Difference between revisions of "Cluster der kan alt/LDAP eller NIS"

From Teknologisk videncenter
Jump to: navigation, search
 
(19 intermediate revisions by 5 users not shown)
Line 1: Line 1:
NIS or Network Information Services is a simple - and insecure - way of making [[SSO|Single Sign On]] in a cluster of UNIX/Linux machines. Very useful in a closed network.
+
=Installation af master server=
  
Originally NIS was called YP - Yellow Pages - and the acronyms YP and NIS are used.
+
Tilføj følgende linje til '''sudo nano /etc/hosts.allow'''.
 
 
There are up to three roles in a NIS installation
 
;Master server:The master server - shares files to slaves and clients. For example the passwd and group file
 
;Slave server(s):Maintain copies of the Master Server shared files. Provides redundancy and load balancing
 
;Clients:Use the shared files - for example for single sign on. Users added on the master server
 
=Installation of the master server=
 
Add the following line to '''/etc/hosts.allow'''. (In this case master,slaves and clients lives in the 10.222.0.0/24 network)
 
 
<source lang=cli>
 
<source lang=cli>
portmap ypserv ypbind: 10.222.0.0/255.255.255.0
+
portmap ypserv ypbind: 10.0.0.0/255.255.255.0
 
</source>  
 
</source>  
Install NIS. You will be asked to enter the domain name. The domain name is not the DNS domain name - but a unique name for the the cluster of machines sharing the same information. (I use the DNS domain name - one less thing to remember)
+
Installer NIS. Du vil blive bedt om at indtaste domænenavnet. Domænenavnet er ikke DNS-domænenavn - men et unikt navn for klyngen af maskiner deler de samme oplysninger.
 
<source lang=cli>
 
<source lang=cli>
apt-get install portmap nis
+
sudo apt-get install portmap nis
 
</source>  
 
</source>  
*Edit '''/etc/default/nis''' and set the NISSERVER line to NISSERVER = master
+
*Ret '''sudo nano /etc/default/nis''' (nano /etc/default/nis) og set NISSERVER linjen til
*Edit '''/etc/yp.conf''' and add a server line of the form: (Note my domain-name is '''c1.local''')
+
<source lang=cli>
 +
NISSERVER =master
 +
</source>
 +
*Ret '''sudo nano/etc/yp.conf''' og tilføj en linje med:
 
<source lang=cli>
 
<source lang=cli>
domain c1.local server 127.0.0.1
+
domain dka.local server 127.0.0.1
 +
</source>
 +
*Ret '''sudo nano /etc/ypserv.securenets''' fjern '''0.0.0.0''' linjen - insecure - og tilføj dit eget net(255.255.255.0 10.0.0.0).
 +
*genstart så yellowpages servicen for at loade det nye configuration.
 +
<source lang=cli>
 +
sudo service ypserv restart
 
</source>
 
</source>
*Edit '''/etc/ypserv.securenets''' remove the '''0.0.0.0''' line - insecure - and add your net/nets
 
 
==Adding a user==
 
==Adding a user==
When adding a user with '''adduser''' it's necessary to rebuild the NIS maps  
+
Efter du har oprettet en ny bruger, '''adduser''' er det nødvendigt at genopbygge nis maps!
 
<source lang=cli>
 
<source lang=cli>
 
root@head:~# <input>make -C /var/yp</input>
 
root@head:~# <input>make -C /var/yp</input>
Line 50: Line 50:
  
 
echo -e "Creating keys"
 
echo -e "Creating keys"
su $NAME -c "ssh-keygen -t dsa"
+
su $NAME -c "ssh-keygen"
 
echo -e "Distributing keys"
 
echo -e "Distributing keys"
su $NAME -c "cat /home/$NAME/.ssh/id_dsa.pub >> /home/$NAME/.ssh/authorized_keys"
+
su $NAME -c "cat /home/$NAME/.ssh/id_rsa.pub >> /home/$NAME/.ssh/authorized_keys"
 
echo -e "Rebuild NIS database"
 
echo -e "Rebuild NIS database"
 
make -C /var/yp
 
make -C /var/yp
 
</source>
 
</source>
  
=Installation on the clients=
+
=Installation på klienten=
Install the software
+
Installer software
 
