Propagate Operating System User IDs :: SAS® LASR(TM) Analytic Server 2.7: Reference Guide

Which User IDs Must Be Propagated?

You must propagate the operating system user IDs that are used for Hadoop and for managing SAS LASR Analytic Server instances (starting, stopping, and loading tables).

About Passwords

In most deployments, passwords are not used to log on to the machines in the cluster. Therefore, in most cases, it is not necessary to propagate passwords to the additional machines in the cluster.

However, if you want to preserve passwords and you use the SAS High-Performance Computing Management Console, you can view the value from the /etc/shadow file or within the console. When you add the user with the console, you can paste the value in the Pre-encrypted password field.

Option 1: User Management Software

If your site uses account management software applications such as LDAP, NIS, or Active Directory on Linux for managing user accounts, then use that software to make the user accounts available on the additional machines.

Option 2: Delete and Re-add Users

If you use SAS High-Performance Computing Management Console to manage the machines in the cluster, then you can delete each user and then add the user back to the system. This is an option when the number of operating system accounts is fairly low. When you add the user, the account is re-created on the original machines, and it is also added to the new machines.

Note: When using this method, be sure to note the UID and primary GID of the user before it is deleted and to reuse the same values when re-creating the user account.

Note: If you choose this option, be aware that using the Generate and Propagate SSH Keys option when you create the user account removes existing SSH keys. If you do not delete the home directory when you delete the user and you do not generate new SSH keys, then the existing keys can be reused.

Option 3: Use Operating System Commands to Add Users

About Using the Simultaneous Shell Command

You can view the existing user IDs and groups with the SAS High-Performance Computing Management Console, or from the /etc/passwd and /etc/group files. You can use operating system commands to add the groups and users to the addition machines.

The following sample commands use the simsh utility that is included with SAS High-Performance Computing Management Console. This utility attempts to configure users and groups on the machines that already have the user accounts and groups. This results in an error message from those machines. The error message is harmless because the commands do not modify the existing configuration, but you might find them distracting. As an alternative, you can use the console to create a simultaneous utilities machine group that contains the host names for the new machines only. You can then specify the group name with the simsh command so that only the new machines are affected.

This document demonstrates using the simsh command with a machine group that is named newnodes for simplicity.

Add Groups

Identify the groups to add to the new machine by viewing the console or looking at the /etc/group file. Make sure that you identify each group ID.

The following example shows how to add the group that is named sasdemo with a group number of 102 to the newnodes machine group :

/opt/webmin/utilbin/simsh -g newnodes "groupadd -g 102 sasdemo"

Add Users

Identify the user IDs to add to the new machine by viewing the console or looking at the /etc/passwd file. Make sure that you identify each user ID.

The following example shows how to add a user:

/opt/webmin/utilbin/simsh -g newnodes
     "useradd -u 503 -g 102 -d /home/sasdemo -s /bin/bash sasdemo"

Note: The command must be entered on a single line.

Propagating Secure Shell Keys

One way to propagate existing SSH keys to the new machines is to copy them to all the new machines in the cluster. The following example shows one way to perform this operation:

simcp /home/user/.ssh /home/user/
simsh chown -R user:group  /home/user/.ssh

You can use scripting to simplify this task and all the previous operating system commands, too. You also do not need to follow this strategy. Any method that is able to propagate the groups, user IDs, and SSH keys is acceptable.