Difference between revisions of "Cluster der kan alt/Routing NAT and NIS"
(→NIS) |
(→NIS) |
||
Line 89: | Line 89: | ||
<source lang=cli> | <source lang=cli> | ||
0.0.0.0 0.0.0.0 | 0.0.0.0 0.0.0.0 | ||
+ | |||
255.255.255.0 10.0.0.0 | 255.255.255.0 10.0.0.0 | ||
</source> | </source> |
Revision as of 09:51, 5 November 2013
Contents
Routning & NAT
Configuring NAT (Sharing Internet)
Start Routing
For this, we do not need to install anything new. Everything is right there but is currently disabled.
First, edit sysctl.conf
nano /etc/sysctl.conf
Find this:
net.ipv4.ip_forward=1
Uncomment it by removing the #. Now forwarding is enabled in the system kernel.
Start routing without a reboot
This will enable it without a reboot. Like restart a service
echo 1 > /proc/sys/net/ipv4/ip_forward
NAT
This make a NAT rule for post-routing. It sets the eth0 as the output card (The one out to the internet) and sets source to it's own IP through MASQUERADE
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Save the iptable so it can be loaded correctly after a reboot/shutdown
iptables-save > /etc/iptables.rules
Load the iptables.rules at startup
Edit the file interfaces
nano /etc/network/interfaces
Insert these lines to the eth0 interface
pre-up iptables-restore < /etc/iptables.rules
post-down iptables-restore < /etc/iptables.rules
Like this
# The extended interfaces
auto eth0
iface eth0 inet dhcp
pre-up iptables-restore < /etc/iptables.rules
post-down iptables-restore < /etc/iptables.rules
Test it out on your other client.
NIS
Enter the hosts.allow file <sorce lang=cli> nano /etc/hosts.allow </source> Add the following line
portmap ypserv ypbind: 10.0.0.0/255.255.255.0
Install NIS. You will be prompted for domain name. The domain name is not the DNS-domain name - but a unique name for the nodes and master that share the same information.
- NOTE: It is recommended you install NIS using the VMware consol instead of SSH
apt-get install portmap nis
Enter the nis file
nano /etc/default/nis
Set the NISSERVER line to
NISSERVER =master
Enter the yp.conf file
nano /etc/yp.conf
Add the line
domain dka.local server 127.0.0.1
Enter the ypserv.securenets file
nano /etc/ypserv.securenets
Replace the 0.0.0.0 line with the 255.255.255.0 10.0.0.0
0.0.0.0 0.0.0.0
255.255.255.0 10.0.0.0
Reboot the Yellowpages service so the new configuration can be loaded
service ypserv restart
Adding a user
Efter du har oprettet en ny bruger, adduser er det nødvendigt at genopbygge nis maps!
root@head:~# <input>make -C /var/yp</input>
make: Går til katalog '/var/yp'
make[1]: Går til katalog '/var/yp/c1.local'
Updating passwd.byname...
Updating passwd.byuid...
Updating netid.byname...
Updating shadow.byname...
make[1]: Forlader katalog '/var/yp/c1.local'
make: Forlader katalog '/var/yp'
Script adding user in a Cluster
The following simple script:
- Add a user on the NIS server.
- Add a ssh key to the users /home library.
- In this cluster /home is distributed with NFS to all nodes. Logon to nodes without entering password
- Rebuilding the NIS database with the new user
#!/bin/bash
echo -e "Adding user to cluster"
echo -e "======================\n"
echo -en "User login name: "
read NAME
adduser $NAME
echo -e "Creating keys"
su $NAME -c "ssh-keygen"
echo -e "Distributing keys"
su $NAME -c "cat /home/$NAME/.ssh/id_rsa.pub >> /home/$NAME/.ssh/authorized_keys"
echo -e "Rebuild NIS database"
make -C /var/yp
Installation på klienten
Installer software
sudo apt-get install portmap nis
Kør disse kommandoer, hvor NIS_SERVER_IP = din nis server ip
echo "portmap : <notice>NIS_SERVER_IP"</notice> >> /etc/hosts.allow
echo "+::::::" >> /etc/passwd
echo "+:::" >> /etc/group
echo "+::::::::" >> /etc/shadow
echo "Domain = Cluster" >> /etc/idmapd.conf
echo "ypserver <notice>NIS_SERVER_IP"</notice> >> /etc/yp.conf
service ypbind restart
service idmapd restart
Test med
yptest