How To Configure NIS Master, Slave And Client Configuration On Compute Nodes In Exalogic Elastic Cloud Software 2.x Physical Environment

Asset ID:	1-79-1470844.1
Update Date:	2017-07-14
Keywords:

Solution Type Predictive Self-Healing Sure

Solution 1470844.1 : How To Configure NIS Master, Slave And Client Configuration On Compute Nodes In Exalogic Elastic Cloud Software 2.x Physical Environment

Applies to:

Oracle Exalogic Elastic Cloud Software - Version 2.0.0.0.0 and later
Exalogic Elastic Cloud X3-2 Hardware
Linux x86-64

Purpose

This document provides a step-by-step illustration of how to setup and configure compute nodes within an Exalogic Elastic Cloud Software (EECS) 2.x environment to provide an NIS environment comprised of MASTER/SLAVE servers and NIS CLIENTS. The note can be followed to setup a NIS environment that provides Naming Services within a rack to meet ID mapping requirements that need to be observed when mounting remote file-systems via the Network File System (NFS) Version 4 protocol (NFSv4).

Scope

The configuration steps provided within this note apply to Exalogic environments where a default, out-of-the-box, networking configuration implemented by Exalogic Configuration Utility (ECU) is present. The NIS configuration provided here is intended to be used to create a private NIS configuration used solely within a specific Exalogic rack by the compute nodes and ZFS Storage applicance components present within that rack. To meet this requirement, while also observing additional security considerations, it is therefore intended that NIS servers, both MASTER and SLAVES, bind to the private (IPoIB) addresses that are used solely for inter-component configuration within the rack and that NIS related network traffic takes place across the IPoIB network that is accessible within the confines of the Exalogic rack.

Details

Overview

Map out which compute nodes will perform the NIS MASTER, NIS SLAVE and NIS CLIENT roles
- Designate one compute node to be your NIS MASTER Server (e.g. orael22cn01)
- Designate one or more compute nodes to be NIS SLAVE Servers (e.g. orael22cn02)
- The remaining nodes will be NIS CLIENTS (e.g. orael22cn03 .. orael22cn16)
Confirm required NIS related packages required by each node are installed
- On the compute nodes running NIS MASTER and NIS SLAVE servers, ensure the following NISrelated packages are installed:
  - ypserv: ypserv-2.19-9.el5_8.1.x86_64.rpm (or later)
  - yptools: yp-tools-2.9-1.el5 (or later)
  - ypbind: ypbind-1.19-12.el5_6.1.x86_64.rpm (or later)
- On the compute nodes that will be running as NIS CLIENT nodes, ensure the following NISrelated package has been installed:
  - ypbind: ypbind-1.19-12.el5_6.1.x86_64.rpm (or later)
Configure your NIS domain at the Operating System level across all compute nodes (MASTER/SLAVE/CLIENT)
- Setup NISDOMAIN in /etc/sysconfig/network
- Within /etc/hosts, on MASTER and SLAVE servers, define an entry near the top of the file that associates the NIS hostname of the MASTER with the servers IP address on the private (IPoIB) network
- Within /etc/nsswitch.conf subscribe to NIS for passwd, shadow and group naming services
- Within /etc/yp.conf append entries identifying each NIS server in the system (both MASTER and SLAVE servers)
Initialize the YP MASTER Server
- run /usr/lib64/yp/ypinit -m and declare the list of compute nodes where NIS SLAVE Servers will be running (ensure the hostnames provided map to the private IB addresses of each compute node)
Initialize YP SLAVE Servers
- For each compute node where an NIS SLAVE Server will be running, invoke: /usr/lib64/yp/ypinit -s <NIS hostname associated with the private (IPoIB) address of the MASTER>
  - the required value can be determined from the output of ypinit -m or the first line of /var/yp/ypservers from the MASTER
Configure YP CLIENTS
- Configure /etc/ypserv.conf on all servers (including NIS MASTER and NIS SLAVES, since they will also be NIS CLIENTS)
  - On NIS CLIENT systems, references to MASTER and SLAVE servers will use the private (IPoIB) addresses that Exalogic automatically creates within the generated /etc/hosts file
Test NIS Usage Scenarios
- Test password propagation from MASTER to SLAVE
- Test fail over from MASTER to SLAVE

Detailed Configuration Steps

Map out which compute nodes will perform the NIS MASTER, NIS SLAVE and NIS CLIENT roles

For the purpose of this example, let us assume an Exalogic half rack system comprising 16 compute nodes, which follows the naming convention: orael22cn01, elorael22cn02, .., elorael22cn16.

Designate one node that will provide the role of the NIS MASTER Server, for our example this will be orael22cn01.
Designate at least one additional node to fulfil the role of a NIS SLAVE Server, for our example this will be orael22cn02.
All other nodes (orael22cn03 .. orael22c03) will play the role of NIS CLIENTS
- NOTE: In addition to their special role as NIS MASTER or NIS SLAVE, nodes orael22cn01 and orael22cn02 will also need to run as NIS CLIENTS

Confirm required NIS related packages required by each node are installed

Run the following command against each node of your system to identify which version of the required NIS software packages are currently installed:

[root@orael22cn01 ~]# rpm -qa|grep -e ypserv -e yp-tools -e ypbind
ypserv-2.19-9.el5_8.1
yp-tools-2.9-1.el5
ypbind-1.19-12.el5_6.1

[root@orael22cn01 ~]#

If you see the above versions (or later) then you already have the required packages at the appropriate version and can continue on to the section: "Configure your NIS domain at the Operating System level across all compute nodes (MASTER/SLAVE/CLIENT)".

