Hi guys -- Thanks all for your feedback. Yes, I was actually thinking about user / group management aspect in NIS-to-puppet migration. It looks like LDAP is a more appropriate tool for this.
Thanks again, and regards ..... -Conrad On Mon, May 21, 2012 at 6:05 AM, jcbollinger <[email protected]>wrote: > > > On May 19, 6:51 pm, ConradL <[email protected]> wrote: > > Does anyone out there have experienced replacing NIS, using puppet? > > If so, can you kindly share to me some advise, gotchas, and whatnot, > > etc... > > Puppet cannot directly replace NIS, as it doesn't operate in the same > space. I suppose you're thinking of using Puppet to manage local > authentication and hosts databases (and maybe others) on your nodes > instead of those nodes relying on central NIS databases. Some of the > factors you should weigh include: > > 1) When you update a central database such as NIS, the update is > immediately available to all nodes (though caching may affect how soon > they recognize it). On the other hand, if you rely on updating local > databases on all your nodes via Puppet then there will be some time > when nodes' local databases do not all agree. That time can be > extended indefinitely if the Puppet agent is turned off on some of > your nodes. If updates are frequent then you may not be able to rely > on nodes ever being completely synchronized. > > 2) Lookups in local files are faster than RPC invocations across the > network, and they leave more bandwidth available for other traffic. > Local caching (e.g. via nscd) can convert most NIS lookups from RPC to > local, however. > > 3) Network lookups are a problem for disconnected machines, such as > (at times) laptops. > > 4) For users, you can combine NIS in compat mode with authorization > management via Puppet. Puppet does not support it out of the box, but > it's a fairly straightforward project to use for learning about > writing custom Puppet providers. > > 5) As others have observed, there are other alternatives to consider, > such as LDAP for users and/or hosts and DNS for hosts. > > > John > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
