2.1.8 与Slave相关的设定
当执行了 ypinit -m 之后,所有的主机上面的账号相关档案会被转成数据库档案, 这些数据库会被放置到 /var/yp/\当中,
[python] view plain copy print?在CODE上查看代码片派生到我的代码片 [root@node0 nis]# ls /var/yp/hikuss/
group.bygid hosts.byaddr mail.aliases passwd.byname protocols.byname rpc.byname services.byname ypservers
group.byname hosts.byname netid.byname passwd.byuid protocols.bynumber rpc.bynumber services.byservicename [root@node0 nis]#
1. 若变更了使用者帐号密码参数,针对这个档案进行数据库更新: [python] view plain copy print?在CODE上查看代码片派生到我的代码片 [root@node0 nis]# cd /var/yp/ [root@node0 yp]# make passwd 或
[root@node0 nis]# make -C /var/yp passwd
[python] view plain copy print?在CODE上查看代码片派生到我的代码片 make: Entering directory `/var/yp' Updating passwd.byname... Updating passwd.byuid...
make: Leaving directory `/var/yp'
2. 开启Slave服务推送
将 /var/yp/Makefile中的NOPUSH定义修改为false
[python] view plain copy print?在CODE上查看代码片派生到我的代码片 [root@node0 nis]# grep \
# slave servers (NOPUSH=true). If you have slaveservers, change this
# to \ NOPUSH=false [root@node0 nis]#
3. 指定Slave服务主机,告诉master要把数据给谁->node1
[python] view plain copy print?在CODE上查看代码片派生到我的代码片 [root@node0 nis]# cat /var/yp/ypservers node0 node1
[root@node0 nis]#
4. 启动 ypxfrd服务
可以让 slave 服务器主动链接上 ypxfrd 来更新数据库, 可以免除系统管理原自己手动更新。
[python] view plain copy print?在CODE上查看代码片派生到我的代码片 [root@node0 ~]# systemctl start ypxfrd
设置为自动启动
[python] view plain copy print?在CODE上查看代码片派生到我的代码片 [root@node0 ~]# systemctl enable ypxfrd
此外,如果 master 机器想要直接将某些特定的数据库直接传给 slave 主机的话, 那么可以使用 yppush 这个指令。
例如:#yppush -h slave.abcnis passwd.*
2.2 Slave server端配置 2.2.1 设置NIS域名
设置 NIS 的域名,新增如下内容 临时设置:
[python] view plain copy print?在CODE上查看代码片派生到我的代码片 [root@node0 nis]# nisdomainname hikuss 永久设置:
[root@node0 nis]# cat /etc/sysconfig/network
[python] view plain copy print?在CODE上查看代码片派生到我的代码片 # Created by anaconda NISDOMAIN=hikuss
YPSERV_ARGS=\
2.2.2 设置hosts
设定IP地址与主机名的对应关系/etc/hosts,新增如下内容
[python] view plain copy print?在CODE上查看代码片派生到我的代码片 [root@node0 nis]# cat /etc/hosts
192.168.192.90 node0 192.168.192.91 node1 192.168.192.92 node2
2.2.3 设置主要配置文件/etc/ypserv.conf 设定server端的主配置文件/etc/ypserv.conf
[python] view plain copy print?在CODE上查看代码片派生到我的代码片 [root@node0 nis]# cat /etc/ypserv.conf #
# ypserv.conf Inthis file you can set certain options for the NIS server, # andyou can deny or restrict access to certain maps based # on theoriginating host. #
# Seeypserv.conf(5) for a description of the syntax. #
# Some options for ypserv. This things are all notneeded, if # you have a Linux net.
# How many map file handles should be cached ? files: 30
# Should we register ypserv with SLP ? # slp: no
# After how many seconds we should re-register ypservwith SLP ? # slp_timeout: 3600
# xfr requests are only allowed from ports <1024 xfr_check_port: yes
# The following, when uncommented, will give you shadow like passwords. # Note that it will not work if you have slave NISservers in your # network that do not run the same server as you.
# Host : Domain : Map : Security #
# * : * : passwd.byname : port # * : * : passwd.byuid : port 127.0.0.0/255.255.255.0 : * : * : none 192.168.192.0/255.255.255.0 : * : * : none * : * : * : deny
# Not everybody should see the shadow passwords,not secure, since # under MSDOG everbody is root and can access ports< 1024 !!! * : * : shadow.byname : port * : * : passwd.adjunct.byname : port # If you comment out the next rule, ypserv andrpc.ypxfrd will
# look for YP_SECURE and YP_AUTHDES in the maps.This will make # the security check a little bit slower, but youonly have to
