Differences between revisions 4 and 5
Revision 4 as of 2008-02-05 09:08:24
Size: 4889
Editor: ?MathieuParent
Comment: adding GOsa way for handling dhcp and dns
Revision 5 as of 2008-02-05 19:04:29
Size: 4990
Editor: RonnyAasen
Comment:
Deletions are marked like this. Additions are marked like this.
Line 12: Line 12:
   * Someone should review this package, and find out why it is not in the debian repositories yet.

Migrating some of the main services configuration from plain text files to a LDAP backend.

(This is a skeleton to get some initial ideas and resources. Much work and decissions have to be done)

Configs that might be moved:

DCHPD

There are three possible aproaches:

DNS

Alternatives: powerdns(pdns-backend-ldap) ldapdns ldap2dns [https://oss.gonicus.de/labs/gosa/wiki/PluginInstallationDNS ldap2zone]

The currently most advanced aproximation is using PowerDNS with a ldap backend. Packages are available in Debian to implement it.

powerdns's best advantage is that it uses ldap directly. That means that there is no need for cronjobs and scripts to convert ldap data into config files, before reloading services.

implementing powerdns

In order to test powerdns on your own installation you can follow these instructions.

  1. backup your bind configuration
    •  tar -czvf /skole/backup/bind.tgz /etc/bind  /var/cache/bind 

  2. install the powerdns packages.
    •  aptitude  install pdns-backend-ldap pdns-doc pdns-recursor pdns-server 

  3. Write the powerdns configuration
    • Add this as the file  etc/powerdns/pdns.d/pdns-debian-edu.conf 

      # LDAP server configuration
      # Do not use a hostname here, unless you also add that name to the /etc/hosts file.
      ldap-host=10.0.2.2
      ldap-method=tree
      ldap-basedn=ou=hosts,dc=skole,dc=skolelinux,dc=no
      
      #start the ldap backend on boot.
      launch=ldap
      
      #ACL that allow recursion from this server, and the network.
      allow-recursion=10.0.2.0/23, 127.0.0.1
      
      #Only recurse if question cannot be answered locally
      lazy-recursion=yes
      
      #IP Addresses of recursive nameservers, eg your ISP's servers. This example uses the pdns-recursor running localy on a custom port.
      recursor=127.0.0.1:1553
  4. Configure pdns-recursor to run on a custom port.
    • Edit the file  /etc/powerdns/recursor.conf  and edit so it contains the line  local-port=1553 

  5. add a needed ldap schema to your openLDAP configuration.
    • Add the line
      include         /etc/ldap/schema/dnsdomain2.schema 

      in the file  /etc/ldap/slapd.conf  under # Schema and objectClass definitions

  6. restart slapd
  7. create ldif files from bind configuration. Take notice that this creates a identical copy of your dns setting from your bind config. One of the reasons one might want to keep configurations in ldap is to reduce clutter, And only have the hosts one actualy needs, in the zone. I imagine that the new default zone file would be empty , except for the services aliases. And that the zone would be populated when one starts to add hosts in the admin tool.
    •  zone2ldap --basedn=ou=hosts,dc=skole,dc=skolelinux,dc=no --layout=tree  --zone-file=/etc/bind/debian-edu/db.intern  --zone-name=intern > dns-intern.ldif 

... FIXME: add more about migration ...

  1. add the ldif's to the openldap server using  ldapadd -c -Z -f your-ldif-file-here.ldif -x -D 'cn=admin,ou=People,dc=skole,dc=skolelinux,dc=no'  -W -h 10.0.2.2 

    • FIXME: You may (or may not) have to create the ou=hosts container first.
  2. restart the pdns-recursor, and verify it's running on port 1553.
  3. restart pdns

lts.conf

Fetching LTSP client config from ldap. allows for LTSP server clusters. There are some vague ideas and old implementations available: