On May 19, 6:51 pm, ConradL <[email protected]> wrote: > Does anyone out there have experienced replacing NIS, using puppet? > If so, can you kindly share to me some advise, gotchas, and whatnot, > etc...
Puppet cannot directly replace NIS, as it doesn't operate in the same space. I suppose you're thinking of using Puppet to manage local authentication and hosts databases (and maybe others) on your nodes instead of those nodes relying on central NIS databases. Some of the factors you should weigh include: 1) When you update a central database such as NIS, the update is immediately available to all nodes (though caching may affect how soon they recognize it). On the other hand, if you rely on updating local databases on all your nodes via Puppet then there will be some time when nodes' local databases do not all agree. That time can be extended indefinitely if the Puppet agent is turned off on some of your nodes. If updates are frequent then you may not be able to rely on nodes ever being completely synchronized. 2) Lookups in local files are faster than RPC invocations across the network, and they leave more bandwidth available for other traffic. Local caching (e.g. via nscd) can convert most NIS lookups from RPC to local, however. 3) Network lookups are a problem for disconnected machines, such as (at times) laptops. 4) For users, you can combine NIS in compat mode with authorization management via Puppet. Puppet does not support it out of the box, but it's a fairly straightforward project to use for learning about writing custom Puppet providers. 5) As others have observed, there are other alternatives to consider, such as LDAP for users and/or hosts and DNS for hosts. John -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
