680 likes | 883 Views
Introduction to NIS. Suzanne Widup. Class Objectives. Obtain familiarity with NIS daemons and architecture Build an NIS master, slave and client Be able to make changes to maps and distribute them Understand how NIS is used in DSI. Unit 1: What is NIS?.
E N D
Introduction to NIS Suzanne Widup
Class Objectives • Obtain familiarity with NIS daemons and architecture • Build an NIS master, slave and client • Be able to make changes to maps and distribute them • Understand how NIS is used in DSI
Unit 1: What is NIS? • A major problem in running a distributed computing environment is maintaining separate copies of common configuration files (i.e., passwd, hosts, group, etc.) • Shared storage requires uids and gids in sync across multiple hosts. • Network Information System (NIS) addresses this by having one copy of the files shared among all members of the NIS domain. • NIS was originally called Yellow Pages, and the daemons are still prefaced with “yp”, but the name was changed to NIS due to legal concerns.
How Does NIS Share Info? • Changes are made to the master’s maps. • The master pushes these changes to the slaves. • The clients query the slaves when they need information.
The NIS Master • Responsible for map maintenance and distribution of maps to it’s slave servers. • This host has the original copies of the maps, and this is where you make changes to the maps. • Files live under /var/yp, with the source files in /var/yp/src
NIS Slaves • Slave servers keep a read-only copy of the maps. • Preferably, at least one slave per subnet, because clients will do a broadcast to find a server to bind with, and that cannot cross subnets. • The preferred binding is to slaves for performance reasons, and reliability concerns.
NIS Clients • Don’t contain copies of the maps, these servers will query the slave server when they need to look something up. • If there is no slave server on the subnet of the client, the system will have to be set up with a -ypsetme option in the startup scripts to tell it where to bind. • This means that if that slave server fails, the client will need to be manually told who to bind with, unless there is a ypservers file.
The Maps • A map is an NIS data file. • When a client needs information that would normally be in one of it’s local files, it queries the slave it’s bound to and gets the information from there. • For some of the files, such as passwd, the NIS map looks much like the file would look on a non NIS host. For other files, such as auto.home, the file looks somewhat different. • Maps are created with the makedbm command.
What Works Well Under NIS • Environments where a user needs to be able to use any computer. • Systems that use common storage and need users and groups to be kept in sync. • Large installations where manual administration of the files would be time prohibitive.
Domains • Basically, a domain is defined as a group of servers who share the same NIS maps. • Reasons for having more than one domain include the size of the domain and the level of failure protection required, load balancing, network considerations, and user requirements.
DSI Standards • NIS Masters will be Solaris boxes • NIS Slaves will be Solaris boxes • NIS Clients can be any supported platform • Network Appliances are only supported for binding to unix boxes (for future reference).
ypset • Example: #ypset sca-sun04 • Used when a slave is not available on the same subnet. Points ypbind at a particular server. • First, ypbind must be called with the -ypsetme option, otherwise the ypset command will be ignored.
ypwhich • Example: #ypwhich sca-sun07 • Used to determine which server the host is bound to. Will return a hostname if the binding was successful.
ypbind • Ypbind is run on all client hosts, whether or not the system is also running ypserv. • Called from the startup scripts (on sun: /usr/lib/netsvc/yp/ypstart) • This is used to tell a client to bind to a server. • The default mode is -broadcast, if not called with -broadcast, ypbind steps through the ypservers file to try and bind to a client. If the server is on another subnet, must be called with the -ypset option to force ypbind to accept ypset commands. • The ypset command tells the server who to bind to. • All hosts must be in the local hosts table before they can be called by ypset.
ypserv • Ypserv runs on the slave and master servers. It is the daemon that makes them a server, vs. a client and allows them to serve the maps to the clients.
ypinit • Ypinit can be used to set up an NIS system. • The -c option sets up a client • The -m option is to build a master server database • The -s master_server option builds the slave database. The master_server variable must equal the same master configured in the yp maps and returned by the ypwhich -m command. You must use the fully qualified domain name in this variable. • Ypinit only sets up systems for the domain it belongs to.
ypcat • Example: ypcat passwd • Requests a cat of the passwd map from the bound system • This is a good test to see if the setup you have performed has worked correctly. If you type ypcat passwd and don’t see the password file scroll across the screen, there’s a problem.
yppasswd • Example: yppasswd swidup2 • This changes the passwd on the NIS system for the user swidup2.
ypmatch • Example: ypmatch swidup2 passwd • Queries the slave system for the entry in the passwd map that matches swidup2.
makedbm • This is the command used to turn a file in to an NIS map. • Example: cat /tmp/ypservers | makedbm - /var/yp/peoplesoft.com/ypservers This will take the contents of the file /tmp/ypservers, and send it as input into the makedbm command. It will output the map as /var/yp/peoplesoft.com/ypservers.
yppush • This command is responsible for distributing, or pushing, the maps from the master out to the slaves. • If the make is not pushing a map out that you want it to, you can either touch the map (thus changing the time stamp) or you can initiate a push using yppush.
ypxfrd • This daemon is issued from the slaves to initiate an update from the master of the maps.