However, if the reported versions are earlier than the above the please apply a later Exalogic Patch Set Update (PSU) in order to upgrade them - the required versions will be installed if you apply the July 2012 release (or later) of the Exalogic Patch Set Update (PSU).

Installing/Updating NIS packages more individually (e.g. outside of the application of a PSU)

If it not yet practical to adopt later versions of Exalogic PSU, then these packages can be updated individually through Oracle's Unbreakable Linux Network by using tools such as up2date and yum. For example, assuming your Exalogic system has access to the internet via a proxy server, the public yum repository for Oracle Enterprise Linux archive can be added to your yum configuration via the following steps:

[root@orael22cn01 ~]# if [[ ! -d "/etc/yum.repos.d" ]]; then mkdir -p "/etc/yum.repos.d"; fi
[root@orael22cn01 ~]# cd /etc/yum.repos.d
[root@orael22cn01 yum.repos.d]# if [[ -e "public-yum-el5.repo" ]]; then mv "public-yum-el5.repo" "public-yum-el5.repo.orig"; fi
[root@orael22cn01 yum.repos.d]# export http_proxy="http://my-proxy.mydns.domain"
[root@orael22cn01 yum.repos.d]# wget http://public-yum.oracle.com/public-yum-el5.repo
--2012-06-26 17:27:18-- http://public-yum.oracle.com/public-yum-el5.repo
Resolving public-yum.oracle.com... 141.146.44.34
Connecting to public-yum.oracle.com|141.146.44.34|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3974 (3.9K) [text/plain]
Saving to: `public-yum-el5.repo'

100%[==============================================================================>] 3,974 --.-K/s in 0s

2012-06-26 17:27:18 (8.21 MB/s) - `public-yum-el5.repo' saved [3974/3974]

[root@orael22cn01 yum.repos.d]#

Once the above has been completed each package (ypserv, yp-tools and ypbind) can be installed/updated using a yum install <package> command similar to the following example illustrating the installation of ypserv:

[root@orael22cn01 ~]# yum install ypserv
Loaded plugins: security
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package ypserv.x86_64 0:2.19-9.el5_8.1 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

========================================================================================================================
 Package Arch Version Repository Size
========================================================================================================================
Installing:
 ypserv x86_64 2.19-9.el5_8.1 el5_latest 148 k

Transaction Summary
========================================================================================================================
Install 1 Package(s)
Upgrade 0 Package(s)

Total download size: 148 k
Is this ok [y/N]: y
Downloading Packages:
ypserv-2.19-9.el5_8.1.x86_64.rpm | 148 kB 00:00
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 1e5e0159
el5_latest/gpgkey | 1.4 kB 00:00
Importing GPG key 0x1E5E0159 "Oracle OSS group (Open Source Software group) <build@oss.oracle.com>"
from http://public-yum.oracle.com/RPM-GPG-KEY-oracle-el5
Is this ok [y/N]: y
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
 Installing : ypserv 1/1

Installed:
 ypserv.x86_64 0:2.19-9.el5_8.1

Complete!

NOTE:

On the MASTER and SLAVE install all three packages: ypserv, yp-tools and ypbind.
On an NIS CLIENT compute node, at a minimum, only the ypbind package need be installed
After installation again run rpm -qa|grep -e ypserv -e yp-tools -e ypbind to confirm that the updated packages now meet the version required

Note also that ypbind is one of the packages for which tools like /opt/exalogic.tools/CheckSWProfile and Exacheck expect to find instaled at a specific revision. As a result of updating ypbind to a level that is more updated than expected,
these tools will begin to flag warnings that the installed version is no longer a match for the version expected. Such a warning may look similar to the warning seen in the following output:

# /opt/exalogic.tools/tools/CheckSWProfile
[SUCCESS]........Has supported operating system
[SUCCESS]........Has supported processor
[SUCCESS]........Kernel is at the supported version
[SUCCESS]........Has supported kernel architecture
[FAILURE]........Software does not match with the supported profile. See below.
[FAILURE]........Not found: ypbind-1.19-12.el5.x86_64.rpm

Where you have manually updated a package to a revision required by an Oracle technical note the deviation is to be expected and the warning can be ignored. You will need to understand the significance of the change and continue to ignore the warning until the package or installed pacakge definitions are updated during a later upgrade or after applying the next quarterly Patch Set Update to the Exaloic Elastic Cloud Software (EECS).

