Re: [SAGE] Changing NIS Master

[Gerd Aschemann <gerd@aschemann.net>]

On Thu, Aug 01, 2002 at 09:56:39AM -0500, Doug Hughes wrote:
> On Wed, 31 Jul 2002, Michael Noble wrote:
>
> > I currently have an NIS master on sys1 and and NIS slave server on sys2.
> > What I need to do is switch the role of each machine, so that sys2 is the
> > master and sys1 is the slave.  I know I can shutdown sys1 and run ypinit
> > on sys2 to make it the master.  What I am not sure about is if this can be
> > done while the systems are live and other machines are getting yp
> > information from the machine that I am making a slave.  I can't afford
> > for the yp clients to hang or need to be rebooted because I switched
> > a machine from slave to master.
> >
> > All help/information is appreciated.
> >
>
> Note: I haven't had to do this in a *very* long time, but it might
> possibly be easier if you introduced a third machine to act temporarily
> as a slave, then, as long as your clients rebind properly on failure
> (or you can possibly redirect them with -ypsetme or equiv), then you
> could change the master and slave quite easily.

The note above holds for me also: I have not administered NIS for
nearly three years, but have done so for some years. We had a network
with 6 slave servers, distributed over three buildings/sub networks
(two in each of them to have some redundancy even in case of network
partitioning). During the several years I ran these servers we had
several migrations of slave as well as master servers, all without
any problems. Nevertheless, I could fail in some details ...

I strongly recommend to run all such services on dedicated virtual IPs
if possible in your environment, not only for NIS but also for DNS,
MailHub/MX, News, ... This makes migration processes like this much
easier! You can simply build up a new server - temporary or as
replacement for a failed or outdated system. Once you are finished
with your setup up and have it properly tested you switch the virtual
IP address from the old to the new server and most clients will
"rebind" without even noticing!

Of course, if you run services which make use of other information
besides the IP, eg., SSL/SSH certificates, or "hardcoded" Ethernet
addresses in your ARP tables, you may have to switch these as well.

> However, you should be able to make the slave into a master using
> ypinit -m (copying over the make and includes etc - but leave
> ypservers only have name of local machine as master)
> While doing this, all the clients are pointing at the current
> master.. you may or may not need to restart ypserv (fuzzy)
> you'll want to start ypxfrd when done.

> then you can point your clients at the new master.

IIRC, the clients don't really care which server is the master. Only if
you run a yppasswdd they must find it. Therefore you could also update
ypservers directly as outlined below.

> then back on new master, edit ypservers and add the new slave (previous
> master) in there, make and push.
> You may have to ypxfr the map by hand the first time just to get
> things to synch properly.

In some cases, like this you will have to perform additional tasks,
like adding the new slave server to ypservers and removing the new
master. IIRC, this can be done at before the initial make, after
copying all source files from old master to new master.

Maybe it is necessary to drop all dbm files on the old master and to
resynchronize them (by ypxfr as recommended). If you have other slaves they
should get the maps by yppush.

--
Gerd Aschemann --- Veröffentlichen heißt Verändern (Carmen Thomas)