NIS on DRBD [was Re: [DRBD-user] DRBD w/ Postfix]
Todd.Denniston at ssa.crane.navy.mil
Wed Dec 14 16:06:30 CET 2005
Todd Denniston wrote:
> Curtis Vaughan wrote:
>>However, although I would like to be able to synchronize all users
>>and their passwords, and all postfix settings, that would mean
>>making /etc also a drbd block device. But that's not possible now is
>>it - or not advisable as I would be synchronizing files that are box
>>specific (/etc/fstab, /etc/network/interfaces..., /etc/hostname, etc.).
>>An obvious solution would be an ldap server - but that is not an
>>option for certain reasons. So, is there a way to accomplish this?
> As for the passwords, I have vaguely investigated the possibility of having
> my primary (as in the drbd primary) server act as a NIS server, and because
> it would have it's config data on a DRBD heartbeat would need to control
> whether it was up or down. From a Fedora Core perspective both machines
> would need /etc/sysconfig/network to have STATD_HOSTNAME= set to the same
> thing, I think that may be enough (with everything else that was setup so
> they could be AN NFS server) so the NIS slaves would follow the fallover
> from machine to machine but I have not tried it yet.
As an update to this old subject, I have recently been moving NIS servers
around again, and have found out a few things related to the above message,
so here is the info for the archives.
The following are at least true with the Fedora Core 4 versions of the NIS
1) yppush (needed to send data to the slave machines) calls gethostname and
uses that to verify you are working on the machine the network thinks is the
NIS server. It seems to only use the data from gethostname to do the
verification, so it should be something that could be changed to get from the
command line (like makedbm does) or at least verify that the value it is being
compared with does not also resolve to an interface on the local host.
2) in the ypserv code reg_slp.c also calls gethostname with out verifying
that it does not have the interface used for configuring NIS.
However at least in broadcast mode the server itself did seem to work on a
host where the host name was different from the STATD_HOSTNAME, so if you did
not need slave servers, you could put the NIS server on a heartbeat controlled
drbd set and have fall overs work, I think.
More information about the drbd-user