Configure your NIS domain at the Operating System level across all compute nodes (MASTER/SLAVE/CLIENT)

Setup NISDOMAIN in /etc/sysconfig/network

On each and every compute node (MASTER/SLAVE/CLIENT):

First, backup the current /etc/sysconfig/network file

[root@orael22cn01 ~]# cp /etc/sysconfig/network /etc/sysconfig/network.`date +%d-%B-%Y_%H-%M-%S`
[root@orael22cn01 ~]#

Next, edit /etc/sysconfig/network and add NISDOMAIN and domainname entries defining your NIS domain, for example:
```
NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=orlel22cn01
NISDOMAIN=mynis.com
domainname=mynis.com
```

NOTE:

It is important that the NISDOMAIN be set consistently across all compute nodes: MASTER, SLAVE and CLIENT
It is also expected that the hostname, as returned by the command hostname -s, returns a hostname that does not contain any suffix such as -priv, -adm, -mgmt etc.

On the NIS MASTER and SLAVE servers, create an additional hostname mapping to the MASTER, which is required for ypinit commands to work as required

Typically, the /etc/hosts configuration file on an Exalogic system contains entries that:

use -priv (or other user defined suffix) to map hostnames to private (IPoIB) addresses accessible only within the Exalogic rack
For example:
```
192.168.10.101  orael22cn01-priv.localdomain   orael22cn01-priv
```
use -adm (or other user defined suffix) to map hostnames to IP addresses on the management network
For example:
```
10.141.135.1    orael22cn01-adm.mydnsdomain.com   orael22cn01-adm
```
map hostnames without any suffix to the public (EoIB) addresses accessible from outside the rack
For example:
```
10.141.133.1    orael22cn01.mydnsdomain.com       orael22cn01
```

In networking environments such as Exalogic, where multiple networks are defined, it is currently necessary to provide an additional entry in /etc/hosts to work around a limitation in the way NIS automatically selects a network address for the NIS MASTER to bind to.

During execution of ypinit -m on the MASTER, NIS obtains the short hostname for the current system and searches through entries in /etc/hosts (from top to bottom) to locate the line that provides a full and exact match for the short hostname. From the first match identified, NIS then uses the hostname following the IP address at the start of that line and automatically inserts that as the first entry in the /var/yp/ypservers configuration file.

When configuring NIS for private use within an Exalogic rack, it is desirable to constrain NIS traffic to the private (IPoIB) network. To do so it is necessary to ensure that on the MASTER, the first entry within /etc/hosts that matches the short hostname provides a mapping to the private (IPoIB) address and a qualified hostname for the MASTER that includes the <nisdomainname>.

For example:

192.168.10.101  orael22cn01.mynis.com   orael22cn01

A similar requirement exists for /etc/hosts on each SLAVE server, where ypinit -s is run to initialize the NIS configuration. However on each SLAVE the /etc/hosts entry need NOT include the short hostname and only provide the private (IPoIB) address and fully qualified NIS hostname (.<nisdomainname>) as illustrated below:

192.168.10.101  orael22cn01.mynis.com

Near the top of /etc/hosts on MASTER and SLAVE servers, define an additional entry providing the required mapping for the private (IPoIB) address and <hostname>.<NISDOMAIN>

First, save a backup of the current /etc/hosts file:

[root@orael22cn01 ~]# cp /etc/hosts /etc/hosts.`date +%d-%B-%Y_%H-%M-%S`
[root@orael22cn01 ~]#

Next, using a suitable text editor, edit /etc/hosts and create an additional entry near the top of the file as shown below:

#### BEGIN Generated by Exalogic. DO NOT MODIFY ####
127.0.0.1       localhost.localdomain   localhost

### Entry required for NIS Master
192.168.10.101 orael22cn01.mynis.com orael22cn01

### Compute Node Private Interface details
192.168.10.101  orael22cn01-priv.localdomain   orael22cn01-priv
192.168.10.102  orael22cn02-priv.localdomain   orael22cn02-priv
192.168.10.103  orael22cn03-priv.localdomain   orael22cn03-priv
192.168.10.104  orael22cn04-priv.localdomain   orael22cn04-priv
192.168.10.105  orael22cn05-priv.localdomain   orael22cn05-priv
192.168.10.106  orael22cn06-priv.localdomain   orael22cn06-priv
192.168.10.107  orael22cn07-priv.localdomain   orael22cn07-priv
192.168.10.108  orael22cn08-priv.localdomain   orael22cn08-priv
192.168.10.109  orael22cn09-priv.localdomain   orael22cn09-priv
192.168.10.110  orael22cn10-priv.localdomain   orael22cn10-priv
192.168.10.111  orael22cn11-priv.localdomain   orael22cn11-priv
192.168.10.112  orael22cn12-priv.localdomain   orael22cn12-priv
192.168.10.113  orael22cn13-priv.localdomain   orael22cn13-priv
192.168.10.114  orael22cn14-priv.localdomain   orael22cn14-priv
192.168.10.115  orael22cn15-priv.localdomain   orael22cn15-priv
192.168.10.116  orael22cn16-priv.localdomain   orael22cn16-priv

