Licence 3 - SR2 Semaine du 10/05 au 15/05/2010 TD 7. Exercice 1. NIS. Exercice 2. Installation de service. Exercice 3. Sauvegardes et volumétrie

Licence 3 - SR2 Semaine du 10/05 au 15/05/2010 TD 7 Exercice 1. NIS Une entreprise dispose de 5 sites, elle souhaite mettre en place un système d autication centralisé basé sur NIS. 2 sites sur les 5 sont reliés par des lignes ADSL peu ables. Les autres sont reliés par les lignes offrant une très bonne disponibilité. 1. Dénir une architecture. 2. Pour chaque serveur, expliciter son rôle et les services implantés. 3. Donner pour chaque machine les commandes à lancer pour construire le système d autication sur l architecture proposée à la question 1. Exercice 2. Installation de service On souhaite établir une méthodologie permettant de déterminer quels sont les chiers de conguration à modier pour installer un service sur une distribution quelconque. On se concentre sur la conguration du serveur. 1. Reprendre l exemple de DHCP mis en place en TP avec Debian (cf chiers donnés en annexe du TD) et étudié en cours avec RedHat an d identier différentes catégories de chiers de conguration sachant que certains chiers sont propres au fonctionnement du service et que d autres décrivent comment le service s exécute sur la machine. 2. En prenant l exemple d une distribution inconnue, comment allez vous retrouver les chiers à modier pour congurer DHCP? 3. Reprendre les questions 1 et 2 pour le service NIS (utiliser les chiers d exemple en annexe pour Debian et RedHat). 4. Proposer une démarche globale. Exercice 3. Sauvegardes et volumétrie Les données à sauvegarder tiennent sur une bande et les données modiées par jour représentent moins de 10% des données totales 1. Combien de bandes faut-il pour sauvegarder des données sur une période de 1 an et pour pouvoir effectuer des restaurations par pas de 1 jour? 2. Même question avec des restaurations par pas de 12h. Eric Leclercq Marinette Savonnet Département IEM http://ufrsciencestech.u-bourgogne.fr 1

Annexe Exemples de chiers conguration 1!/bin/sh 3 $Id: dhcp3-server.init.d,v 1.4 2003/07/13 19:12:41 mdz Exp $ 5 test -f /usr/sbin/dhcpd3 exit 0 It is not safe to if we don t have a default conguration... 7 if [! -f /etc/default/dhcp3-server ]; echo "/etc/default/dhcp3-server does not exist! - Aborting..." 9 echo "Run dpkg-recongure dhcp3-server to x the problem." exit 0 11 Read init script conguration (so far only interfaces the daemon 13 should listen on.). /etc/default/dhcp3-server 15 DHCPDPID=/var/run/dhcpd.pid case "$1" in 17 ) echo -n "Starting DHCP server: " 19 --daemon -- --quiet --pidle $DHCPDPID \ --exec /usr/sbin/dhcpd3 -- -q $INTERFACES 21 sleep 2 23 if [ -f "$DHCPDPID" ] && ps h cat "$DHCPDPID" >/dev/null; echo "dhcpd3." 25 else echo "dhcpd3 failed to - check syslog for diagnostics." 27 exit 1 29 ) 31 echo -n "Stopping DHCP server: dhcpd3" --daemon -- --quiet --pidle $DHCPDPID 33 echo "." 35 re force-reload) $0 37 sleep 2 $0 39 if [ "$?"!= "0" ]; exit 1 41 43 *) echo "Usage: /etc/init.d/dhcp3-server { re force-reload}" 45 exit 1 esac 47 exit 0 Listing 1 /etc/init.d/dhcp3-server(debian) 1 Defaults for dhcp initscript sourced by /etc/init.d/dhcp 3 installed at /etc/default/dhcp3-server by the maintainer scripts 5 This is a POSIX shell fragment 7 On what interfaces should the DHCP server (dhcpd) serve DHCP requests? Separate multiple interfaces with spaces, e.g. "eth0 eth1". 9 INTERFACES="eth0" Listing 2 /etc/default/dhcp3-server(debian) 1 chier : dhcpd.conf 3 date : 13.12.2004 Eric Leclercq Marinette Savonnet Département IEM http://ufrsciencestech.u-bourgogne.fr 2

