Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

Introduction to NIS

advertisement 
Introduction to NIS
Suzanne Widup
Class Objectives
• Obtain familiarity with NIS daemons and
architecture
• Build an NIS master, slave and client
• Be able to make changes to maps and
distribute them
• Understand how NIS is used in DSI
Unit 1: What is NIS?
• A major problem in running a distributed computing
environment is maintaining separate copies of common
configuration files (i.e., passwd, hosts, group, etc.)
• Shared storage requires uids and gids in sync across
multiple hosts.
• Network Information System (NIS) addresses this by
having one copy of the files shared among all members of
the NIS domain.
• NIS was originally called Yellow Pages, and the daemons
are still prefaced with “yp”, but the name was changed to
NIS due to legal concerns.
How Does NIS Share Info?
• Changes are made
to the master’s
maps.
• The master pushes
these changes to
the slaves.
• The clients query
the slaves when
they need
information.
NIS Master
Where maps are built and
changes are made to them
NIS Slave
Preferably one per
subnet
read-only copy of
maps
NIS Client
No maps
locally
NIS Client
No maps
locally
NIS Slave
Preferably one per
subnet
read-only copy of
maps
NIS Client
No maps
locally
NIS Client
No maps
locally
NIS Slave
Preferably one per
subnet
read-only copy of
maps
NIS Client
No maps
locally
NIS Client
No maps
locally
The NIS Master
• Responsible for map maintenance and
distribution of maps to it’s slave servers.
• This host has the original copies of the
maps, and this is where you make changes
to the maps.
• Files live under /var/yp, with the source
files in /var/yp/src
NIS Slaves
• Slave servers keep a read-only copy of the maps.
• Preferably, at least one slave per subnet, because
clients will do a broadcast to find a server to bind
with, and that cannot cross subnets.
• The preferred binding is to slaves for performance
reasons, and reliability concerns.
NIS Clients
• Don’t contain copies of the maps, these servers
will query the slave server when they need to look
something up.
• If there is no slave server on the subnet of the
client, the system will have to be set up with a
-ypsetme option in the startup scripts to tell it
where to bind.
• This means that if that slave server fails, the client
will need to be manually told who to bind with,
unless there is a ypservers file.
The Maps
• A map is an NIS data file.
• When a client needs information that would normally be in
one of it’s local files, it queries the slave it’s bound to and
gets the information from there.
• For some of the files, such as passwd, the NIS map looks
much like the file would look on a non NIS host. For other
files, such as auto.home, the file looks somewhat different.
• Maps are created with the makedbm command.
What Works Well Under NIS
• Environments where a user needs to be able
to use any computer.
• Systems that use common storage and need
users and groups to be kept in sync.
• Large installations where manual
administration of the files would be time
prohibitive.
Some Files That Can Be
Managed by NIS
P assw d
G roup
H osts
S ervices
A uto.hom e
N etgroup
A liases
N etm asks
N etw orks
B ootparam s
E thers
P rotocols
R pc
Domains
• Basically, a domain is defined as a group of
servers who share the same NIS maps.
• Reasons for having more than one domain
include the size of the domain and the level
of failure protection required, load
balancing, network considerations, and user
requirements.
DSI Standards
•
•
•
•
NIS Masters will be Solaris boxes
NIS Slaves will be Solaris boxes
NIS Clients can be any supported platform
Network Appliances are only supported for
binding to unix boxes (for future reference).
Unit 2: The Common NIS
Commands
y pcat
y ppassw d
y pw h ich
y pm atch
y pb in d
m ak edb m
y pserv
y ppu sh
y p in it
y px fr
y pset
ypset
• Example:
#ypset sca-sun04
• Used when a slave is not available on the
same subnet. Points ypbind at a particular
server.
• First, ypbind must be called with the ypsetme option, otherwise the ypset
command will be ignored.
ypwhich
• Example:
#ypwhich
sca-sun07
• Used to determine which server the host is
bound to. Will return a hostname if the
binding was successful.
ypbind
• Ypbind is run on all client hosts, whether or not the system is also
running ypserv.
• Called from the startup scripts (on sun: /usr/lib/netsvc/yp/ypstart)
• This is used to tell a client to bind to a server.
• The default mode is -broadcast, if not called with -broadcast, ypbind
steps through the ypservers file to try and bind to a client. If the server
is on another subnet, must be called with the -ypset option to force
ypbind to accept ypset commands.
• The ypset command tells the server who to bind to.
• All hosts must be in the local hosts table before they can be called by
ypset.
ypserv
• Ypserv runs on the slave and master servers.
It is the daemon that makes them a server,
vs. a client and allows them to serve the
maps to the clients.
ypinit
• Ypinit can be used to set up an NIS system.