### Compute Node Public Interface details
10.141.133.1    orael22cn01.mydnsdomain.com       orael22cn01
10.141.133.2    orael22cn02.mydnsdomain.com       orael22cn02
10.141.133.3    orael22cn03.mydnsdomain.com       orael22cn03
10.141.133.4    orael22cn04.mydnsdomain.com       orael22cn04
10.141.133.5    orael22cn05.mydnsdomain.com       orael22cn05
10.141.133.6    orael22cn06.mydnsdomain.com       orael22cn06
10.141.133.7    orael22cn07.mydnsdomain.com       orael22cn07
10.141.133.8    orael22cn08.mydnsdomain.com       orael22cn08
10.141.133.9    orael22cn09.mydnsdomain.com       orael22cn09
10.141.133.10   orael22cn10.mydnsdomain.com       orael22cn10
10.141.133.11   orael22cn11.mydnsdomain.com       orael22cn11
10.141.133.12   orael22cn12.mydnsdomain.com       orael22cn12
10.141.133.13   orael22cn13.mydnsdomain.com       orael22cn13
10.141.133.14   orael22cn14.mydnsdomain.com       orael22cn14
10.141.133.15   orael22cn15.mydnsdomain.com       orael22cn15
10.141.133.16   orael22cn16.mydnsdomain.com       orael22cn16


### Compute Node Admin Interface details
10.141.135.1    orael22cn01-adm.mydnsdomain.com   orael22cn01-adm
10.141.135.2    orael22cn02-adm.mydnsdomain.com   orael22cn02-adm
10.141.135.3    orael22cn03-adm.mydnsdomain.com   orael22cn03-adm
10.141.135.4    orael22cn04-adm.mydnsdomain.com   orael22cn04-adm
10.141.135.5    orael22cn05-adm.mydnsdomain.com   orael22cn05-adm
10.141.135.6    orael22cn06-adm.mydnsdomain.com   orael22cn06-adm
10.141.135.7    orael22cn07-adm.mydnsdomain.com   orael22cn07-adm
10.141.135.8    orael22cn08-adm.mydnsdomain.com   orael22cn08-adm
10.141.135.9    orael22cn09-adm.mydnsdomain.com   orael22cn09-adm
10.141.135.10   orael22cn10-adm.mydnsdomain.com   orael22cn10-adm
10.141.135.11   orael22cn11-adm.mydnsdomain.com   orael22cn11-adm
10.141.135.12   orael22cn12-adm.mydnsdomain.com   orael22cn12-adm
10.141.135.13   orael22cn13-adm.mydnsdomain.com   orael22cn13-adm
10.141.135.14   orael22cn14-adm.mydnsdomain.com   orael22cn14-adm
10.141.135.15   orael22cn15-adm.mydnsdomain.com   orael22cn15-adm
10.141.135.16   orael22cn16-adm.mydnsdomain.com   orael22cn16-adm

### Storage Node Private Interface details

10.141.135.17   orael22sn01-adm.mydnsdomain.com   orael22sn01-adm
10.141.135.18   orael22sn02-adm.mydnsdomain.com   orael22sn02-adm
192.168.10.131  orael22sn.localdomain   orael22sn

### Switch management ip details

10.141.135.37   orael22gw01-ilom.mydnsdomain.com  orael22gw01-ilom
10.141.135.38   orael22gw02-ilom.mydnsdomain.com  orael22gw02-ilom

#### END   Generated by Exalogic.               ####

NOTE:

The additional entry to /etc/hosts is needed on ALL NISservers:
- ON the MASTER:
  the final item on the required entry MUST contain the short hostname for the MASTER that must match the output from the comamnd hostname -s, for example:
```
192.168.10.101  orael22cn01.mynis.com   orael22cn01
```
- ON each SLAVE:
  to minimize the impact of network changes the additional entry should NOT include the short hostname for the MASTER. The required entry on each SLAVE will therefore be identical to the entry on the MASTER in every respect except that it will only contains the first two components of the entry added on the MASTER, for example:
```
192.168.10.101  orael22cn01.mynis.com
```
All other nodes running NIS CLIENTS should continue to make references to the MASTER or SLAVE servers using the Exalogic generated /etc/hosts entries with the -priv (or other user defined suffix)
It is important that the additional entry be added at the TOP of the /etc/hosts file (immediately below the localhost entry) so that it is located ABOVE all entries that were automatically generated by Exalogic.

On the MASTER, where the short hostname is included in the newly added entry (shown below in red), the addition typically creates a conflict with the Compute Node Public Interface entry that was automatically generated by Exalogic and will still exist later in the file (as shown below in blue):

#### BEGIN Generated by Exalogic. DO NOT MODIFY ####
127.0.0.1       localhost.localdomain   localhost

### Entry required for NIS Master

192.168.10.101 orael22cn01.mynis.com orael22cn01

### Compute Node Private Interface details
192.168.10.101  orael22cn01-priv.localdomain   orael22cn01-priv
     :
192.168.10.116  orael22cn16-priv.localdomain   orael22cn16-priv

### Compute Node Public Interface details

10.141.133.1 orael22cn01.mydnsdomain.com orael22cn01

    :
10.141.133.16   orael22cn16.mydnsdomain.com       orael22cn16

...