# change the keys on the master server, not theconfiguration files # on each NIS server.
# If you have maps with YP_SECURE or YP_AUTHDES,you should create # a rule for them above, that's much faster.
2.2.4 设置防火墙
让yppasswdd启动在固定端口,方便防火墙管理
[python] view plain copy print?在CODE上查看代码片派生到我的代码片 [root@node0 nis]# vi /etc/sysconfig/yppasswdd YPPASSWDD_ARGS=\
2.2.5 启动及开机启动 启动如下命令:
[python] view plain copy print?在CODE上查看代码片派生到我的代码片 [root@node0 nis]# systemctlstart ypserv
[root@node0 nis]# systemctlstart rpcbind [root@node0 nis]#
设置开机启动
[python] view plain copy print?在CODE上查看代码片派生到我的代码片 [root@node0 nis]# systemctl enable ypserv Created symlink from/etc/systemd/system/multi-user.target.wants/ypserv.service to/usr/lib/systemd/system/ypserv.service. [root@node0 nis]# systemctl enable rpcbind Created symlink from/etc/systemd/system/sockets.target.wants/rpcbind.socket to/usr/lib/systemd/system/rpcbind.socket. [root@node0 nis]#
2.2.6 拉取数据库 获取源数据库
[python] view plain copy print?在CODE上查看代码片派生到我的代码片 [root@node1 nis]# /usr/lib64/yp/ypinit -s node0
The local host's domain name hasn't been set. Please set it.
因为nisdomain没有设置,解决方法:
[python] view plain copy print?在CODE上查看代码片派生到我的代码片 [root@node1 nis]# nisdomainname hikuss
继续测试:
[python] view plain copy print?在CODE上查看代码片派生到我的代码片 [root@node1 nis]# /usr/lib64/yp/ypinit -s node0
We will need a few minutes to copy the data fromnode0. Transferring netid.byname... Trying ypxfrd ... not running ….
node1's NIS data base has been set up.
If there were warnings, please figure out what wentwrong, and fix it.
At this point, make sure that /etc/passwd and/etc/group have been edited so that when the NIS is activated, thedata bases you have just created will be used, instead of the /etcASCII files. [root@node1 nis]#
原因是Master server端ypxfrd没有启动。解决方案如下:
[python] view plain copy print?在CODE上查看代码片派生到我的代码片 [root@node0 ~]# systemctl start ypxfrd 继续获取:
[python] view plain copy print?在CODE上查看代码片派生到我的代码片
[root@node1 nis]# /usr/lib64/yp/ypinit -s node0
We will need a few minutes to copy the data fromnode0. Transferring netid.byname... Trying ypxfrd ... success
Transferring mail.aliases... Trying ypxfrd ... success …
Transferring ypservers... Trying ypxfrd ... success
node1's NIS data base has been set up.
If there were warnings, please figure out what wentwrong, and fix it.
At this point, make sure that /etc/passwd and/etc/group have been edited so that when the NIS is activated, thedata bases you have just created will be used, instead of the /etcASCII files. [root@node1 nis]# 测试结果:
[python] view plain copy print?在CODE上查看代码片派生到我的代码片 [root@node1 ~]# ypcat -h localhost pawww.shanxiwang.netsswd.byname
nisuser1:$1$2e4n/ePv$xnfaSHSSUZhApRpjHn1Lw.:1001:1001::/home/nisuser1:/bin/bash nisuser2:$1$NBitWXE9$43ezdKoamgw0ze8PnIOtT/:1002:1002::/home/nisuser2:/bin/bash nisuser3:$1$GUtQO.zB$38oGHfzgWGYG84cKa7bkZ0:1003:1003::/home/nisuser3:/bin/bash nisuser4:$1$nc3FDwqx$aKhlazecXTmDSmGciCBkG1:1004:1004::/home/nisuser4:/bin/bash nisuser5:$1$krWvFybT$yUwL3dCDVz0qp5Sg7wifX1:1005:1005::/home/nisuser5:/bin/bash [root@node1 ~]#
2.2.7 设置数据同步时间
利用crontab设置数据同步时间,在/etc/crontab最后添加如下同步命令: [python] view plain copy print?在CODE上查看代码片派生到我的代码片 */5 * * * * /usr/lib64/yp/ypxfr -h node0 passwd.byname */5 * * * * /usr/lib64/yp/ypxfr -h node0 passwd.byuid
更改配置文件/usr/lib64/yp/ypxfr_1perday,/usr/lib64/yp/ypxfr_1perhour, /usr/lib64/yp/ypxfr_2perday:
[python] view plain copy print?在CODE上查看代码片派生到我的代码片 $YPBINDIR/ypxfr $map -h node0
2.3 Client端配置 安装软件:
[python] view plain copy print?在CODE上查看代码片派生到我的代码片 [root@node2deps-centos72_1511]# rpm -ivh