Replacing NIS [was:NIS - "Could not read ypservers map" during "make"]

pll at lanminds.com pll at lanminds.com
Wed Jun 18 13:22:06 EDT 2003 

>>>>> On Wed, 18 Jun 2003, "Derek" == Derek Martin wrote:

  Derek> Another way is to set up an NIS-like master-slave
  Derek> relationship with the master and one host on each subnet
  Derek> where systems which need the files live.  The "master" pushes
  Derek> the files out to the "slaves" which in turn push the files
  Derek> out to each of the systems on their subnet.  This keeps the
  Derek> vast majority of traffic on local subnets and obviously
  Derek> serializes much of the transfers.
[...snip...]
  Derek> Also, since all of this will be scripted, it's easy to
  Derek> determine which hosts did not receive updates, and notify the
  Derek> sysadmin team of problems so they can (hopefully) react and
  Derek> fix it before anyone notices.

Also, this could be configured to be a 'pull' system where, when the 
clients boot, they contact the "ypserver" and pull the files over.
I'm thinking of a 2-way file transmission scenario here where the 
servers provide both push and pull capability using both rdist and 
rsync.

2 types of servers:  Master - the primary system where all changes
                              are centralized and pushed out from

                     Slaves - one or more per subnet which get changes
                              propagated to them by the master and push
                              the new files out to the clients

In addition, both masters and slaves would run an rsync:: server.
At boot time, the slaves would attempt to contact the server to pull 
the latest files over, and only the deltas at that, not the entirety 
of every file.

A normal client works exactly the same as a slave server, with the 
caveat that if the client fails to contact a local slave, you could 
opt for it to attempt to contact the master as well.


>>>>> On Wed, 18 Jun 2003, "mike" == mike ledoux wrote:

  mike> how do you handle password changes?  I can't think of any
  mike> reasonable way to deal with that short of requiring people to
  mike> log in to the 'master' server to make changes, and that seems
  mike> like a very fragile solution to me (I can easily imagine my
  mike> users 'forgetting' and changing their password on the local
  mike> copy of the file, and not being able to log in tomorrow).
  mike> Maybe I'm just missing something obvious.

Well, I think this could be handled pretty easily in a couple of 
different ways.  The first, and rather simplistic method is via a Web 
interface where the user changes their password, shell, whatever.  
Upon submission and validation of the form, an rdist is kicked off to 
the slaves and clients.

 The intersting thing about this idea is that with a combination of
good planning, a good client replication/auto-build system such as
FAI, System Imager, or maybe even KickStart, you could actually have a
web server running on each client system.  This would first make
changes to the local files, then rsync the changes back up to the
local subnet slave.  The slave could then both immediately update it's
subnet and contact the master, which would kick off an rdist/rsync to
all slaves except the one from which it received the latest updates.

There are some obvious concerns with this method, namely, do you want 
to trust propagating changes to an entire network which were received 
from a possibly compromised host.  However, in certain environments, 
I can see where this risk is really no worse than running NIS in the 
first place, since an NIS server is rather easy to compromise even 
without physical access to it.

Another more interesting idea would be a network based revision
control system with post-commit hooks to distribute the changes..  For
instance, assume you have a master server which keeps all these files
under revision control.  The clients at boot time could simply attempt
to update their working copy of these files, and failing that, check
out the repository.

When any of the files is changed, the client would first check in the 
working copy, which on the server would trigger a post-commit hook 
which would turn around and kick off some command issued to all 
clients to update their working copies.

I don't have this idea completely fleshed out yet, and there are some
obvious flaws and/or requirements for making this all transparent to
the end user to which I have not given a lot of thought to yet.
However, using Subversion as a revision control system makes this
scenario incredibly plausible IMO.

In short, while all the ideas presented above have very obvious flaws 
or hurdles to over come, I think it's entirely possible to come up 
with a viable and more secure/stable system file distribution 
mechanism than NIS.  The most obvious place which needs work IMO, is 
user training.  Which I don't think would be all that bad.  Users 
have been taught that they change their password using yppasswd 
(or passwd in non-NIS environment) so, for one of these methods, we 
just need to teach them "the new way".  IME, tell them what to do and 
why their doing it, and they'll gladly do it.  The big caveats being:

  a) it makes sense to them
  b) it works
  c) it's not any more effort than what they're used to
  d) it's ideally a great deal simpler than what they're used to

In otherwords, as with everything, make it easier to do the right 
thing[1], and they're less likely to put up a fight :)

[1] The "right thing" being defined as "Whatever it is that you 
    *want* them to do :)
-- 

Seeya,
Paul
--
Key fingerprint = 1660 FECC 5D21 D286 F853  E808 BB07 9239 53F1 28EE

	It may look like I'm just sitting here doing nothing,
   but I'm really actively waiting for all my problems to go away.

	 If you're not having fun, you're not doing it right!

More information about the gnhlug-discuss mailing list