Managing distributed systems - was: Re: /usr/etc and /usr/local/etc?
> > > > Think about a pool of 100 diskless terminals all having a copy of
> > > > /etc/resolve.conf and many other files in etc. Now consider changing
> > > > the nameserver for the terminals. Its a problem of space and
> > > > administrativ work that makes me want a /usr/etc or
> > > > /etc/share. At the moment one has to copy the shareable files to
> > > > /etc/share and symlink them in /etc.
> > >
If you have a pool of 100 diskless terminals (or even of one or two) I suggest
you look at DHCP for that part. It is intended to hand out parameters such
as the nameservers to use (and before people start talking about it being
a Microsoft protocol - the reference implementation comes from the Internet
Software Consortium - the people who produce the reference name server
implementation - it is DFSG free and already packaged) DHCP is what the people
choose who have serious numbers of systems (there are people on the DHCP list
with 20,000 clients being served)
> > > No, this is what NIS is for.
NIS was invented to distribute information like the hosts file across a
network - but it was the first attempt to do something like that - the
lessons from NIS are being applied to LDAP - the lightweight directory
access protocol - I suggest looking at LDAP if you run a large network.
There is a lot to learn, but it is worth it.
> > Exactly and it is seamlessly integrated with nsswitch.conf lookups.
> > However, it *is* limited to files that have lookup keys available -
> > e.g., passwd works fine but init.d scripts probably can't use this.
LDAP lookups are seamlessly integrated into nsswitch, and like NIS it can
also be used to distribute your user database information. It can also be
used to control access to apache etc.
You could put ldap tests into init.d - easiest way would be to write a little
perl script to retrieve the information you want from LDAP, or use ldapsearch
directly and parse its output.
> So I should setup NIS for one and only one Server to copy one file to
> 100 subdirs each time the file changes? I dont thing NIS was ment for
> single server systems. The diskless maschines usually dont have write
> access to the system files and thus arent even able to run NIS to
> update their configs.
With LDAP you authenticate to the database from anywhere - you dont have to
change files on a master server and run a script. You can provide web pages
with CGI scripts to update the directory - so that the network can be
managed from anywhere with a web browser.
The whole Directory Enabled Networking business is starting to come together,
and it is possible to do it all with open standards. Where the standards are
open free software tends to succeed because its authors concentrate on
delivering the raw functionality, rather than marketing twiddles.