----- Original Message -----
> From: "Konstantin Olchanski" <[log in to unmask]>
> To: "Stephen John Smoogen" <[log in to unmask]>
> Cc: "Dirk Hoffmann" <[log in to unmask]>, "SCIENTIFIC-LINUX-USERS" <[log in to unmask]>
> Sent: Tuesday, 6 January, 2015 22:18:54
> Subject: Re: ypbind not registering with rpcbind on SL7
>
> On Tue, Jan 06, 2015 at 11:20:30AM -0700, Stephen John Smoogen wrote:
>> On 6 January 2015 at 05:08, Dirk Hoffmann <[log in to unmask]> wrote:
>> >
>> > I installed SL7 yesterday from the standard DVD in "Computing node"
>> > flavour. "yum update" ran correctly, then I needed YP/NIS.
>>
>>
>> Wow.. I didn't know ypbind was still in use :)?
>>
>
> There is no replacement to NIS for small clusters.
>
> Vendors send us in the direction of LDAP, which is supposed to be "light
> weight".
>
> Well, if LDAP is light-weight, I hate to see what they consider as
> normal-weight.
>
> With NIS, management is "vi /etc/auto.home; make -C /var/yp".
>
> Wake me up when LDAP gets anywhere near that easy to use.
I'll admit that my IT career has mostly missed the yp/nis days (mostly due to working
in companies with just a few handful servers or less). But!
I dare you to try out FreeIPA. I've tested it in a slightly bigger environment (~30 boxes),
and decided to roll it out at home "just for fun" to play more with it. It doesn't eat that
much CPU or disk resources (well some 100MB), but it is really easy to set up and play with.
And with both a reasonable webUI and a command line interface for the same tasks. Firewall
and SELinux friendly, and lets you do really nice stuff such as DNS SSHFP (no more need
for hosts in ~/.ssh/known_hosts), centralised SSH public key management, Kerberos SSO
and all the other stuff NIS can do.
Regarding resource usage, at home I installed FreeIPA on an slightly well loaded
HP Microserver G7 (AMD N36L) with 8GB RAM running 5 VMs. The average CPU load is 60% and
using ~7GB for VMs. And the admin web console works very well and all IPA domain members
gets the authentication done fairly quickly. I've not noticed any performance drop on the
VMs either.
What I basically did:
* IPA server
- yum install ipa-server
- ipa-server-install (see --help for enabling DNS server and more features)
- Go to http://$SERVER
- Login as admin and start playing
* IPA clients to become "domain members"
- yum install ipa-client
- Ensure /etc/resolv.conf 'nameserver' points at the IPA server
- ipa-client-install (see --help for more advanced features)
Also check out the documentation (you'll find relevant versions of it in https://access.redhat.com
under Identity Management). It is quite good and accurate.
And that's basically it ... run kinit and you have SSO to all your boxes. Or upload your
SSH public key to your IPA user account, and you can SSH to all boxes without uploading
any public keys anywhere else.
My playing has been done with SL6, SL7 and Fedora 19. My next step is to start playing with IPA
servers on SL7, which is an even newer version of FreeIPA with some more features.
By the way, setting up master-master replication with more IPA servers is also really easy. However,
there is a bug in the LDAP server which needs a configuration workaround. But once that's done, it
works really smooth.
Yes, IPA is probably using more resources than yp/nis, but it also provides much more than just yp/nis.
--
kind regards,
David Sommerseth
|
