1opasetupssh(8) Master map: IFSFFCLIRG (Man Page) opasetupssh(8)
3
7 opasetupssh
8 (Linux or Switch) Creates SSH keys and configures them on all hosts or
12 chassis so the system can use SSH and SCP into all other hosts or chas‐
13 sis without a password prompt. Typically, during cluster setup this
14 tool enables the root user on the Management Node to log into the other
15 hosts (as root) or chassis (as admin) using password-less SSH.
16
18 opasetupssh [-C|p|U] [-f hostfile] [-F chassisfile] [-h 'hosts']
19 [-H 'chassis'] [-i ipoib_suffix] [-u user] [-S] [-R|P]
20
22 --help Produces full help text.
23 -C Performs operation against chassis. Default is hosts.
26 -p Performs operation against all chassis or hosts in parallel.
29 -U Performs connect only (to enter in local hosts, known hosts).
32 When run in this mode, the -S option is ignored.
33 -f hostfile
36 Specifies the file with hosts in cluster.
37 Default is /etc/opa/hosts file.
38 -F chassisfile
41 Specifies the file with chassis in cluster.
42 Default is /etc/opa/chassis file.
43 -h hosts Specifies the list of hosts to set up.
46 -H chassis
49 Specifies the list of chassis to set up.
50 -i ipoib_suffix
53 Specifies the suffix to apply to host names to create IPoIB
54 host names. Default is -opa.
55 -u user Specifies the user on remote system to allow this user to SSH
58 to. Default is current user code for host(s) and admin for
59 chassis.
60 -S Securely prompts for password for user on remote system.
63 -R Skips setup of SSH to local host.
66 -P Skips ping of host (for SSH to devices on Internet with ping
69 firewalled).
70
74 opasetupssh -S -i ''
75 opasetupssh -U
76 opasetupssh -h 'arwen elrond' -U
77 HOSTS='arwen elrond' opasetupssh -U
78
81 opasetupssh -C
82 opasetupssh -C -H 'chassis1 chassis2'
83 CHASSIS='chassis1 chassis2' opasetupssh -C
84
86 The following environment variables are also used by this command:
87 HOSTS_FILE
89 File containing list of hosts, used in absence of -f and -h.
90 CHASSIS_FILE
93 File containing list of chassis, used in absence of -F and
94 -H.
95 HOSTS List of hosts, used if -h option not supplied.
98 CHASSIS List of chassis, used if -C is used and -H and -F options not
101 supplied.
102 FF_MAX_PARALLEL
105 When -p option is used, maximum concurrent operations.
106 FF_IPOIB_SUFFIX
109 Suffix to append to hostname to create IPoIB hostname. Used
110 in absence of -i.
111 FF_CHASSIS_LOGIN_METHOD
114 How to log into chassis. Can be Telnet or SSH.
115 FF_CHASSIS_ADMIN_PASSWORD
118 Password for admin on all chassis. Used in absence of -S
119 option.
120
123 The Intel(R) Omni-Path Fabric Suite FastFabric Toolset provides addi‐
124 tional flexibility in the translation between IPoIB and management net‐
125 work hostnames.
126 opasetupssh provides an easy way to create SSH keys and distribute them
128 to the hosts or chassis in the cluster. Many of the FastFabric tools
129 (as well as many versions of MPI) require that SSH is set up for pass‐
130 word-less operation. Therefore, opasetupssh is an important setup step.
131 This tool also sets up SSH to the local host and the local host's IPoIB
133 name. This capability is required by selected FastFabric Toolset com‐
134 mands and may be used by some applications (such as MPI).
135 opasetupssh has two modes of operation. The mode is selected by the
137 presence or absence of the -U option. Typically, opasetupssh is first
138 run without the -U option, then it may later be run with the -U option.
139
141 When run without the -U option, opasetupssh performs the initial key
142 exchange and enables password-less SSH and SCP. The preferred way to
143 use opasetupssh for initial key exchange is with the -S option. This
144 requires that all hosts are configured with the same password for the
145 specified "user" (typically root). In this mode, the password is
146 prompted for once and then SSH and SCP are used in conjunction with
147 that password to complete the setup for the hosts. This mode also
148 avoids the need to set up rsh/rcp/rlogin (which can be a security
149 risk).
150 opasetupssh configures password-less SSH/SCP for both the management
152 network and IPoIB. Typically, the management network is used for Fast‐
153 Fabric Toolset operations while IPoIB is used for MPI and other appli‐
154 cations.
155 During initial cluster installation, where the Intel(R) Omni-Path Fab‐
157 ric software is not yet installed on all the hosts, IPoIB is not yet
158 running. In this situation, use the -i option with an empty string as
159 follows:
160 opasetupssh -i ''
162 This causes the last part of the setup of SSH for IPoIB to be skipped.
166
168 If aspects of the host have changed, such as IP addresses, MAC
169 addresses, software installation, or server OS reinstallation, you can
170 refresh the local host's SSH known_hosts file by running opasetupssh
171 with the -U option. This option does not transfer the keys, but instead
172 connects to each host (management network and IPoIB) to refresh the SSH
173 keys. Existing entries for the specified hosts are replaced within the
174 local known_hosts file. When run in this mode, the -S option is
175 ignored. This mode assumes SSH has previously been set up for the
176 hosts, as such no files are transferred to the specified hosts and no
177 passwords should be required.
178 Typically after completing the installation and booting of Intel(R)
180 Omni-Path Fabric software, opasetupssh must be rerun with the -U option
181 to update the known_hosts file.
182
184 When run without the -U option, opasetupssh performs the initial key
185 exchange and enables password-less SSH and SCP. For chassis, the key
186 exchange uses SCP and the chassis CLI. During this command you log into
187 the chassis using the configured mechanism for chassis login.
188 The preferred way to use opasetupssh for initial key exchange is with
190 the -S option. This requires that all chassis are configured with the
191 same password for admin. In this mode, you are prompted for the pass‐
192 word once and then the FF_CHASSIS_LOGIN_METHOD and SCP are used in con‐
193 junction with that password to complete the setup for the chassis. This
194 method also avoids the need to setup the chassis password in
195 /etc/opa/opafastfabric.conf (which can be a security risk).
196 For chassis, the -i option is ignored.
198
200 If aspects of the chassis have changed, such as IP addresses or MAC
201 addresses, you can refresh the local host's SSH known_hosts file by
202 running opasetupssh with the -U option. This option does not transfer
203 the keys, but instead connects to each chassis to refresh the SSH keys.
204 Existing entries for the specified chassis are replaced within the
205 local known_hosts file. When run in this mode, the -S option is
206 ignored. This mode assumes SSH has previously been set up for the chas‐
207 sis, because no files are transferred to the specified hosts and no
208 passwords are required.
209Copyright(C) 2015-2018 Intel Corporation opasetupssh(8)