3.1 系统自动识别并记录know_hosts文件：

1）主机间的信任关系是指Linux的用户间无需密码可以相互访问（即相互信任），RAC安装时需要再两节点间复制数据，所以需要Grid用户和Oracle用户node1和node2之间建立信任关系。

2）信任关系主要与用户家目录下.ssh子目录下的authorized_keys和know_hosts两个文件相关，关于know_hosts文件，我们可以配置成首次登录自动记录，这样省心多了。

Node1:

[root@tim1 ~]# vi /etc/ssh/ssh_config

修改 StrictHostKeyChecking 参数为 no

这个参数修改后，当ssh第一次登录的节点时，会自动将该节点信息记录到.ssh/know_hosts文件中。

Node2:同上

5.3.2 配置Grid用户信任关系

Node1:

[root@tim1 /]# su - grid

1) 生成密钥对（rsa+dsa）（Node1、Node2）

Node1:

生成密钥rsa类型：id_rsa为私钥，id_rsa.pub为公钥，它们自动保存到.ssh下

[grid@tim1 ~]$ cd
[grid@tim1 ~]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/grid/.ssh/id_rsa): enter
Enter passphrase (empty for no passphrase): enter
Enter same passphrase again: enter
Your identification has been saved in /home/grid/.ssh/id_rsa.
Your public key has been saved in /home/grid/.ssh/id_rsa.pub.
The key fingerprint is:
64:a6:4a:77:db:33:a4:aa:6e:ca:8f:5f:2f:77:0f:40 grid@tim1

生成密钥dsa类型：id_dsa为私钥，id_dsa.pub为公钥，它们自动保存到.ssh下

[grid@tim1 ~]$ ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/home/grid/.ssh/id_dsa): enter
Enter passphrase (empty for no passphrase): enter
Enter same passphrase again: enter
Your identification has been saved in /home/grid/.ssh/id_dsa.
Your public key has been saved in /home/grid/.ssh/id_dsa.pub.
The key fingerprint is:
7c:41:b5:0f:81:06:ad:30:07:4f:8b:1a:9b:94:68:14 grid@tim1

Node2:同上 【注】：是grid用户

2) 配置grid用户信任关系（Node1、Node2）

Node1:

[grid@tim1 ~]$ ls .ssh

id_dsa id_rsa id_dsa.pub id_rsa.pub

第一步：先把Node1的两把公钥收集到它的authorized_keys文件中，我们只关心公钥，不关心私钥。

[grid@tim1 ~]$ cat ~/.ssh/id_rsa.pub >>~/.ssh/authorized_keys
[grid@tim1 ~]$ cat ~/.ssh/id_dsa.pub >>~/.ssh/authorized_keys

第二步：把其他节点的公钥追加到node1的authorized_keys文件中。

[grid@tim1 ~]$ ssh tim2 cat ~/.ssh/id_rsa.pub >>~/.ssh/authorized_keys
[grid@tim1 ~]$ ssh tim2 cat ~/.ssh/id_dsa.pub >>~/.ssh/authorized_keys

第三步：把node1的authorized_keys文件派发给其他节点。

[grid@tim1 ~]$ scp ~/.ssh/authorized_keys tim2:~/.ssh
[grid@tim2 ~]$ cat ~/.ssh/authorized_keys

Grid用户一共四把公钥，每个节点有一对（rsa_pub,dsa_pub）

3) 验证信任关系（Node1、Node2）

验证说明:

1）节点间的信任关系采用的是第三方验证机制。

2）每个节点不但需要无密码登录其他节点，本节点也要进行无密码登录验证。

Node1:

[grid@tim1 ~]$ ssh tim1 date
[grid@tim1 ~]$ ssh tim2 date
[grid@tim1 ~]$ ssh tim1-priv date
[grid@tim1 ~]$ ssh tim2-priv date

Node2:

[grid@tim2 ~]$ ssh tim1 date
[grid@tim2 ~]$ ssh tim2 date
[grid@tim2 ~]$ ssh tim1-priv date
[grid@tim2 ~]$ ssh tim2-priv date

第一次远程登录可能需要确认，然后会把相关信息写入know_hosts文件，务必再补上一枪，确保无需确认登录成功。

5.3.3 配置Oracle用户信任关系

1)生成密钥对（rsa+dsa）（Node1、Node2）

参照5.3.2

2)配置grid用户信任关系（Node1、Node2）

参照5.3.2

Oracle用户一共四把公钥，每个节点有一对（rsa_pub,dsa_pub）

验证信任关系（Node1、Node2）

参照5.3.2

oracle信任关系的配置和验证方法与grid用户完全一样，为避免篇幅重复，我这里就省略了。但大家一定要保证配置和验证正确！

the end ！！！

@jackman 共筑美好！