Thx Very Much Rick!!!<br><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Nov 30, 2012 at 10:00 AM, Rick Stevens <span dir="ltr"><<a href="mailto:ricks@alldigital.com" target="_blank">ricks@alldigital.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 11/30/2012 08:35 AM, Jack Craig issued this missive:<div><div class="h5"><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi Folks,<br>
<br>
The following strikes me as wrong, but i am Not guru,<br>
so i thought to ask this forum where the wizards Do Live! :)<br>
<br>
Pls consider a configuration with a single host providing NFS4<br>
/home directories for other hosts in a 6 host cluster. Further,<br>
openldap is on the same host to provide for authentication<br>
on all 6.<br>
<br>
the architect says its ok to configure all hosts w/DHCP,<br>
but i see the ip changing every day or 2 (many reboots due setup).<br>
<br>
I am a huge fan of static ip for servers, but what do i know?! :(<br>
<br>
So, Question, is DHCP ok for the 6 hosts in this config, or go static.<br>
<br>
More, static on server only maybe?<br>
</blockquote>
<br></div></div>
I am also a fan of static IPs for servers (indeed, anything providing<br>
a fairly stable service of some kind). That being said, you can have<br>
a DHCP server hand out a static IP to a machine by using a clause in<br>
the DHCP config that specifies the MAC address of the machine's NIC and<br>
the static IP, netmask, gateway and DNS servers you want it to have.<br>
<br>
If you tie your DHCP server to your DNS service, whenever a DHCP address<br>
is handed out it can update your DNS as well. This is probably the best<br>
configuration to have and gives you more or less a single point of<br>
control. You also potentially have a single point of failure (unless<br>
you run redundant DHCP and DNS servers).<br>
<br>
With LDAP: If you're worried about the "pam_check_host_attr" directive,<br>
that's driven by the host name of the client machine (output of the<br>
"hostname" command)--not its IP address.<br>
<br>
If you're worried about the "uri" directives in LDAP, they'll take<br>
either IPs or hostnames as arguments. Personally, I prefer a static IP<br>
on LDAP servers and use of the IP address in the "uri" directives in<br>
case DNS is down or misbehaving. This is really important if the only<br>
way into a machine is via SSH, you've blocked root logins via SSH and<br>
use LDAP as an authentication mechanism. We also create a non-root local<br>
user on all machines (typically "admin") that can "sudo bash -l" in<br>
case LDAP is down as well.<br>
<br>
Keep in mind that we manage about 600 machines in two data centers and<br>
are just SLIGHTLY paranoid about this sorta thing. We can't always just<br>
"plug in a console" to get at a machine that's got problems.<br>
------------------------------<u></u>------------------------------<u></u>----------<br>
- Rick Stevens, Systems Engineer, AllDigital <a href="mailto:ricks@alldigital.com" target="_blank">ricks@alldigital.com</a> -<br>
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -<br>
- -<br>
- Always remember you're unique, just like everyone else. -<br>
------------------------------<u></u>------------------------------<u></u>----------<div class="HOEnZb"><div class="h5"><br>
-- <br>
users mailing list<br>
<a href="mailto:users@lists.fedoraproject.org" target="_blank">users@lists.fedoraproject.org</a><br>
To unsubscribe or change subscription options:<br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/users" target="_blank">https://admin.fedoraproject.<u></u>org/mailman/listinfo/users</a><br>
Guidelines: <a href="http://fedoraproject.org/wiki/Mailing_list_guidelines" target="_blank">http://fedoraproject.org/wiki/<u></u>Mailing_list_guidelines</a><br>
Have a question? Ask away: <a href="http://ask.fedoraproject.org" target="_blank">http://ask.fedoraproject.org</a><br>
</div></div></blockquote></div><br></div>