#### END   Generated by Exalogic.               ####

You need to be aware of potential impact to any applications running on the MASTERthat use the short hostname as the address for network connections they create:
- After the change, the short hostname will resolve to a private (IPoIB) network address
- Therefore applications running on the MASTER that use the short hostnames to create network connections within the MASTER will, after the change, establish their connections to the private (IPoIB) address rather than the public (EoIB) address they used previously.
- Note that the impact from this change is minimal since it applies only to the MASTER and only impacts connections opened back to itself that use the short rather than fully qualified hostname as the connection address.

Within /etc/nsswitch.conf subscribe to NIS for passwd, shadow and group naming services

On each and every one of the nodes (MASTER/SLAVE/CLIENT):

Backup and edit /etc/nsswitch.conf

[root@orael22cn01 ~]# cp /etc/nsswitch.conf /etc/nsswitch.conf.`date +%d-%B-%Y_%H-%M-%S`
[root@orael22cn01 ~]#

Edit /etc/nsswitch.conf and locate the three lines defining the order in which the naming service will locate passwd, shadow password and group data
Append nis to each entry to ensure that data available from NIS is used when looking up passwd and group entries, as shown below:

  :
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis

passwd:     files nis
shadow:     files nis
group:      files nis
  :

Within /etc/yp.conf append entries identifying each NIS server in the system (both MASTER* and SLAVE servers)*

The /etc/yp.conf file is used to provide NIS clients with the list of NIS Servers that can be used to satisfy NIS related queries.

Backup /etc/yp.conf

[root@orael22cn01 ~]# cp /etc/yp.conf /etc/yp.conf.`date +%d-%B-%Y_%H-%M-%S`
[root@orael22cn01 ~]#

Edit /etc/yp.conf and add a domain entry for each NIS MASTER or SLAVE server you have elected to configure

For each NIS server, provide the hostname that maps to an IP address on the private Infiniband network (with a -priv suffix), as shown below:

# /etc/yp.conf - ypbind configuration file
# Valid entries are
#
# domain NISDOMAIN server HOSTNAME
#    Use server HOSTNAME for the domain NISDOMAIN.
#
# domain NISDOMAIN broadcast
#    Use  broadcast  on  the local net for domain NISDOMAIN
#
# domain NISDOMAIN slp
#    Query local SLP server for ypserver supporting NISDOMAIN
#
# ypserver HOSTNAME
#    Use server HOSTNAME for the  local  domain.  The
#    IP-address of server must be listed in /etc/hosts.
#
# broadcast
#    If no server for the default domain is specified or
#    none of them is reachable, try a broadcast call to
#    find a server.
#
domain mynis.com server orael22cn01-priv.localdomain
domain mynis.com server orael22cn02-priv.localdomain

Modify the NIS Server configuration on the MASTER

The following steps need be performed ONLY on the compute node where you have designated the NIS MASTER server will run:

Backup the /var/yp/Makefile used by the NIS MASTER

[root@orael22cn01 ~]# cp /var/yp/Makefile /var/yp/Makefile.`date +%d-%B-%Y_%H-%M-%S`
[root@orael22cn01 ~]#

Update the configuration in /var/yp/Makefile to allow the MASTER to push changes to SLAVES

Within /var/yp/Makefile change NOPUSH configuration from "true" to "false", as shown below:

  :
# If we have only one server, we don't have to push the maps to the
# slave servers (NOPUSH=true). If you have slave servers, change this
# to "NOPUSH=false" and put all hostnames of your slave servers in the file
# /var/yp/ypservers.
#
# vvvvvv 21-JUN-20012 (APARKMAN) vvvvvvv
# NOPUSH=true (disable default)
NOPUSH=false
# ^^^^^^ 21-JUN-2012 (APARKMAN) ^^^^^^
  :

Stop all NIS related services running on each node (MASTER/SLAVE/CLIENT)

Since we have made modifications to NIS related configuration it will be necessary at this point to stop all NIS related services. This ensures that later, when we restart the different NIS services that need to be running on MASTER, SLAVE and CLIENT systems, each system uses the recently updated configuration.

Stop NIS related Services on MASTER and SLAVE nodes

[root@orael22cn01 yp]# service ypserv stop
Stopping YP server services: [ OK ]

[root@orael22cn01 yp]# service ypbind stop
Shutting down NIS services: [ OK ]

[root@orael22cn01 yp]# service yppasswdd stop
Stopping YP passwd service: [ OK ]

[root@orael22cn01 yp]# service ypxfrd stop
Stopping YP map server: [ OK ]

Stop NIS related Services on CLIENT nodes

[root@orael20cn01 yp]# service ypbind stop
Shutting down NIS services: [ OK ]

Initialize the YP MASTER Server

Perform the following steps on the compute node that has been designated to run as the NIS MASTER.

