CentOS 8
Sponsored Link

NIS : Configure Slave Server2019/10/17

 
Configure NIS Slave Server to continue NIS service if NIS master server would be down.
This example is based on the environment like follows.
+----------------------+          |          +----------------------+
| [    NIS Server    ] |10.0.0.30 | 10.0.0.31| [     NIS Slave    ] |
|     dlp.srv.world    +----------+----------+     yp01.srv.world   |
|                      |          |          |                      |
+----------------------+          |          +----------------------+
+----------------------+          |
| [     NIS Client   ] |10.0.0.51 |
|    node01.srv.world  +----------+
|                      |
+----------------------+

[1]
[2] Install Ypserv and Configure NIS Slave Server Host.
[root@yp01 ~]#
dnf -y install ypserv rpcbind
[root@yp01 ~]#
vi /var/yp/securenets
# create new

# specify range of network you allow to access NIS clients

255.0.0.0       127.0.0.0
255.255.255.0   10.0.0.0

[root@yp01 ~]#
systemctl enable --now rpcbind ypserv ypxfrd yppasswdd nis-domainname
# synchronize databases with NIS master server

[root@yp01 ~]#
/usr/lib64/yp/ypinit -s dlp.srv.world

We will need a few minutes to copy the data from dlp.srv.world.
Transferring group.bygid...
Trying ypxfrd ... success
...
...
At this point, make sure that /etc/passwd and /etc/group have
been edited so that when the NIS is activated, the data bases you
have just created will be used, instead of the /etc ASCII files.
[3] If SELinux is enabled on NIS Slave Host, change boolean settings.
[root@yp01 ~]#
setsebool -P nis_enabled on

[root@yp01 ~]#
setsebool -P domain_can_mmap_files on
[4] If Firewalld is running on NIS Slave Host, it needs to allow NIS services or ports.
Some services listen different ports when they restart, so fix ports for them and allow by Firewalld.
[root@yp01 ~]#
vi /etc/sysconfig/network
# add to the end

YPSERV_ARGS="-p 944"
YPXFRD_ARGS="-p 945"
[root@yp01 ~]#
vi /etc/sysconfig/yppasswdd
# add like follows

YPPASSWDD_ARGS=
"--port 950"
[root@yp01 ~]#
systemctl restart rpcbind ypserv ypxfrd yppasswdd
[root@yp01 ~]#
firewall-cmd --add-service=rpc-bind --permanent

[root@yp01 ~]#
firewall-cmd --add-port={944-951/tcp,944-951/udp} --permanent

[root@yp01 ~]#
firewall-cmd --reload

[5]
NIS master server is also required to be a NIS client.
Configure NIS Master Host as a NIS Client, refer to here.
[6] Configure on NIS Master Host for new NIS Slave Host.
[root@dlp ~]#
vi /var/yp/Makefile
# line 23: change

NOPUSH=
false
# update NIS databases

[root@dlp ~]#
/usr/lib64/yp/ypinit -m


At this point, we have to construct a list of the hosts which will run NIS
servers.  dlp.srv.world is in the list of NIS server hosts.  Please continue to add
the names for the other hosts, one per line.  When you are done with the
list, type a <control D>.
        next host to add:  dlp.srv.world
        next host to add:  yp01.srv.world   # specify NIS slave host
        next host to add:  # Ctrl + D key
The current list of NIS servers looks like this:

dlp.srv.world
yp01.srv.world

Is this correct?  [y/n: y]  y
We need a few minutes to build the databases...
Building /var/yp/srv.world/ypservers...
Running /var/yp/Makefile...
gmake[1]: Entering directory '/var/yp/srv.world'
Updating passwd.byname...
Updating passwd.byuid...
Updating group.byname...
Updating group.bygid...
Updating hosts.byname...
Updating hosts.byaddr...
Updating rpc.byname...
Updating rpc.bynumber...
Updating services.byname...
Updating services.byservicename...
Updating netid.byname...
Updating protocols.bynumber...
Updating protocols.byname...
Updating mail.aliases...
gmake[1]: Leaving directory '/var/yp/srv.world'

dlp.srv.world has been set up as a NIS master server.

Now you can run ypinit -s dlp.srv.world on all slave server.
[7] Configure NIS Client to bind NIS Slave server, too.
That's OK, NIS services will be continue by NIS Slave Host even if NIS master Host would be down.
[root@node01 ~]#
vi /etc/yp.conf
# add NIS slave to the end

# [domain (NIS domain) server (NIS server)]

domain srv.world server dlp.srv.world
domain srv.world server yp01.srv.world
[root@node01 ~]#
systemctl restart ypbind

Matched Content