poor man's LDAP
Fed up of the overhead of "lightweight" directory services (read: LDAP) or configuration management services (e.g., Puppet), I finally cobbled together the part that everyone uses: distributing key documents among machines.
LDAP (and, heaven help us, NIS) just isn't right for handling small
Linux networks (5-20 machines) consisting mainly of homogeneous
workstations. My particular pain point is lab-style networks, where
all members of the lab should have an account on every workstation
since desks are on a first-come first-serve basis. Since I've been
dealing with this scenario before the common configuration management
solutions were popularized,
pmldap duplicates some effort. Since it
is written in plain-vanilla
pmldap is far simpler and less
comprehensive. But if all you need to do is synchronize a few key
files, dealing with the overhead of directory or configuration
management services is overkill.
Setup machines with ssh access and configure a server with ssh aliases (in
/etc/hosts) for each machine name (thus far,
pmldaponly partly handles this, with the
authorize-machinescript--free to pull request more complete functionality). Update the
configfile with the files/paths desired.
Place all machine names in the
machinesfile, one on each line.
sharedfolder, underneath which is the full path to the files you want merged with the client machines. E.g.,
shared/etc/passwdwould contain the additional users you wish to add to the client systems.
setupscript to copy all the necessary source files from the target machines into the
sourcefolder. At this point, there is a "clean" set of files in the
sharedfolder that will be merged with the
sourcefiles. Every file in the
sourcefolder will be merged with the files in the
sharedfolder according to its extension:
.beforewill be merged before,
afterwill go after the shared contents, and the plain file will override the contents of the shared files. You should manually update files depending on whether you them merged before or after (not doing anything results in no merge).
syncscript will handle the actual file merging in a
scpthese files to the client machines. Thanks to the merging, you can keep, say, a canonical list of users under the
sharedfolder and these will be merged with the system users copied from the
cmdscript will run a command (say, apt-get, yum, pacman, etc.) on all the client machines.
useraddis a simplified
bashreimplementation of the
passwdcommand that operates on the
sharedfolder instead of the system folder. It also generates the text of an email (derived from the
messagefile) that may contain instructions for new network users.
authorize-machinescript can be used to copy the appropriate
authorized_keysfile to the client machines for bootstrapping.
If the first argument to
cmd is a file, then
use this file as the machine list, effectively synchronizing or
running a command on the specified group of machines. For example, in
a heterogeneous environment in which you have Red Hat and Debian
machines in the
machines file, you may wish to create
redhat files, containing the list of machines that run Debian and
Red Hat, respectively. You may then use
./cmd debian apt-get ... ./cmd redhat yum ...
to install packages on different groups of machines.
bash, openssl, ssh
Test these scripts in a sandbox environment first. I am not
pmldap (or anything else) doing damage. There is a
DRYRUN parameter in the