Start the YPSERV service

[root@orael22cn01 yp]# service ypserv start
Starting YP server services: [ OK ]

Review NIS and YP Configuration

Invoke nisdomainname and domainname commands to confirm the NISDOMAIN has been appropriately set:

[root@orael22cn01 yp]# nisdomainname
mynis.com

[root@orael22cn01 yp]# domainname
mynis.com

[root@orael22cn01 yp]# dnsdomainname
mydnsdomain.com

NOTE:

Unless/until an NIS related service has been started nisdomainname and domainname will return the value (none), which is why it is necessary to start a service such as ypserv before attenpting to validate the settings

If the values returned are not as expected and additional changes are needed to NIS configurations files it will be necessary to stop and restart the ypserv service before continuing.

The DNS domain name is unrelated to the NIS domain so these commands may not always return the same value as illustrated above.

Run ypinit -m to initialize NIS configuration on the MASTER

We next execute ypinit -m to identify SLAVE serves to the NIS MASTER:

[root@orael22cn01 yp]# /usr/lib64/yp/ypinit -m

At this point, we have to construct a list of the hosts which will run NIS
servers. orael22cn01.mynis.com is in the list of NIS server hosts. Please continue to add
the names for the other hosts, one per line. When you are done with the
list, type a <control D>.
 next host to add: orael22cn01.mynis.com
 next host to add: orael22cn02-priv.localdomain
 next host to add: >>>[CTRL-D]<<<
The current list of NIS servers looks like this:

orael22cn01.mynis.com
orael22cn02-priv.localdomain

Is this correct? [y/n: y] y
We need a few minutes to build the databases...
Building /var/yp/mynis.com/ypservers...
Running /var/yp/Makefile...
gmake[1]: Entering directory `/var/yp/mynis.com'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory `/var/yp/mynis.com'

orael22cn01.mynis.com has been set up as a NIS master server.

Now you can run ypinit -s orael22cn01.mynis.com on all slave server.

NOTE:

When prompted, provide the hostnames of each of the compute nodes that you have configured to run as NIS SLAVE Servers
For each SLAVE server it is important to provide the hostname that maps to a PRIVATE (IPoIB) address for that server, i.e. one that uses the -priv (or other user defined suffix)

Start the remaining NIS services (ypbind, yppasswdd and ypxfrd) on the MASTER

[root@orael22cn01 yp]# service ypbind start
Binding to the NIS domain: [ OK ]
Listening for an NIS domain server..

[root@orael22cn01 yp]# service yppasswdd start
Starting YP passwd service: [ OK ]

[root@orael22cn01 yp]# service ypxfrd start
Starting YP map server: [ OK ]

Initialize YP SLAVE Servers

Perform the following steps on each compute node where you have elected to run a NIS SLAVEServer.

Start the YPSERV service

[root@orael22cn02 yp]# service ypserv start
Starting YP server services: [ OK ]

Review NIS and YP Configuration

Invoke nisdomainname and domainname commands to confirm the NISDOMAIN has been appropriately set:

[root@orael22cn02 yp]# nisdomainname
mynis.com

[root@orael22cn02 yp]# domainname
mynis.com

[root@orael22cn02 yp]# dnsdomainname
mydnsdomain.com

NOTE:

Unless/until an NIS related service has been started nisdomainname and domainname will return the value (none), which is why it is necessary to start a service such as ypserv before attenpting to validate the settings

If the values returned are not as expected and additional changes are needed to NIS configurations files it will be necessary to stop and restart the ypserv service before continuing.

The DNS domain name is unrelated to the NIS domain so these commands may not always return the same value as illustrated above.

Run ypinit -s to initialize NIS configuration on the SLAVE

Execute /usr/lib64/yp/ypinit -s and provide as it's argument the hostname identified within the output when you ran /usr/lib64/yp/ypinit -m on the SLAVE

NOTE:

Ensure that the hostname provided maps to a PRIVATE (IPoIB) address for the MASTER

For example:

[root@orael22cn02 etc]# /usr/lib64/yp/ypinit -s orael22cn01.mynis.com
We will need a few minutes to copy the data from orael22cn01.mynis.com.
Transferring protocols.byname...
Trying ypxfrd ... success

Transferring netid.byname...
Trying ypxfrd ... success

Transferring group.byname...
Trying ypxfrd ... success

Transferring hosts.byaddr...
Trying ypxfrd ... success

Transferring protocols.bynumber...
Trying ypxfrd ... success

Transferring ypservers...
Trying ypxfrd ... success

Transferring services.byname...
Trying ypxfrd ... success

Transferring hosts.byname...
Trying ypxfrd ... success

Transferring passwd.byuid...
Trying ypxfrd ... success

Transferring mail.aliases...
Trying ypxfrd ... success

Transferring passwd.byname...
Trying ypxfrd ... success

Transferring rpc.byname...
Trying ypxfrd ... success

Transferring rpc.bynumber...
Trying ypxfrd ... success

Transferring services.byservicename...
Trying ypxfrd ... success

Transferring group.bygid...
Trying ypxfrd ... success


orael22cn02.mydnsdomain.com's NIS data base has been set up.
If there were warnings, please figure out what went wrong, and fix it.

At this point, make sure that /etc/passwd and /etc/group have
been edited so that when the NIS is activated, the data bases you
have just created will be used, instead of the /etc ASCII files.

NOTE:

Again, note the use of the PRIVATE IP address for the NIS MASTER, that correlates to an IP address on the Infiniband network.

Start the remaining NIS services (ypbind, yppasswdd and ypxfrd) on the SLAVE

[root@orael22cn02 yp]# service ypbind start
Binding to the NIS domain: [ OK ]
Listening for an NIS domain server..

[root@orael22cn02 yp]# service yppasswdd start
Starting YP passwd service: [ OK ]

[root@orael22cn02 yp]# service ypxfrd start
Starting YP map server: [ OK ]

Initialize YP CLIENT Servers

Perform the following steps on each of the the remaining compute nodes that will be running as NIS CLIENTS.

Start the YPBIND service

[root@orael22cn03 yp]# # service ypbind start
Binding to the NIS domain: [ OK ]
Listening for an NIS domain server..

Review NIS and YP Configuration

Invoke nisdomainname and domainname commands to confirm the NISDOMAIN has been appropriately set:

[root@orael22cn03 yp]# nisdomainname
mynis.com

[root@orael22cn03 yp]# domainname
mynis.com

[root@orael22cn03 yp]# dnsdomainname
mydnsdomain.com

NOTE:

Unless/until an NIS related service has been started nisdomainname and domainname will return the value (none), which is why it is necessary to start a service such as ypbind before attenpting to validate the settings

If the values returned are not as expected and additional changes are needed to NIS configurations files it will be necessary to stop and restart the ypbind service before continuing.

The DNS domain name is unrelated to the NIS domain so these commands may not always return the same value as illustrated above.

Test your configuration

Create a new user on the MASTER

[root@orael22cn01 ~]# useradd test1
[root@orael22cn01 ~]#

On the SLAVE, use ypmatch or ypcat passwd to confirm the newly created user is NOT already visible

Using ypmatch

[root@orael22cn02 ~]# ypmatch test1 passwd
Can't match key test1 in map passwd.byname. Reason: No such key in map

[root@orael22cn02 ~]#

Using ypcat passwd

[root@orael22cn02 ~]# ypcat passwd
[root@orael22cn02 ~]#

On the MASTER, run "make" from /var/yp to propagate the new user to the SLAVE

[root@orael22cn01 ~]# make -C /var/yp
make: Entering directory `/var/yp'
gmake[1]: Entering directory `/var/yp/mynis.com'
gmake[1]: `ypservers' is up to date.
gmake[1]: Leaving directory `/var/yp/mynis.com'
gmake[1]: Entering directory `/var/yp/mynis.com'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating netid.byname...
gmake[1]: Leaving directory `/var/yp/mynis.com'
make: Leaving directory `/var/yp'

[root@orael22cn01 ~]#

On the SLAVE, confirm the newly created user is now visible

Using ypmatch

[root@orael22cn02 ~]# ypmatch test1 passwd
test1:!!:500:500::/home/test1:/bin/bash
[root@orael22cn02 ~]#

Using ypcat passwd

[root@orael22cn02 etc]# ypcat passwd
test1:!!:500:500::/home/test1:/bin/bash
[root@orael22cn02 etc]#

On CLIENT nodes, confirm the newly created user is also visible

Using ypmatch

[root@orael22cn03 yp]# ypmatch test1 passwd
test1:!!:500:500::/home/test1:/bin/bash
[root@orael22cn03 yp]#

Using ypcat passwd

[root@orael22cn03 ~]# ypcat passwd
test1:!!:500:500::/home/test1:/bin/bash
[root@orael22cn03 ~]#

Run a sustained test invoking the id command against the newly created user to ensure results are always consistent

[root@orael22cn03 ~]# for test in {1..50}; do id test1; done
uid=500(test1) gid=500(test1) groups=500(test1)
uid=500(test1) gid=500(test1) groups=500(test1)
uid=500(test1) gid=500(test1) groups=500(test1)
uid=500(test1) gid=500(test1) groups=500(test1)
uid=500(test1) gid=500(test1) groups=500(test1)
uid=500(test1) gid=500(test1) groups=500(test1)
uid=500(test1) gid=500(test1) groups=500(test1)
uid=500(test1) gid=500(test1) groups=500(test1)
uid=500(test1) gid=500(test1) groups=500(test1)
uid=500(test1) gid=500(test1) groups=500(test1)
...

Test fail over across MASTER and SLAVE

From a SLAVE server utilize a loop to run sustained NIS queries:

[root@orael22cn03 yp]# for test in {1..100}; do ypmatch test1 passwd; sleep 2; done
test1:!!:500:500::/home/test1:/bin/bash
test1:!!:500:500::/home/test1:/bin/bash
test1:!!:500:500::/home/test1:/bin/bash
test1:!!:500:500::/home/test1:/bin/bash
test1:!!:500:500::/home/test1:/bin/bash
test1:!!:500:500::/home/test1:/bin/bash
   :

In the middle of the test, log on to the host running the NIS MASTER and use the service ypserv stop command to stop the ypserv service

