To build up the whole solution , we will start with Openssh installation on AIX.OpenSSH is a free software tool that supports SSH1 and SSH2 protocols. It's reliable and secure and is widely accepted in the IT industry to replace the r-commands, telnet, and ftp services, providing secure encrypted sessions between two hosts over the network.
OpenSSH source code is compiled on AIX 5L and shipped on the AIX 5L Expansion Pack and Web Download Pack. You can also get the installation images from OpenSSH on AIX. When you install the AIX OpenSSH image from the Bonus Pack CD or from the website, you can get support from IBM Program Services.
OpenSSH is dynamically linked with OpenSSL for use of the encryption library libcrypto.a. You can get the OpenSSL library from the AIX Toolbox for Linux Applications CD or from this website. OpenSSL is delivered in RPM format (instead of installp format). To install OpenSSL, use the command:
# rpm -i
Lets walk through the process of downloading and installing OpenSSL, OpenSSH and rsync.
1. Download the package manager:
ftp://ftp.software.ibm.com/aix/freeS...LP/ppc/rpm.rte
2. Install the package manager
# installp -qacXgd rpm.rte rpm.rte
3. Download the OpenSSL library: http://www6.software.ibm.com/dl/aixtbx/aixtbx-p
a. OpenSSL is cryptographic content so you will need to sign in with your IBM ID and password. Create one if you don’t have one.
b. The next screen is a license agreement. Agree and confirm.
c. Search the page for “openssl-0.9.7g-1.aix5.1.ppc.rpm” and click on the download button next to it.
4. Install the RPM for openSSL
# rpm –i openssl-0.9.7g-1.aix5.1.ppc.rpm
5. Download OpenSSH: https://sourceforge.net/project/show...roup_id=127997
6. Installation of Openssh: The resulting file is compressed tar file. Uncompress and untar it and follow the directions in the Customer_README file exactly as given.
7. Download the latest version of rsync: ftp://ftp.software.ibm.com/aix/freeS...RPMS/ppc/rsync
8.Install rsync:
# rpm –i rsync-2.6.2-1.aix5.1.ppc.rpm
You must complete these steps on all servers/LPARs that will be using rsync, either as a file server or a sync client. You must also set up the necessary SSH keys between servers.
For the remainder of this exercise, we are going to limit ourselves to two servers. AIXServe will be the server with the master files and AIXClient will be the server/LPAR obtaining the master files for local use.
A common usage in this scenario is user information, so we will address that particular example, but rsync can be used for any types of files or directory trees. Indeed, it can be used to keep HTML source in sync, as just one more example use.
This is an example of a script that does a “pull” from AIXServe. AIXClient transfers the latest passwd, group and security files overwriting its own files. Additionally, FileClient copies any new user directories in /home but does not update, modify or delete any existing directories.
#!/usr/bin/ksh
# Get new /etc/passwd & /etc/group files
# Overwrite existing files
rsync –goptvz -e ssh AIXServe:/etc/passwd /etc/passwd
rsync –goptvz -e ssh AIXServe:/etc/group /etc/group
# Get new files from /etc/security
# Overwrite existing files
for FILE in group limits passwd .ids environ .profile
do
rsync –goptvz -e ssh AIXServer:/etc/security/$FILE /etc/security/$FILE
done
# Grab new directories in /home
# Do not change anything that already exists
rsync -gloprtuvz -e ssh --ignore-existing AIXServ:/home /home
This solution is fine for two or three servers, but what about more than that? Besides which, if the centralized user management is being done on FileServe, doesn’t it make more sense to pull rather than push?
This script does a push from AIXServe to multiple clients:
#!/usr/bin/ksh
for CLIENTS in `cat /etc/useradm_clients.rsync`
do
echo Updating ${CLIENTS}…
# Get new /etc/passwd & /etc/group files
# Overwrite existing files
rsync –goptvz -e ssh /etc/passwd ${CLIENTS}/etc/passwd
rsync –goptvz -e ssh /etc/group ${CLIENTS}/etc/group
# Get new files from /etc/security
# Overwrite existing files
for FILE in group limits passwd .ids environ .profile
do
rsync –goptvz -e ssh /etc/security/$FILE ${CLIENTS}/etc/security/$FILE
done
# Grab new directories in /home
# Do not change anything that already exists
rsync -gloprtuvz -e ssh --ignore-existing /home ${CLIENTS}/home
echo ${CLIENTS} Complete.
done
one minor point, ibm no longer supplies openSSL in rpm format... as of 0.9.8.x it is now a bff
ReplyDelete