On May 19, 6:51 pm, ConradL <[email protected]> wrote:
> Does anyone out there have experienced replacing NIS, using puppet?
> If so, can you kindly share to me some advise, gotchas, and whatnot,
> etc...

Puppet cannot directly replace NIS, as it doesn't operate in the same
space.  I suppose you're thinking of using Puppet to manage local
authentication and hosts databases (and maybe others) on your nodes
instead of those nodes relying on central NIS databases.  Some of the
factors you should weigh include:

1) When you update a central database such as NIS, the update is
immediately available to all nodes (though caching may affect how soon
they recognize it).  On the other hand, if you rely on updating local
databases on all your nodes via Puppet then there will be some time
when nodes' local databases do not all agree.  That time can be
extended indefinitely if the Puppet agent is turned off on some of
your nodes.  If updates are frequent then you may not be able to rely
on nodes ever being completely synchronized.

2) Lookups in local files are faster than RPC invocations across the
network, and they leave more bandwidth available for other traffic.
Local caching (e.g. via nscd) can convert most NIS lookups from RPC to
local, however.

3) Network lookups are a problem for disconnected machines, such as
(at times) laptops.

4) For users, you can combine NIS in compat mode with authorization
management via Puppet.  Puppet does not support it out of the box, but
it's a fairly straightforward project to use for learning about
writing custom Puppet providers.

5) As others have observed, there are other alternatives to consider,
such as LDAP for users and/or hosts and DNS for hosts.


John

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Reply via email to