Assume a large-ish site, with distributed machine ownership/control. We
control some, but some other groups control some other machines. We want
to offer as many services as we can centrally, but without assuming or
requiring everyone to participate. Also, different services may be under
the control of different subgroups, and we want to facilitate voluntary
collaboration between all parties.
Therefore, we can't trust the client machines, and we can't assume they're
set up correctly. We want those who own the client machines to access only
as much of the central services as they're entitled to.
I'm trying to figure out what the best solutions are for each main building
block, listed below:
1. Authentication (Kerberos?)
2. Authorizaion (LDAP?)
- Here we need to be able to have individual machines import users
and groups (and have them behave as if they were appended at the
end of /etc/password|group)
- Also, we need control on the local machine as to which subset of
available groups/users we import from the authorization server
- NIS/YP allows this, but can we use it for authorization w/o the
authentication bit, for which it was insecure last time I looked ?
- can we get LDAP to behave like this (I have no real experience
with LDAP, so kindly point me to the appropriate HowTo) :)
3. Network file system (AFS? NFS? SMB? other?) We need to:
- map to unix perms (ugo/rwx) (AFS doesn't do this, does it?)
- use the authentication/authorization mechanism we have
- use auth. transparently (i.e. use pam or something, don't
ask user to retype password when accessing mounted files)
- not rely on trusted client (e.g. users with laptops should
be able to mount and access files they're entitled to on the
fileserver, same as users on managed machines controlled by
the infrastructure owners. (NFS didn't do this properly last
time I looked, which was admittedly some 5 years ago)
4. Machine personality management
- select list of installed packages (kickstart should work here)
- config file management (pull appropriate config files from a
central server -- cfengine? puppet? something else?)
- must be able to do following w. minimal administrator intervention:
. build machine similar to existing machine (machine classes)
. rebuild/reconfigure a crashed machine to its old self
5. Package management and maintenance - rpm and yum, we're good here :)
6. Backup
- as opposed to backing up config files (see 4 above) we must back up
. user data (e.g. /home)
. service data (e.g. /var/lib)
- restoring backups should be included in rebuilds of crashed machines
- maybe the "machine personality" management tool can call the
appropriate backup software, and I'm sure there's plenty of that
out there, this is the one I'm least worried about :)
Need some help/advice in picking the best choices for 1-4, and how well they
play along with Fedora Core and with a somewhat de-centralized environment.
The idea is to enable a trained monkey to do day-to-day sysadmin tasks, and
make it hard for said monkey to screw things up. Building a machine should
in essence consist of pointing the installer at the personality management
server and have everything else happen without further intervention.
Any ideas, recommendations, deathtrap warnings, etc. would be much
appreciated.
Thanks,
Gabriel
--
Fedora-config-list mailing list
Fedora-config-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-config-list