<source lang=cli>
 
<source lang=cli>
 
sudo apt-get install portmap nis
 
sudo apt-get install portmap nis
 
</source>
 
</source>
run the following commands. Remember to change the IP address of the NIS_SERVER_IP to your NIS servers IP address.
+
Kør disse kommandoer, hvor NIS_SERVER_IP = din nis server ip
 
<source lang=cli>
 
<source lang=cli>
echo "portmap : <notice>NIS_SERVER_IP</notice> >> /etc/hosts.allow
+
echo "portmap : <notice>NIS_SERVER_IP"</notice> >> /etc/hosts.allow
 
echo "+::::::" >> /etc/passwd
 
echo "+::::::" >> /etc/passwd
 
echo "+:::" >> /etc/group
 
echo "+:::" >> /etc/group
 
echo "+::::::::" >> /etc/shadow
 
echo "+::::::::" >> /etc/shadow
echo "ypserver <notice>NIS_SERVER_IP</notice> >> /etc/yp.conf
+
echo "Domain = Cluster" >> /etc/idmapd.conf
/etc/init.d/nis restart
+
echo "ypserver <notice>NIS_SERVER_IP"</notice> >> /etc/yp.conf
 +
service ypbind restart
 +
service idmapd restart
 
</source>
 
</source>
Test with
+
Test med
 
<source lang=cli>
 
<source lang=cli>
 
yptest
 
yptest
 
</source>
 
</source>
 
{{source cli}}
 
{{source cli}}
 
=links=
 
*https://help.ubuntu.com/community/SettingUpNISHowTo
 
[[Category:Ubuntu]]
 

Latest revision as of 13:09, 21 October 2014

Installation af master server

Tilføj følgende linje til sudo nano /etc/hosts.allow.

portmap ypserv ypbind: 10.0.0.0/255.255.255.0

Installer NIS. Du vil blive bedt om at indtaste domænenavnet. Domænenavnet er ikke DNS-domænenavn - men et unikt navn for klyngen af maskiner deler de samme oplysninger.

sudo apt-get install portmap nis
  • Ret sudo nano /etc/default/nis (nano /etc/default/nis) og set NISSERVER linjen til
NISSERVER =master
  • Ret sudo nano/etc/yp.conf og tilføj en linje med:
domain dka.local server 127.0.0.1
  • Ret sudo nano /etc/ypserv.securenets fjern 0.0.0.0 linjen - insecure - og tilføj dit eget net(255.255.255.0 10.0.0.0).
  • genstart så yellowpages servicen for at loade det nye configuration.
sudo service ypserv restart

Adding a user

Efter du har oprettet en ny bruger, adduser er det nødvendigt at genopbygge nis maps!

root@head:~# <input>make -C /var/yp</input>
make: Går til katalog '/var/yp'
make[1]: Går til katalog '/var/yp/c1.local'
Updating passwd.byname...
Updating passwd.byuid...
Updating netid.byname...
Updating shadow.byname...
make[1]: Forlader katalog '/var/yp/c1.local'
make: Forlader katalog '/var/yp'

Script adding user in a Cluster

The following simple script:

  • Add a user on the NIS server.
  • Add a ssh key to the users /home library.
    • In this cluster /home is distributed with NFS to all nodes. Logon to nodes without entering password
  • Rebuilding the NIS database with the new user
#!/bin/bash
echo -e "Adding user to cluster"
echo -e "======================\n"
echo -en "User login name: "
read NAME
adduser $NAME

echo -e "Creating keys"
su $NAME -c "ssh-keygen"
echo -e "Distributing keys"
su $NAME -c "cat /home/$NAME/.ssh/id_rsa.pub >> /home/$NAME/.ssh/authorized_keys"
echo -e "Rebuild NIS database"
make -C /var/yp

Installation på klienten

Installer software

sudo apt-get install portmap nis

Kør disse kommandoer, hvor NIS_SERVER_IP = din nis server ip

echo "portmap : <notice>NIS_SERVER_IP"</notice> >> /etc/hosts.allow
echo "+::::::" >> /etc/passwd
echo "+:::" >> /etc/group
echo "+::::::::" >> /etc/shadow
echo "Domain = Cluster" >> /etc/idmapd.conf
echo "ypserver <notice>NIS_SERVER_IP"</notice> >> /etc/yp.conf
service ypbind restart
service idmapd restart

Test med

yptest