Incidentally, I was pondering some simplified facilities to help on this offering a few canned strategies:
-Replicated local account data: Automated replication when any of the key local files changes. Makes changing account data more expensive, but makes lookup of account data cheaper (e.g. ls -l doesn't need to hit network even without caching). It's the simplest architecture to understand and probably good for even moderately large clusters that don't have a requirement to integrate with a larger authentication infrastructure. There may be an option to delegate password authentication to a Kerberos realm, meaning that you could pretty handily have the local linux accounts get passwords from equivalent active directory accounts if that is what the organization supports. -AD integration. There actually is a version of this already in xCAT (see activedirectory plugin). It can list, add, and delete user and host accounts (clusteruserlist can output AD accounts in /etc/passwd format, clusteruseradd let's you use useradd style syntax against AD domains). I'd look to simplify this and also revamp the way machines get joined to domain (current process has some particular requirements like functional SSL on LDAP which isn't set up by default, and there is now realmd) -FreeIPA integration. Similar to above, but also include support for starting a new instance. FreeIPA and Samba4 had some curious interac -Generic LDAP From: Laurence Horrocks-Barlow [mailto:[email protected]] Sent: Friday, June 19, 2015 6:29 PM To: xCAT Users Mailing list Subject: Re: [xcat-user] user management xCAT doesn't manage the users it's self however provides postscripts to help with this. For smaller clusters I would recommend using synclists to synchronise the common passwd, group and shadow files. For anything larger LDAP or AD would be my recommendation (preferably in a HA/sync’ed configuration) and then use postscripts to configure the LDAP settings on the node. Kind Regards, Laurence Horrocks-Barlow MBCS HPC Storage Architect OCF plc Tel: +44 (0)114 257 2200 Fax: +44 (0)114 257 0022 Web: www.ocf.co.uk<http://www.ocf.co.uk/> Blog: blog.ocf.co.uk<http://blog.ocf.co.uk/> Twitter: @ocfplc<http://twitter.com/#%21/ocfplc> OCF plc is a company registered in England and Wales. Registered number 4132533, VAT number GB 780 6803 14. Registered office address: OCF plc, 5 Rotunda Business Centre, Thorncliffe Park, Chapeltown, Sheffield, S35 2PG. This message is private and confidential. If you have received this message in error, please notify us and remove it from your system. "It is well known that a vital ingredient of success is not knowing that what you're attempting can't be done." -- Sir Terry Pratchett From: Stephen Cousins [mailto:[email protected]] Sent: 19 June 2015 22:39 To: xCAT Users Mailing list Subject: [xcat-user] user management I'm curious about how users are managed in xCAT. I haven't been able to find much information on the wiki. I have a Stateless cluster but the nodes don't seem to inherit the user accounts that are on the management node. I have the /home directory NFS mounted but it just shows the ID's instead of usernames. Do I need to manually synchronize the node /etc/passwd, group and shadow files? Or is it expected that LDAP is used? Thanks, Steve ________________________________ [Image removed by sender.]<https://www.avast.com/antivirus> This email has been checked for viruses by Avast antivirus software. www.avast.com<https://www.avast.com/antivirus>
------------------------------------------------------------------------------
_______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user