• The -c option sets up a client
• The -m option is to build a master server database
• The -s master_server option builds the slave database.
The master_server variable must equal the same master
configured in the yp maps and returned by the ypwhich -m
command. You must use the fully qualified domain name
in this variable.
• Ypinit only sets up systems for the domain it belongs to.
ypcat
• Example: ypcat passwd
• Requests a cat of the passwd map from the
bound system
• This is a good test to see if the setup you
have performed has worked correctly. If
you type ypcat passwd and don’t see the
password file scroll across the screen,
there’s a problem.
yppasswd
• Example: yppasswd swidup2
• This changes the passwd on the NIS system
for the user swidup2.
ypmatch
• Example: ypmatch swidup2 passwd
• Queries the slave system for the entry in the
passwd map that matches swidup2.
makedbm
• This is the command used to turn a file in to
an NIS map.
• Example:
cat /tmp/ypservers | makedbm - /var/yp/peoplesoft.com/ypservers
This will take the contents of the file
/tmp/ypservers, and send it as input into the
makedbm command. It will output the map
as /var/yp/peoplesoft.com/ypservers.
yppush
• This command is responsible for
distributing, or pushing, the maps from the
master out to the slaves.
• If the make is not pushing a map out that
you want it to, you can either touch the map
(thus changing the time stamp) or you can
initiate a push using yppush.
ypxfrd
• This daemon is issued from the slaves to
initiate an update from the master of the
maps.
Setting the domainname
• Type
– domainname <yourdomainhere>
• Example:
– domainname nisclass.peoplesoft.com
Exercise 1:
Using the yp commands
• What command would you use to change
your password in NIS?
• What command would you use to determine
the domain of a host?
• What command would you use to determine
if a host is bound to an NIS slave/master?
• What command would you use to get info
from the passwd map on the user bozo?
Unit 3: The Configuration Files
•
•
•
•
The Makefile
The .time files
ypservers
The /var/yp/src directory
The Makefile
• When the server is installed, a default Makefile is
provided. You will need to configure this file to
prepare the server to be an NIS master.
• This file tells the master what maps are being
used, where the source directory is, and other
parameters.
• The original and altered makefiles can be found in
the Appendices at the back of this manual.
The .time Files
• These are used by the system to record the
last push so that the system knows when
changes have been made to existing maps.
• Do not make any alterations to these files.
The ypservers file
• The ypservers file is actually an NIS map
• It is created by creating a file with a list of
the servers to bind with
• makedbm /tmp/ypserversfile ypservers
• This will make the map
The /var/yp/src Directory
• Contains all the master’s map source files
(this is a configurable parameter, so files
don’t have to be here. This is the DSI
standard.
• Make changes to these maps in /var/yp/src
• Then type cd ..
• And type make
• This pushes the files out to the NIS slaves.
Unit 4: NIS Installation
•
•
•
•
The NIS Master
The NIS Slaves
The NIS Clients
Adding a Network Appliance to an NIS
domain
Installing the NIS Master
•
•
•
•
Preparing the maps
The Makefile
Make changes to the configuration files
Start up the daemons
Preparing the Maps
• Create the hosts, passwd, and group maps
from the data files provided.
• Each team will make a different map:
–
–
–
–
–
Team 1: passwd/shadow
Team 2: group
Team 3: hosts
Team 4: auto.home
Team 5: ypservers
Configuring the Makefile
• The default Makefile has been configured
for this server. The main changes that were
made include setting the source directory,
and configuring which maps will be used on
this server.
• Examples of the before and after makefiles
can be found in the Appendices of this
manual.
Using ypinit
• The easiest way to configure a master server
is as follows:
–
–
–
–
set the domain name
configure the makefile
make changes to hosts and nsswitch.conf
run ypinit -m to configure a master server and
answer the questions
Exercise 2:
Turning up the Master Server
• As a class, we will:
– set the domain
– view the changes to the Makefile
– make changes to nsswitch.conf
• Each team will then build their assigned
map
• As a class, we will run ypinit
Installing an NIS Slave
• The ypserv daemon
• Changes to files
The ypserv Daemon
• Started from/usr/lib/netsvc/yp
• We will use ypinit -s <master_server> to
configure this.
Changes to Files
• To prepare a slave (or client) server to read
the NIS maps:
– Add the following line to the bottom of the /etc/passwd file:
+::0:0:::
– Add the following line to the bottom of the /etc/shadow file:
+::::::::
– Add the following to the /etc/group file:
+:::
• Change nsswitch.conf to refer to NIS (an example can be
found in the Appendices section)
• Put ypservers list in /etc/hosts
Exercise 3: Turning up the Slave
• Set the domain name and put it in /etc/defaultdomain as well
• ypinit -c and put in the ypservers list (in order of the host machine, the
master, and any other slaves)
• Make changes to passwd, group, etc. --any files that will be maps in
NIS
• Modify /etc/nsswitch.conf so that NIS is used by
passwd, group, etc.
