From e01807ea20bc57f18ee6bad934c3be6bc30e0302 Mon Sep 17 00:00:00 2001 From: Abhijit Menon-Sen Date: Thu, 12 Mar 2015 18:22:21 +0530 Subject: [PATCH] Split out SSH configuration bits from the old README --- OLD-README.rst | 36 ------------------------------------ SSH-RSYNC.md | 35 +++++++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 36 deletions(-) create mode 100644 SSH-RSYNC.md diff --git a/OLD-README.rst b/OLD-README.rst index 9ececa07..a82752da 100644 --- a/OLD-README.rst +++ b/OLD-README.rst @@ -298,42 +298,6 @@ Or in this Debian example:: Below this binary installation base directory is referred to as PGDIR. -Set up trusted copy between postgres accounts ---------------------------------------------- - -Initial copy between nodes uses the rsync program running over ssh. For this -to work, the postgres accounts on each system need to be able to access files -on their partner node without a password. - -First generate a ssh key, using an empty passphrase, and copy the resulting -keys and a maching authorization file to a privledged user on the other system:: - - [postgres@node1]$ ssh-keygen -t rsa - Generating public/private rsa key pair. - Enter file in which to save the key (/var/lib/pgsql/.ssh/id_rsa): - Enter passphrase (empty for no passphrase): - Enter same passphrase again: - Your identification has been saved in /var/lib/pgsql/.ssh/id_rsa. - Your public key has been saved in /var/lib/pgsql/.ssh/id_rsa.pub. - The key fingerprint is: - aa:bb:cc:dd:ee:ff:aa:11:22:33:44:55:66:77:88:99 postgres@db1.domain.com - [postgres@node1]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys - [postgres@node1]$ chmod go-rwx ~/.ssh/* - [postgres@node1]$ cd ~/.ssh - [postgres@node1]$ scp id_rsa.pub id_rsa authorized_keys user@node2: - -Login as a user on the other system, and install the files into the postgres -user's account:: - - [user@node2 ~]$ sudo chown postgres.postgres authorized_keys id_rsa.pub id_rsa - [user@node2 ~]$ sudo mkdir -p ~postgres/.ssh - [user@node2 ~]$ sudo chown postgres.postgres ~postgres/.ssh - [user@node2 ~]$ sudo mv authorized_keys id_rsa.pub id_rsa ~postgres/.ssh - [user@node2 ~]$ sudo chmod -R go-rwx ~postgres/.ssh - -Now test that ssh in both directions works. You may have to accept some new -known hosts in the process. - Primary server configuration ---------------------------- diff --git a/SSH-RSYNC.md b/SSH-RSYNC.md new file mode 100644 index 00000000..ba40999d --- /dev/null +++ b/SSH-RSYNC.md @@ -0,0 +1,35 @@ +Set up trusted copy between postgres accounts +--------------------------------------------- + +If you need to use rsync to clone standby servers, the postgres account +on your master and standby servers must be each able to access the other +using SSH without a password. + +First generate a ssh key, using an empty passphrase, and copy the resulting +keys and a maching authorization file to a privledged user on the other system:: + + [postgres@node1]$ ssh-keygen -t rsa + Generating public/private rsa key pair. + Enter file in which to save the key (/var/lib/pgsql/.ssh/id_rsa): + Enter passphrase (empty for no passphrase): + Enter same passphrase again: + Your identification has been saved in /var/lib/pgsql/.ssh/id_rsa. + Your public key has been saved in /var/lib/pgsql/.ssh/id_rsa.pub. + The key fingerprint is: + aa:bb:cc:dd:ee:ff:aa:11:22:33:44:55:66:77:88:99 postgres@db1.domain.com + [postgres@node1]$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys + [postgres@node1]$ chmod go-rwx ~/.ssh/* + [postgres@node1]$ cd ~/.ssh + [postgres@node1]$ scp id_rsa.pub id_rsa authorized_keys user@node2: + +Login as a user on the other system, and install the files into the postgres +user's account:: + + [user@node2 ~]$ sudo chown postgres.postgres authorized_keys id_rsa.pub id_rsa + [user@node2 ~]$ sudo mkdir -p ~postgres/.ssh + [user@node2 ~]$ sudo chown postgres.postgres ~postgres/.ssh + [user@node2 ~]$ sudo mv authorized_keys id_rsa.pub id_rsa ~postgres/.ssh + [user@node2 ~]$ sudo chmod -R go-rwx ~postgres/.ssh + +Now test that ssh in both directions works. You may have to accept some new +known hosts in the process.