[root@orael22cn03 yp]# for test in {1..100}; do ypmatch test1 passwd; sleep 2; done
test1:!!:500:500::/home/test1:/bin/bash
test1:!!:500:500::/home/test1:/bin/bash
test1:!!:500:500::/home/test1:/bin/bash
test1:!!:500:500::/home/test1:/bin/bash
test1:!!:500:500::/home/test1:/bin/bash
test1:!!:500:500::/home/test1:/bin/bash
 :
 :
 >>> AT THIS POINT RUN "service ypserv stop" on MASTER <<<
 >>> --- output should continue.... <<<
   :
   :
test1:!!:500:500::/home/test1:/bin/bash
test1:!!:500:500::/home/test1:/bin/bash
test1:!!:500:500::/home/test1:/bin/bash
test1:!!:500:500::/home/test1:/bin/bash
 :
 :

Leave the test continue a bit further and one by one run service ypserv stop on each of your NIS SLAVE servers until you get an error when the last one is stopped:

 :
 :
test1:!!:500:500::/home/test1:/bin/bash
test1:!!:500:500::/home/test1:/bin/bash
test1:!!:500:500::/home/test1:/bin/bash
test1:!!:500:500::/home/test1:/bin/bash
 :
 :
 >>> AT THIS POINT RUN "service ypserv stop" on SLAVE <<<
 >>> --- at this point both servers are down <<<
 >>> so you should see a failure.... <<<
   :
   :
do_ypcall: clnt_call: RPC: Unable to receive; errno = Connection refused

NOTE:

The need to shut off both MASTER and SLAVE before a failure occurs validates that the SLAVE was successfully used for fail over when the MASTER was lost.

Configuring NIS services to automatically start when the compute node reboots

After testing and confirming that the NIS configuraing is correct it is recommended that you configure NIS related services to start automataically when the Exalogic compute node boots.

On the compute node where the NIS MASTER is running, execute the following commands:

[root@orael22cn01 ~]# chkconfig ypserv on
[root@orael22cn01 ~]# chkconfig ypxfrd on
[root@orael22cn01 ~]# chkconfig yppasswdd on
[root@orael22cn01 ~]# chkconfig ypbind on
On the compute node where NIS Slave servers are running, execute the following commands:

[root@orael22cn01 ~]# chkconfig ypserv on
[root@orael22cn01 ~]# chkconfig ypbind on
On all compute nodes running as NIS CLIENTS

[root@orael22cn01 ~]# chkconfig ypbind on

Additional Configuration Requirements for utilizing NIS as the ID mapping service to be used in conjunction with NFS Version 4 (NFSv4)

If you intend to utilize the NIS environment you have created as the naming service used in support of mounting file systems from the ZFS Storage Appliance via NFSv4, you will need to implement the additional configuration steps for ZFS Storage Appliance and compute nodes documented in the following section of the Exalogic Machine Owners Guide:

Oracle Exalogic Elastic Cloud
Machine Owner’s Guide
Release EL X2-2 and EL X3-2
E18478-10
October 2012

Chapter 9: Configuring NFS Version 4 (NFSv4) on Exalogic
HTML | PDF

Attachments

This solution has no attachment

Applies to:

Purpose

Scope

Details

Overview

Detailed Configuration Steps

Map out which compute nodes will perform the NIS MASTER, NIS SLAVE and NIS CLIENT roles

Confirm required NIS related packages required by each node are installed

Installing/Updating NIS packages more individually (e.g. outside of the application of a PSU)

Configure your NIS domain at the Operating System level across all compute nodes (MASTER/SLAVE/CLIENT)

Setup NISDOMAIN in /etc/sysconfig/network

On the NIS MASTER and SLAVE servers, create an additional hostname mapping to the MASTER, which is required for ypinit commands to work as required

Near the top of /etc/hosts on MASTER and SLAVE servers, define an additional entry providing the required mapping for the private (IPoIB) address and <hostname>.<NISDOMAIN>

Within /etc/nsswitch.conf subscribe to NIS for passwd, shadow and group naming services

Within /etc/yp.conf append entries identifying each NIS server in the system (both MASTER and SLAVE servers)

Modify the NIS Server configuration on the MASTER

Stop all NIS related services running on each node (MASTER/SLAVE/CLIENT)

Stop NIS related Services on MASTER and SLAVE nodes

Stop NIS related Services on CLIENT nodes

Initialize the YP MASTER Server

Start the YPSERV service

Review NIS and YP Configuration

Run ypinit -m to initialize NIS configuration on the MASTER

Start the remaining NIS services (ypbind, yppasswdd and ypxfrd) on the MASTER

Initialize YP SLAVE Servers

Start the YPSERV service

Review NIS and YP Configuration

Run ypinit -s to initialize NIS configuration on the SLAVE

Start the remaining NIS services (ypbind, yppasswdd and ypxfrd) on the SLAVE

Initialize YP CLIENT Servers

Start the YPBIND service

Review NIS and YP Configuration

Test your configuration

Configuring NIS services to automatically start when the compute node reboots

Additional Configuration Requirements for utilizing NIS as the ID mapping service to be used in conjunction with NFS Version 4 (NFSv4)

Within /etc/yp.conf append entries identifying each NIS server in the system (both MASTER* and SLAVE servers)*