Thx Very Much Rick!!!
On Fri, Nov 30, 2012 at 10:00 AM, Rick Stevens <ri...@alldigital.com> wrote: > On 11/30/2012 08:35 AM, Jack Craig issued this missive: > > Hi Folks, >> >> The following strikes me as wrong, but i am Not guru, >> so i thought to ask this forum where the wizards Do Live! :) >> >> Pls consider a configuration with a single host providing NFS4 >> /home directories for other hosts in a 6 host cluster. Further, >> openldap is on the same host to provide for authentication >> on all 6. >> >> the architect says its ok to configure all hosts w/DHCP, >> but i see the ip changing every day or 2 (many reboots due setup). >> >> I am a huge fan of static ip for servers, but what do i know?! :( >> >> So, Question, is DHCP ok for the 6 hosts in this config, or go static. >> >> More, static on server only maybe? >> > > I am also a fan of static IPs for servers (indeed, anything providing > a fairly stable service of some kind). That being said, you can have > a DHCP server hand out a static IP to a machine by using a clause in > the DHCP config that specifies the MAC address of the machine's NIC and > the static IP, netmask, gateway and DNS servers you want it to have. > > If you tie your DHCP server to your DNS service, whenever a DHCP address > is handed out it can update your DNS as well. This is probably the best > configuration to have and gives you more or less a single point of > control. You also potentially have a single point of failure (unless > you run redundant DHCP and DNS servers). > > With LDAP: If you're worried about the "pam_check_host_attr" directive, > that's driven by the host name of the client machine (output of the > "hostname" command)--not its IP address. > > If you're worried about the "uri" directives in LDAP, they'll take > either IPs or hostnames as arguments. Personally, I prefer a static IP > on LDAP servers and use of the IP address in the "uri" directives in > case DNS is down or misbehaving. This is really important if the only > way into a machine is via SSH, you've blocked root logins via SSH and > use LDAP as an authentication mechanism. We also create a non-root local > user on all machines (typically "admin") that can "sudo bash -l" in > case LDAP is down as well. > > Keep in mind that we manage about 600 machines in two data centers and > are just SLIGHTLY paranoid about this sorta thing. We can't always just > "plug in a console" to get at a machine that's got problems. > ------------------------------**------------------------------**---------- > - Rick Stevens, Systems Engineer, AllDigital ri...@alldigital.com - > - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 - > - - > - Always remember you're unique, just like everyone else. - > ------------------------------**------------------------------**---------- > > -- > users mailing list > users@lists.fedoraproject.org > To unsubscribe or change subscription options: > https://admin.fedoraproject.**org/mailman/listinfo/users<https://admin.fedoraproject.org/mailman/listinfo/users> > Guidelines: > http://fedoraproject.org/wiki/**Mailing_list_guidelines<http://fedoraproject.org/wiki/Mailing_list_guidelines> > Have a question? Ask away: http://ask.fedoraproject.org >
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
