vnode.ypserver

Panoramica Versioni Approfondimenti

Ansible Role: ypserver

CI

This role helps install and set up a YP/NIS server on OpenBSD and other BSD-like operating systems. Right now, it only works with OpenBSD, but plans to include FreeBSD and NetBSD soon.

It uses system documentation for guidance, like the yp(8) manual.

Requirements

Operation

You don’t need any external roles or modules to use this role.

Testing & Development

To test and develop, this role needs the following tools:

  • Vagrant (with either VirtualBox or VMWare)
  • VagrantCloud (use the generic/openbsd6 box)

Role Variables

Here are the available variables, including their default values (check defaults/main.yml). All these variables should be set. If any are missing, please report it on GitHub.

Required Variables

The following variables must be provided when using the role.

ypserver_domain: ""

Required - needs a valid NIS domain name that you want to set up.

ypserver_master: ""

Required - must define a reachable NIS master server for the domain.

ypserver_servers: []

Required - must list all NIS servers for the domain, including the ypserver_master. Note: If you're only setting up slave servers, ensure the master is not in the same host group.

ypserver_serverinfo: {}

Required - can be empty if the NIS servers can be found in DNS or /etc/hosts. If filled, this should include the IP addresses of the servers. The role will update /etc/hosts with this information. If the servers can't be reached, the process will hang. Refer to yp(8) for more information.

Example for a dual-stack network:

ypserver_serverinfo:
  master:
    - "192.0.2.1"
    - "2001:db8::111:1"
  slave:
    - "192.0.2.2"
    - "2001:db8::111:2"

ypserver_ypservacl: {}

Required - if ypserver_set_ypserveracl is set. This lists rules for the ypserv.acl file to control access to the YP/NIS server. If not set, it will create a securenet file instead, which is more limited. Make sure your rules comply with the relevant guidelines.

Example rules:

ypserver_ypservacl:
  - action: allow
    type: host
    host: "localhost"
  - action: allow
    type: host
    host: "master"
  - action: allow
    type: host
    host: "192.0.2.2"
    tag: "slave"
  - action: allow
    type: net
    host: "192.0.2.0"
    mask: "255.255.255.0"
    tag: "Clients"
  - action: deny
    type: all

Optional Variables

ypserver_usedns: true

Indicates if YP/NIS maps can use DNS for finding hostnames. It's best to keep this at true.

ypserver_unsecure: false

Recommended to keep at false if serving only OpenBSD or FreeBSD clients. Setting this to true will include (encrypted) password entries in the passwd maps.

ypserver_nopush: false

Best to keep at true unless you have specific needs to push updates to slave servers automatically.

ypserver_source_dir: '/etc'

The directory where the maps served by the NIS domain are located. It must exist on the master server.

ypserver_source_maps:
  passwd: 'master.passwd'
  group: 'group'

Lists the maps served by the NIS domain master and their source files.

ypserver_passwd_minuid:  1000
ypserver_passwd_maxuid: 32765
ypserver_group_mingid:   1000
ypserver_group_maxgid:  32765

Define the range of usernames and groups included in the NIS map to prevent exposing system accounts.

Variables for Multiple YP/NIS Domains

These settings allow multiple NIS domains on a single server, which wasn’t the original plan. Please report any issues.

ypserver_set_domainname: true

Keep at true for the main domain. Set to false for additional NIS domains hosted on the same server.

Additional Settings

These are not mandatory and default values are usually acceptable.

ypserver_set_hosts: false

If true, adds IP info for NIS servers to the /etc/hosts file.

ypserver_set_yppasswdd: false

Enables password changing for users on the master server. Recent OpenBSD versions may not support this.

ypserver_set_ypservacl: false

Creates an ACL file for access control instead of the more limited format.

ypserver_set_cronjob: true

Best to keep as true which sets up regular updates and checks for missing maps.

Internal Variables

These are used within the role and should not be changed without caution.

ypserver_ypdbdir: '/var/yp'
ypserver_ypdbdir_domain: "{{ ypserver_ypdbdir }}/{{ ypserver_domain }}"
ypserver_securenet: "{{ ypserver_ypdbdir }}/securenet"

Dependencies

None.

Example Playbook

Here's a simple example to create a YP/NIS domain with two servers, master and slave. The domain is named legacy, with source files located in /etc/legacy.

---
- hosts: ypservers
  roles:
    - role: vnode.ypserver
      vars:
        ypserver_ypdomain: legacy
        ypserver_master: master
        ypserver_servers: "{{ groups['ypservers'] }}"
        ypserver_source_dir: "/etc/{{ ypserver_domain }}"

License

MIT

Author

This role was created in 2020 by Rogier Krieger.

Informazioni sul progetto

Install and configure a YP/NIS server

role nis system yp ypserver
Installa
ansible-galaxy install vnode.ypserver
GitHub repository
0 stelle
0 fork
0 problemi aperti
Licenza
mit
Download
212
Proprietario