• /usr/lib/netsvc/yp/ypstop
• /usr/lib/netsvc/yp/ypstart rpcstart
• ypinit -s <Master_Server FQDN>
• /usr/lib/netsvc/yp/ypstop
• /usr/lib/netsvc/yp/ypstart rpcstart
Installing an NIS Client
• The ypbind daemon
• Changes to files
The ypbind Daemon
• This is started up by issuing the command:
–
>/usr/lib/netsvc/yp/ypstart rpcstart
• It is configured in /usr/lib/netsvc/yp/ypstart
(this is where you’d issue the ypset
commands)
• Alternatively, you can start a client using
ypinit -c and specify the list of servers for it
to bind to.
Changes to Files
• To prepare a slave (or client) server to read
the NIS maps:
– Add the following line to the bottom of the /etc/passwd file:
+::0:0:::
– Add the following line to the bottom of the /etc/shadow file:
+::::::::
– Add the following to the /etc/group file:
+:::
• Change nsswitch.conf to refer to NIS (an example can be
found in the Appendices section)
• Put ypservers list in /etc/hosts
Exercise 4: Turning up the Client
•
•
Set the domain name and put it in /etc/defaultdomain as well
ypinit -c
•
Modify passwd, shadow, group, etc -- all files that need to refer to
maps.
•
Start ypbind:
–
•
•
dragon>/usr/lib/netsvc/yp/ypstart rpcstart
Test NIS functionality by typing the following commands:
–
dragon>ypwhich
–
This should respond with the name of the NIS server the system is bound to.
Next type:
–
dragon>ypcat passwd
–
You should see the NIS password file scroll across your screen.
Adding a Network Appliance to NIS
• Options commands
• The rc file changes
• Hosts table changes
The Options Command
The nis options commands should be set as follows:
nis.domainname
<domainname>
nis.enable
on
nis.group_update.enable
off
nis.group_update_schedule
24
nis.servers
<ypservers>,*
Changes to the rc file
• The following lines should be added to the
rc file on the filer:
–
–
–
–
options nis.domainname <domainname>
options nis.enable on
options nis.servers <ypservers>,*
options nis.group_update.enable off
Changes to the Hosts Table
• All of the servers listed in the options
nis.servers command need to have entries in
the hosts table on the filer.
Unit 5: Architecture Changes and
Startup/Shutdown
• Removing a Slave Server
• Order of shutdown for environment
• Bringing up the environment after a full
shutdown of the masters and slaves
Removing a Slave Server
•
•
•
•
•
•
•
•
# cd /var/yp/`domainname`
# makedbm -u ypservers > /tmp/ypservers
# vi /tmp/ypservers
Remove the slave’s entry from the file
# makedbm /tmp/ypservers ypservers
To test--type:
# ypcat -k ypservers
There should be no entry for the slave
Exercise 6:
Remove a Slave Server
• As a class, we will make changes to the
ypservers file on the NIS master and push
the changes.
Shutdown Procedure
• In the event of maintenance that requires the
entire NIS environment to be taken offline:
– Shut down all clients first (the filer is a client)
– Shut down all slave servers
– Shut down the NIS master server
Startup Procedure
• In the event that the entire NIS environment
has been shutdown:
– Bring up the NIS master first
– Next, bring up all slaves servers in the domain
– Finally, bring up the client hosts (the filer is a
client)
Unit 6: NIS in DSI
• Currently 2 domains
• Tools has been integrated with Supply
Chain domain
• 1100 Apps users were recently added into
peoplesoft.com as well for clearcase
integration.
NIS in DSI (cont.)
• Currently 2 domains:
– peoplesoft.com
• NIS master: bigdaddy
• NIS slave: jasmin, daddy
– qalab.peoplesoft.com
• NIS master: maxwell
• NIS slave: none--everyone binds to maxwell
NIS in DSI (cont.)
• Tools has been integrated with Supply
Chain
– UIDs and GIDs have been resolved to eliminate
conflicts
– homedirs have been resolved
– the useradd script on both masters take care of
uid synchronization--be certain to use this each
time you add a new user to either domain.