Setting the domainname • Type • domainname <yourdomainhere> • Example: • domainname nisclass.peoplesoft.com
Exercise 1:Using the yp commands • What command would you use to change your password in NIS? • What command would you use to determine the domain of a host? • What command would you use to determine if a host is bound to an NIS slave/master? • What command would you use to get info from the passwd map on the user bozo?
Unit 3: The Configuration Files • The Makefile • The .time files • ypservers • The /var/yp/src directory
The Makefile • When the server is installed, a default Makefile is provided. You will need to configure this file to prepare the server to be an NIS master. • This file tells the master what maps are being used, where the source directory is, and other parameters. • The original and altered makefiles can be found in the Appendices at the back of this manual.
The .time Files • These are used by the system to record the last push so that the system knows when changes have been made to existing maps. • Do not make any alterations to these files.
The ypservers file • The ypservers file is actually an NIS map • It is created by creating a file with a list of the servers to bind with • makedbm /tmp/ypserversfile ypservers • This will make the map
The /var/yp/src Directory • Contains all the master’s map source files (this is a configurable parameter, so files don’t have to be here. This is the DSI standard. • Make changes to these maps in /var/yp/src • Then type cd .. • And type make • This pushes the files out to the NIS slaves.
Unit 4: NIS Installation • The NIS Master • The NIS Slaves • The NIS Clients • Adding a Network Appliance to an NIS domain
Installing the NIS Master • Preparing the maps • The Makefile • Make changes to the configuration files • Start up the daemons
Preparing the Maps • Create the hosts, passwd, and group maps from the data files provided. • Each team will make a different map: • Team 1: passwd/shadow • Team 2: group • Team 3: hosts • Team 4: auto.home • Team 5: ypservers
Configuring the Makefile • The default Makefile has been configured for this server. The main changes that were made include setting the source directory, and configuring which maps will be used on this server. • Examples of the before and after makefiles can be found in the Appendices of this manual.
Using ypinit • The easiest way to configure a master server is as follows: • set the domain name • configure the makefile • make changes to hosts and nsswitch.conf • run ypinit -m to configure a master server and answer the questions
Exercise 2: Turning up the Master Server • As a class, we will: • set the domain • view the changes to the Makefile • make changes to nsswitch.conf • Each team will then build their assigned map • As a class, we will run ypinit
Installing an NIS Slave • The ypserv daemon • Changes to files
The ypserv Daemon • Started from/usr/lib/netsvc/yp • We will use ypinit -s <master_server> to configure this.
Changes to Files • To prepare a slave (or client) server to read the NIS maps: • Add the following line to the bottom of the /etc/passwd file: +::0:0::: • Add the following line to the bottom of the /etc/shadow file: +:::::::: • Add the following to the /etc/group file: +::: • Change nsswitch.conf to refer to NIS (an example can be found in the Appendices section) • Put ypservers list in /etc/hosts
Exercise 3: Turning up the Slave • Set the domain name and put it in /etc/defaultdomain as well • ypinit -c and put in the ypservers list (in order of the host machine, the master, and any other slaves) • Make changes to passwd, group, etc. --any files that will be maps in NIS • Modify /etc/nsswitch.conf so that NIS is used by passwd, group, etc. • /usr/lib/netsvc/yp/ypstop • /usr/lib/netsvc/yp/ypstart rpcstart • ypinit -s <Master_Server FQDN> • /usr/lib/netsvc/yp/ypstop • /usr/lib/netsvc/yp/ypstart rpcstart
Installing an NIS Client • The ypbind daemon • Changes to files
The ypbind Daemon • This is started up by issuing the command: • >/usr/lib/netsvc/yp/ypstart rpcstart • It is configured in /usr/lib/netsvc/yp/ypstart (this is where you’d issue the ypset commands) • Alternatively, you can start a client using ypinit -c and specify the list of servers for it to bind to.
Changes to Files • To prepare a slave (or client) server to read the NIS maps: • Add the following line to the bottom of the /etc/passwd file: +::0:0::: • Add the following line to the bottom of the /etc/shadow file: +:::::::: • Add the following to the /etc/group file: +::: • Change nsswitch.conf to refer to NIS (an example can be found in the Appendices section) • Put ypservers list in /etc/hosts
Exercise 4: Turning up the Client • Set the domain name and put it in /etc/defaultdomain as well • ypinit -c • Modify passwd, shadow, group, etc -- all files that need to refer to maps. • Start ypbind: • dragon>/usr/lib/netsvc/yp/ypstart rpcstart • Test NIS functionality by typing the following commands: • dragon>ypwhich • This should respond with the name of the NIS server the system is bound to. • Next type: • dragon>ypcat passwd • You should see the NIS password file scroll across your screen.
Adding a Network Appliance to NIS • Options commands • The rc file changes • Hosts table changes
The Options Command The nis options commands should be set as follows: nis.domainname <domainname> nis.enable on nis.group_update.enable off nis.group_update_schedule 24 nis.servers <ypservers>,*
Changes to the rc file • The following lines should be added to the rc file on the filer: • options nis.domainname <domainname> • options nis.enable on • options nis.servers <ypservers>,* • options nis.group_update.enable off
Changes to the Hosts Table • All of the servers listed in the options nis.servers command need to have entries in the hosts table on the filer.
Unit 5: Architecture Changes and Startup/Shutdown • Removing a Slave Server • Order of shutdown for environment • Bringing up the environment after a full shutdown of the masters and slaves