On 11/30/2012 08:35 AM, Jack Craig issued this missive:
Hi Folks, The following strikes me as wrong, but i am Not guru, so i thought to ask this forum where the wizards Do Live! :) Pls consider a configuration with a single host providing NFS4 /home directories for other hosts in a 6 host cluster. Further, openldap is on the same host to provide for authentication on all 6. the architect says its ok to configure all hosts w/DHCP, but i see the ip changing every day or 2 (many reboots due setup). I am a huge fan of static ip for servers, but what do i know?! :( So, Question, is DHCP ok for the 6 hosts in this config, or go static. More, static on server only maybe?
I am also a fan of static IPs for servers (indeed, anything providing a fairly stable service of some kind). That being said, you can have a DHCP server hand out a static IP to a machine by using a clause in the DHCP config that specifies the MAC address of the machine's NIC and the static IP, netmask, gateway and DNS servers you want it to have. If you tie your DHCP server to your DNS service, whenever a DHCP address is handed out it can update your DNS as well. This is probably the best configuration to have and gives you more or less a single point of control. You also potentially have a single point of failure (unless you run redundant DHCP and DNS servers). With LDAP: If you're worried about the "pam_check_host_attr" directive, that's driven by the host name of the client machine (output of the "hostname" command)--not its IP address. If you're worried about the "uri" directives in LDAP, they'll take either IPs or hostnames as arguments. Personally, I prefer a static IP on LDAP servers and use of the IP address in the "uri" directives in case DNS is down or misbehaving. This is really important if the only way into a machine is via SSH, you've blocked root logins via SSH and use LDAP as an authentication mechanism. We also create a non-root local user on all machines (typically "admin") that can "sudo bash -l" in case LDAP is down as well. Keep in mind that we manage about 600 machines in two data centers and are just SLIGHTLY paranoid about this sorta thing. We can't always just "plug in a console" to get at a machine that's got problems. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer, AllDigital ricks@xxxxxxxxxxxxxx - - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 - - - - Always remember you're unique, just like everyone else. - ---------------------------------------------------------------------- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
