Installation help?
215 views
Skip to first unread message
David
Dec 27, 2016, 2:50:23 PM12/27/16
to Greenplum Users
Hey y'all...
2 questions for you.
1) when I run gpseginstall with multiple segments in the "hostfile_exkeys", somewhere early on it will just start asking me to keep retyping passwords for each node (multiple times) and then just dies. If i restrict it to go 1 node at a time, it will complete the first node, and then fail during the exchange of the keys.
2) If i try to run the gpssh-exkeys on its own I get the following:
[root@ip-10-0-151-250 centos]# gpssh-exkeys -f /tmp/hostfile_exkeys
Traceback (most recent call last):
File "/usr/local/greenplum-db/./bin/gpssh-exkeys", line 525, in <module>
(primary, aliases, ipaddrs) = socket.gethostbyaddr(hostname)
socket.gaierror: [Errno -2] Name or service not known
has anyone seen or resolved this?
Keaton Adams
Dec 27, 2016, 3:02:14 PM12/27/16
to Greenplum Users
Can you reach all of the hosts (ping/ssh/etc) listed in /tmp/hostfile_exkeys from the Master? Do you have the same /etc/hosts entries across all nodes in the cluster? It looks like a hostname configuration issue.
David
Dec 27, 2016, 3:13:13 PM12/27/16
to Greenplum Users
All hosts are accessible via ssh and ping
and all hosts have identical hostfile
David Cohen
Dec 27, 2016, 3:16:33 PM12/27/16
to Greenplum Users
Just in case:
my host file looks like this:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.151.250 mdw
10.0.151.37 smdw
10.0.151.159 sdw1
10.0.151.160 sdw2
10.0.151.13 sdw3
and my hostfile_exkeys file is
[gpadmin@ip-10-0-151-250 centos]$ cat /tmp/hostfile_exkeys
mdw
smdw
--
You received this message because you are subscribed to the Google Groups "Greenplum Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gpdb-users+unsubscribe@greenplum.org.
To post to this group, send email to gpdb-...@greenplum.org.
Visit this group at https://groups.google.com/a/greenplum.org/group/gpdb-users/.
For more options, visit https://groups.google.com/a/greenplum.org/d/optout.
David Cohen
VP Business Information Architecture
218 West 18th St, 2nd FL
New York, NY 10011
Keaton Adams
Dec 27, 2016, 3:38:50 PM12/27/16
to Greenplum Users
Double-check the steps in the install guide:
It looks like you're running the command as root, which is good. Also make sure:
In root's session you:
source /usr/local/greenplum-db/greenplum_path.sh
And that the exkeys file:
"has the machine configured host names and host addresses (interface names) for each host in your Greenplum system (master, standby master and segments). Make sure there are no blank lines or extra spaces."
Then give the gpseginstall another try.
Other ideas:
Can user root passwordless ssh across the nodes?
It looks like the actual hostnames are not (mdw, smdw, sdw1, etc). If the utility is still having issues, you might try adding the actual hostnames along with the gpdb alias entries to /etc/hosts:
10.0.151.250 ip-10-0-151-250 mdw
On Tuesday, December 27, 2016 at 12:50:23 PM UTC-7, David wrote:
Jon Roberts
Dec 27, 2016, 4:13:43 PM12/27/16
to Keaton Adams, Greenplum Users
You probably don't have /etc/ssh/sshd_config configured to allow for password authentication. Add:
Comment out this line:
#PermitRootLogin without-password
PasswordAuthentication yes
PermitRootLogin yes
PermitRootLogin yes
Comment out this line:
#PermitRootLogin without-password
Jon Roberts
--
David Cohen
Dec 27, 2016, 4:14:34 PM12/27/16
to Jon Roberts, Greenplum Users, Keaton Adams
I did that.
I can ssh as root to all machines
Jon Roberts
Dec 27, 2016, 4:15:41 PM12/27/16
to David Cohen, Greenplum Users, Keaton Adams
Can you ssh to the nodes as gpadmin and authenticate with a password?
Jon Roberts
Jim Campbell
Dec 27, 2016, 4:33:45 PM12/27/16
to David Cohen, Jon Roberts, Greenplum Users, Keaton Adams
The other issue that you might have is “hostfile_exkey”. You only have your master and standby master listed in the file.
Per the instructions:
"Create a file called hostfile_exkeys that has the machine configured host names and host addresses (interface names) for each host in your Greenplum system (master, standby master and segments).”
You need to add the segments to this file.
You should have:
mdw
smdw
sdw1
sdw2
sdw3
On December 27, 2016 at 4:15:45 PM, Jon Roberts (jrob...@pivotal.io) wrote:
hostfile_exkey
David Cohen
Dec 27, 2016, 4:39:38 PM12/27/16
to Jim Campbell, Jon Roberts, Keaton Adams, Greenplum Users
Hey Jim,
When I put all of the hosts in, the script will ask for the password multiple times for each host, and then say access denied for all of them.