maj : 15.11.2005 10:17 5 auteur : mickael Choisnard 7 option generales ddns-update-style none; 9 authoritative; default-lease-time 3100; 11 max-lease-time 259200; option domain-name iem; 13 option domain-name-servers 172.21.16.35,193.50.50.6; 15 subnet 172.21.0.0 netmask 255.255.0.0 { option subnet-mask 255.255.0.0; 17 server-name "sagan.iem"; group { 19 Salle 112 option routers 172.21.16.34; 21 option broadcast-address 172.21.33.255; host dell210 {... Listing 3 Un extrait de /etc/dhcp3/dhcpd.conf(debian)!/bin/sh 2 dhcpd This shell script takes care of ing and ping 4 dhcpd. 6 chkcong: - 65 35 description: dhcpd provide access to Dynamic Host Control Protocol. 8 Source function library. 10. /etc/rc.d/init.d/functions 12 Source networking conguration.. /etc/syscong/network 14. /etc/syscong/dhcpd 16 Check that networking is up. [ ${NETWORKING} = "no" ] && exit 0 18 [ -f /usr/sbin/dhcpd ] exit 0 20 [ -f /etc/dhcpd.conf ] exit 0 if [! -f /var/lib/dhcp/dhcpd.leases ] ; 22 touch /var/lib/dhcp/dhcpd.leases [ -x /sbin/restorecon ] && [ -d /selinux ] && /sbin/restorecon /var/lib/dhcp/ 24 dhcpd.leases 26 RETVAL=0 prog="dhcpd" 28 congtest() 30 { /usr/sbin/dhcpd -t 32 return $? } 34 () { 36 Start daemons. echo -n $"Starting $prog: " 38 daemon /usr/sbin/dhcpd ${DHCPDARGS} RETVAL=$? 40 echo [ $RETVAL -eq 0 ] && touch /var/lock/subsys/dhcpd 42 return $RETVAL } 44 () { Stop daemons. Eric Leclercq Marinette Savonnet Département IEM http://ufrsciencestech.u-bourgogne.fr 3

46 echo -n $"Shutting down $prog: " killproc dhcpd 48 RETVAL=$? echo 50 [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/dhcpd return $RETVAL 52 } 54 See how we were called. case "$1" in 56 ) 58 ) 60 62 re reload) congtest exit $? 64 66 RETVAL=$? 68 condre) if [ -f /var/lock/subsys/dhcpd ]; 70 72 RETVAL=$? 74 congtest) 76 congtest RETVAL=$? 78 status) 80 status dhcpd RETVAL=$? 82 *) 84 echo $"Usage: $0 { re condre congtest status}" exit 1 86 esac exit $RETVAL Listing 4 /etc/init.d/dhcpd(redhat) 1!/bin/bash 3 ypserv: Starts the yp-server 5 Version: @() /etc/init.d/ypserv.init 1.0 7 Author: Joerg Mertin <smurphy@stargate.bln.sub.org> 9 chkcong: - 26 74 description: ypserv is an implementation of the standard NIS/YP networking \ 11 protocol. It allows network-wide distribution of hostname, \ username, and other information databases. This is the NIS \ 13 server, and is not needed on NIS clients. processname: ypserv 15 cong: /etc/ypserv.conf Source function library. 17 [ -f /etc/rc.d/init.d/functions ] exit 0. /etc/rc.d/init.d/functions 19 getting the YP-Domainname 21. /etc/syscong/network RETVAL=0 Eric Leclercq Marinette Savonnet Département IEM http://ufrsciencestech.u-bourgogne.fr 4

