Re: Detailed move timeline

From: Owen Taylor <otaylor redhat com>
To: gnome-infrastructure gnome org
Subject: Re: Detailed move timeline
Date: Fri, 11 Dec 2009 14:09:59 -0500

On Thu, 2009-12-10 at 16:04 -0500, Owen Taylor wrote:
>  * To make sure that we can get edit DNS as soon as possible,
>    verify that menubar.gnome.org can be logged into by sysadmins:
>    - Without LDAP running
>    - With /home/users unmounted
>    This may require reconfiguring the NSS configuration.

To test, I added the temporarily added rule:

 -A RH-Firewall-1-INPUT -s 172.31.1.12 -m tcp -p tcp --dport 389 -j REJECT

to /etc/sysconfig/iptables on label.gnome.org and restarted the iptables
service, and then unmounted /home/users on menubar.

I was initially unable to SSH in to menubar, but by adding:

 nss_initgroups_ignoreusers root,otaylor

To /etc/ldap.conf on menubar, I was then successfully able to ssh in. The
downside of the above is my LDAP groups aren't propagated to menubar, but
not a big problem for now. The other obvious downside is that only I'm listed
there.

I tried experimenting some with other ldap.conf options to see if I
could get it to transparently fall back without having to do the above,
but didn't have any immediate luck. Probably just takes more research
and reading of the nss_ldap man page.

- Owen

[ Also addded the nss_initgroups_ignoreusers on container.gnome.org,
  since that's the other server that is really depended on throughout
  the cluster ]

References:
- Detailed move timeline
  - From: Owen Taylor

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]