Jim Campbell
Dec 27, 2016, 5:22:53 PM12/27/16
to David Cohen, Keaton Adams, Greenplum Users, Jon Roberts
Based on your emails below, you mention that you can login with root. Do you mean passwordless ssh? That needs to work.
The install routine will create a gpadmin account if you don’t already have one. That account will also need to have passwordless ssh working. If the account exists on each host, you may want to check that you have it working as passwordless ssh. You may have a configuration issue with passwordless ssh that is forcing you to login with the password. If you have the Greenplum installed on your master, you should be able to run gpssh-exkeys to get passwordless ssh working. It it fails, you need to check your configuration to make sure that you don’t have something blocking that. The other things to check are the firewall and SELINUX. You will want to disable these during install. You can harden them later.
On your passwordless ssh, you should end up with a “authorized_keys” under the gpadmin/.ssh directory. It should contain all of the public keys that you want connections for. Sometimes I have created one copy that I know works and copied it across the cluster. This file should contain public keys for all hosts in the cluster including the one you are launching things from. The other file that gets created is known_hosts.
Before you run the install again, you can test your connection with the gpssh command. Type something like “gpssh -f host file_exkey ls”. You should get the results back from each machine in your cluster. If not, you still have something setup incorrectly with passwordless ssh.
Hope that helps.
Ivan Novick
Dec 27, 2016, 5:58:30 PM12/27/16
to Jim Campbell, David Cohen, Keaton Adams, Greenplum Users, Jon Roberts
David,
You got a lot of good tips here, hopefully you can make progress.
I would recommend solving the gpssh-exkeys issue first and not using the gpseginstall to do the key exchange in order to simplify the debugging.
Cheers,
Ivan
--
You received this message because you are subscribed to the Google Groups "Greenplum Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gpdb-users+unsubscribe@greenplum.org.
To post to this group, send email to gpdb-...@greenplum.org.
Visit this group at https://groups.google.com/a/greenplum.org/group/gpdb-users/.
For more options, visit https://groups.google.com/a/greenplum.org/d/optout.
David Cohen
Dec 28, 2016, 7:23:31 AM12/28/16
to Jim Campbell, Keaton Adams, Greenplum Users, Jon Roberts
Thanks everyone... very clear I need to get passwordless ssh up.
Once question, Do I need passwordless ssh working from master to every node?
or anynode to anynode before beginning?
From reading everyone's comments and the docs I belive its Master -> every node and the gpssh-exkeys takes care of the rest? is that right?
Robert Mcphail
Dec 28, 2016, 7:37:50 AM12/28/16
to David Cohen, Jim Campbell, Keaton Adams, Greenplum Users, Jon Roberts
Hi David,
Just run gpssh-exkeys from the master and it will setup passwordless ssh properly for you across all the servers.
Also, (I don't think it does this automatically) run it once as root, then once as gpadmin (e.g. su - gpadmin)
Bob McPhail
Pivotal.io
--
You received this message because you are subscribed to the Google Groups "Greenplum Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gpdb-users+unsubscribe@greenplum.org.
To post to this group, send email to gpdb-...@greenplum.org.
Visit this group at https://groups.google.com/a/greenplum.org/group/gpdb-users/.
For more options, visit https://groups.google.com/a/greenplum.org/d/optout.
Jon Roberts
Dec 28, 2016, 7:40:55 AM12/28/16
to David Cohen, Jim Campbell, Keaton Adams, Greenplum Users
- You need to allow for password authentication to all nodes in the cluster. That isn't a type-o. "password authentication" must be allowed. You do this by editing the /etc/ssh/sshd_config file and adding:
PasswordAuthentication yes
- gpseginstall will create the gpadmin account for you or you can manually create the account on all hosts.
- Change your gpadmin password to be the same on all nodes in the cluster. That means the masters and segment hosts.
- source /usr/local/greenplum-db/greenplum_path.sh
- create a hosts file with all host names in it such as hostfile_exkeys
- execute as gpadmin:
gpssh-exkeys -f hostfile_exkeys
This will ssh to all of the nodes and create ssh keys. It will exchange the keys to all hosts so it allows ssh between the nodes.
I bet you don't have password authentication enabled yet which is why gpseginstall didn't work for you.
Jon Roberts
Principal Engineer | jrob...@pivotal.io | 615-426-8661
David Cohen
Dec 28, 2016, 8:27:05 AM12/28/16
to Jon Roberts, Jim Campbell, Keaton Adams, Greenplum Users
I have this working now.
the reason why gpssh-exkeys wasn't working (or atleast what i did to fix it was)
I previously had master in the host file and in the hostfile_exkeys as
mdw
even though the hostname returned 10-0-151-200.aws.yieldmo.com
when I replaced mdw with the actual hostname value for master it worked.
Reply all
Reply to author
Forward
0 new messages