23 () { DOMAINNAME= domainname 25 if [ "$DOMAINNAME" = "(none)" -o "$DOMAINNAME" = "" ]; if [ -n "$NISDOMAIN" ]; 27 action $"Setting NIS domain name $NISDOMAIN: " domainname $NISDO MAIN 29 else exit 1 31 33 echo -n $"Starting YP server services: " daemon ypserv $YPSERV_ARGS 35 RETVAL=$? echo 37 [ $RETVAL -eq 0 ] && touch /var/lock/subsys/ypserv return $RETVAL 39 } () { 41 echo -n $"Stopping YP server services: " killproc ypserv 43 RETVAL=$? [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/ypserv 45 echo return $RETVAL 47 } See how we were called. 49 case "$1" in ) 51 53 ) 55 status) 57 status ypserv 59 re reload) 61 63 ) 65 status) 67 status ypserv 69 re reload) 71 73 condre) if [ -f /var/lock/subsys/ypserv ]; 75 77 79 *) echo $"Usage: $0 { status re reload condre}" 81 exit 1 esac 83 exit $RETVAL Listing 5 /etc/init.d/ypserv(redhat) 1!/bin/sh 3 /etc/init.d/nis Start NIS (formerly YP) daemons. Eric Leclercq Marinette Savonnet Département IEM http://ufrsciencestech.u-bourgogne.fr 5

5 7 Customize the variables in /etc/default/nis rather than here NISSERVER=false 9 YPPWDDIR=/etc YPCHANGEOK=chsh 11 [ -f /etc/default/nis ] &&. /etc/default/nis 13 NET="/usr/sbin" 15 test -f ${NET}/ypbind -a -f /etc/defaultdomain exit 0 17 If ypbind broadcasts for the default domain, we may not be bound to 19 any server yet (note that you can set broadcast in yp.conf for the default domain without ypbind being run with -broadcast) 21 bind_wait() 23 { [ " ypwhich 2>/dev/null " = "" ] && sleep 1 25 if [ " ypwhich 2>/dev/null " = "" ] 27 bound="" 29 echo -n "[binding to YP server " for i in 1 2 3 4 5 6 7 8 9 10 31 do sleep 1 33 echo -n "." if [ " ypwhich 2>/dev/null "!= "" ] 35 echo -n " done] " 37 bound="yes" break 39 done 41 [ "$bound" ] echo -n " backgrounded] " 43 } 45 Do we want ypbind to be ed? On a laptop without ethernet maybe not just yet - /etc/network/if-up.d will take care of it. 47 want_ypbind() 49 { Started manually? 51 if [ ""!= "$manual" ] 53 return 0 55 Then special case for (partly) diskless systems. 57 nfs_root= df -l / tail +2 nfs_usr= df -l /usr tail +2 59 if [ "" = "$nfs_root" ] && [ ""!= "$nfs_usr" ] 61 Root isn t on NFS, but /usr is, so 63 /etc/network/ifup.d couldn t ever have ed /usr/sbin/ypbind BUT the network is available. 65 return 0 67 69 Old style networking? if [ -f /etc/init.d/network ] [! -d /etc/network/if-up.d ] Eric Leclercq Marinette Savonnet Département IEM http://ufrsciencestech.u-bourgogne.fr 6

71 73 return 0 75 Right, assume /etc/network/if-up.d handles ing ypbind return 1 77 } 79 () { 81 oname= domainname nname= cat /etc/defaultdomain 83 if [ "$oname"!= "$nname" ]; echo "Setting NIS domainname to: $nname" 85 domainname "$nname" 87 echo -n "Starting NIS services: " if [ "$NISSERVER"!= "false" ] 89 echo -n "ypserv " 91 --daemon -- --quiet \ --pidle /var/run/ypserv.pid --exec ${NET}/ypserv 93 if [ "$NISSERVER" = master ] 95 E="" 97 if [ "$YPCHANGEOK"!= "" ] 99 OIFS="$IFS"; IFS="$IFS," for i in $YPCHANGEOK 101 do case "$i" in 103 chsh chfn) E="$E -e $i" 105 esac 107 done IFS="$OIFS" 109 echo -n "yppasswdd " 111 --daemon -- --quiet \ --exec ${NET}/rpc.yppasswdd -- -D $YPPWDDIR $E 113 echo -n "ypxfrd " --daemon -- --quiet \ 115 --exec ${NET}/rpc.ypxfrd 117 if egrep -q ˆ(ypserver domain) /etc/yp.conf 119 broadcast="" else 121 broadcast="-broadcast" 123 if want_ypbind 125 echo -n "ypbind " --daemon -b -- --quiet \ 127 --exec ${NET}/ypbind -- $broadcast bind_wait 129 echo 131 }... Listing 6 /etc/init.d/nis(debian) Eric Leclercq Marinette Savonnet Département IEM http://ufrsciencestech.u-bourgogne.fr 7