NIS Standards for Supply Chain
Bigdaddy
NIS Master
Daddy
NIS Slave
Maps
Maps
Maps
NIS Client
If the NIS client is not on
the same subnet as the
slave, ypset may be
required
NIS Client
Maps
Jasmin
(sca-sun04)
NIS Slave
Maps
Maps
Maps
NIS Client
NIS Client
Homedirs
Home Directories mount
from scp-nfs01:/Data/
homedirs
Homedirs
Homedirs
scp-nfs01
Network Appliance
Homedirs
They mount to /disk/
homedirs on the client and
are governed by the
auto.home map entries
NIS Standards for Supply Chain QA
Maxwell
NIS Master
Maps
Maps
Maps
Maps
Maps
NIS Client
NIS Client
NIS Client
NIS Client
Homedirs
Home Directories mount
from scp-nfs01:/Data/
homedirs
Homedirs
Homedirs
scp-nfs01
Network Appliance
Homedirs
They mount to /disk/
homedirs on the client and
are governed by the
auto.home map entries
NIS Standards for Tools
Bigdaddy
NIS Master
Daddy
NIS Slave
Maps
Jasmin
(sca-sun04)
NIS Slave
Maps
Maps
Maps
Maps
Maps
NIS Client
NIS Client
NIS Client
NIS Client
Maps
Homedirs
Home Directories mount
from st-nfs03:/data/home
Homedirs
Homedirs
st-nfs03
Network Appliance
Homedirs
Home directories mount to
/home on the client host
and are governed by the
auto.home map.
NIS Standards for Apps
Bigdaddy
NIS Master
Daddy
NIS Slave
Maps
Maps
Maps
NIS Client
Jasmin
(sca-sun04)
NIS Slave
Maps
If the NIS client is not on
the same subnet as the
slave, ypset may be
required
NIS Client
Maps
Maps
NIS Client
NIS Client
Maps
Homedirs
Home Directories mount
from scp-nfs01:/Data/
homedirs
Homedirs
Homedirs
scp-nfs01
Network Appliance
Homedirs
They mount to /home on
the client and are
governed by the
auto.home map entries
Planned Changes
• Authentication will eventually be handled by Active
Directory in the Corp domain
• Unix Services for Windows to handle communication
between AD and NIS and will be the Master
• NIS slaves will talk to the Master
• Unix hosts will talk to NIS slaves
• The Network Appliances will only talk to slaves (non-unix
master is not supported)
• User adds/deletes will be handled through Active Directory
via Northstar tickets.
Status of Planned Changes
• Phase I (completed):
– Migrated Tools users into existing
peoplesoft.com domain
– Homedirs primarily on st-nfs03
– Users existed in both places, so Tools hosts that
are in NIS must mount scp-nfs01 to allow them
to use their existing homedirs.
Status of Planned Changes
(Cont.)
• Phase II
– Obtain version 3 of Unix Services for Windows
(approx.. Q2-3)
– Gain Corp IT approval for installation on the
Domain Controller(s)
– Install above software
– Integrate the maps for all domains and use
netgroups to segregate host access
Suggested Reading
• Managing NFS and NIS, by Hal Stern (O’Reilly
book)
• Unix System Administration Handbook, by
Nemeth, Snyder, Seebass & Hein
• http://docs.sun.com (the definitive reference on
Solaris)
• http://www.ebsinc.com/solaris/network/nis.html
(general Solaris NIS reference)
• http://www.eng.auburn.edu/users/doug/nis.html
(Securing NIS)
Appendices
• Unix Quick References
• Makefiles
• Standard nsswitch.conf file
Standard nsswitch.conf file
passwd: compat (If this causes problems, use files [NOTFOUND=continue] nis)
group: compat (If this causes problems, use files [NOTFOUND=continue] nis)
hosts: files [NOTFOUND=continue] dns [NOTFOUND=continue] nis
services: nis [NOTFOUND=continue] files
networks: nis [NOTFOUND=continue] files
protocols: nis [NOTFOUND=continue] files
rpc: nis [NOTFOUND=continue] files
publickey: nis [NOTFOUND=continue] files
netgroup: nis
automount: files [NOTFOUND=continue] nis
aliases: files
Related documents
NIS - Dept. of IE, CUHK Personal Web Server
NIS - Dept. of IE, CUHK Personal Web Server
Presenter - Railroad Commission
Presenter - Railroad Commission
Slave Resistance & Rebellion
Slave Resistance & Rebellion
4th Grade American History Lesson
4th Grade American History Lesson
Imagined Communities
Imagined Communities
The *Medical Plantation* As a Cultural Location of Disability
The *Medical Plantation* As a Cultural Location of Disability
Civil War Vocabulary Words
Civil War Vocabulary Words
America`s History Chapter 3
America`s History Chapter 3
BeninWestAfrica
BeninWestAfrica
Runaway Slave PowerPoint
Runaway Slave PowerPoint
Download
advertisement