HPE Community
Operating System - Linux
1829176 Members
2219 Online
109986 Solutions
New Discussion

distributed administration

 
SOLVED
Go to solution
joseph wholey
Regular Advisor

‎01-26-2007 04:23 AM

‎01-26-2007 04:23 AM

distributed administration

Not sure if this is the right place to post...
With the advent of security audits and the requirement of "no remote root login" in the enterprise environment, how are most people distributing config files (when needed) "wholesale" to their distributed environments?
0 Kudos
Reply
3 REPLIES 3
Ivan Ferreira
Honored Contributor

‎01-26-2007 06:03 AM

‎01-26-2007 06:03 AM

Solution

Re: distributed administration

This could be a problem. Try to use centralized environments, like LDAP, so individual configuration files should not be replaced very often.

Depending of your network, for applications configuration files you could use NFS.

When I have to update configuration files in my servers, I just tar the files, transfer the files with my account, logon on each server with my account and use sudo to untar the configuration files.

Using root account with public keys could be acceptable.

Some people use rdisk, you can see a description of its usage here:

http://www.sunmanagers.org/archives/1997/1190.html
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Reply
Alexander Chuzhoy
Honored Contributor

‎01-26-2007 07:02 AM

‎01-26-2007 07:02 AM

Re: distributed administration

You can define 1 machine to be a central distributor of config files. This machine's root's ssh keys (the content of /root/.ssh/id_dsa.pub file) should be placed in /root/.ssh/autorized_keys on all machines where you wish to ditribute the config files.
Now you can use various tools to help you with distribution.
I would suggest the rdist utility (man rdist) and the cfengine (http://www.cfengine.org/). The cfengine is a very powerfull tool. It'll take you sometime to understand how it works, but from then the distribution/automation will become a painless procedure...
0 Kudos
Reply
Ragu_3
Trusted Contributor

‎01-28-2007 08:54 PM

‎01-28-2007 08:54 PM

Re: distributed administration

Almost all machines these days have "ssh" installed on them from a security point of view. Use "scp" to copy files onto other machines/distributed computers.
Debian GNU/Linux for the Enterprise! Ask HP ...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.