| 1 |
_*LDAP:*_ |
| 2 |
I spent many hours (way over the 30 hours I had promised myself to |
| 3 |
pass/week on SoC) creating an LDAP-as-auth-backend auto-install script. |
| 4 |
It's not simple because Gentoo's philosophy is that ebuilds do as little |
| 5 |
as possible and the admin does the work. I have no problems with this |
| 6 |
approach but it's, by definition, countering my efforts of providing a |
| 7 |
"turn-key" solution Clustering LiveCD. Although most of the work that is |
| 8 |
being done by the script should be done by an ebuild, I had to chose a |
| 9 |
stand alone script beacuse: |
| 10 |
|
| 11 |
1- I _absolutely_ have to modify/create some files in /etc |
| 12 |
2- Once _some_ of the files created, I have to initiate the ldap database |
| 13 |
3- Then _successfully_ start the slapd daemon |
| 14 |
4- and _only_ then shall I finish the /etc file modifications (ie: |
| 15 |
changing /etc/nsswitch.conf to also use ldap as a backend) |
| 16 |
|
| 17 |
Obviously, since this script is supposed to be called from within the |
| 18 |
catalyst process, Joe user should not have to use it but my intention is |
| 19 |
that the script could also be used later on for people wishing to |
| 20 |
implement LDAP without having to learn _all_ that is required to get |
| 21 |
that going on their system (obviously with a BFW: "This is a one shot |
| 22 |
deal, don't expect it to work, you should read the docs, it's poison, it |
| 23 |
will reformat your car's carburator, etc..." I'm also leaving in the |
| 24 |
possiblity that the same script + config file approach could be used to |
| 25 |
_add_ LDAP databases in the future (such as a shared Addressbook) |
| 26 |
|
| 27 |
Well, even though all of this seems far from clustering and HPC, the |
| 28 |
whole central auth and management is an issue when it comes to a |
| 29 |
cluster. One has to remember that a cluster is like a department |
| 30 |
isolated on it's own network and everyone is supposed to be able to log |
| 31 |
onto _any_ machine and expect them to all behave the exact same way. |
| 32 |
|
| 33 |
Stuff that would be nice to also have in LDAP which isn't presently part |
| 34 |
of my script/template: |
| 35 |
|
| 36 |
* Automount definitions |
| 37 |
* TLS |
| 38 |
* |
| 39 |
|
| 40 |
_*Catalyst: |
| 41 |
*_I updated the spec files to use a new snapshot since I will want to be |
| 42 |
using net-nds/openldap-2.4.10 and it's quite recent in the tree. In the |
| 43 |
process I noticed I could get to Stage3 with no problems but that |
| 44 |
liveCD-stage1.spec now completely barfs with a huge list of loop |
| 45 |
dependency errors. I backtracked to the original snapshot and the errors |
| 46 |
are also there. I'll have to investigate by removing my profile overlay, |
| 47 |
it's probably due to some change I did in there and didn't rebuild the |
| 48 |
liveCD since. It's not critical for the moment so I'll set that aside |
| 49 |
for the time being (adding a bug ton soc.gexp.o) |
| 50 |
|
| 51 |
_*Clustering:*_ |
| 52 |
Jsbronder's on fire, I'll definately have to look into his *empi* and |
| 53 |
*eselect mpi* work, being more than just relevant to clustering ;) |
| 54 |
|
| 55 |
_*Special thanks:*_ |
| 56 |
robbat2: for all his help and patience with my obvious n00bism |
| 57 |
concerning LDAP ACLs and some config directives ;) |
| 58 |
Damm (#ldap): Has helped me with a few questions and made me waste much |
| 59 |
time on nssov...which I thwarted him into trying to create an ebuild now :P |
| 60 |
|
| 61 |
Eric |
| 62 |
PS: also available under the project's News : |
| 63 |
http://soc.gentooexperimental.org/projects/gentoo-cluster-seed/news |
| 64 |
Current files not currently available on the web site...so here they |
| 65 |
are. I DIDN'T run ispell on them...so please, no harsh comments on my |
| 66 |
keyboard dyslexia ;) |
Archives