NIS_MIGRATION.INFO 11-17-99 DSFoster This file documents the procedures taken to migrate our NIS master and slave servers from Szechuan and Pitstop, respectively (both SunOS 4.1.4), to Blinky and Golgi (Solaris 2.6, IRIX 6.5.4). Note: The method for moving an NIS master server, described in "Managing NIS and NFS", O'Reilly, 2nd Ed, pg. 64-66, does NOT seem to work (errors from ypxfr)! Resource: "Solaris Naming Setup and Configuration", Chapter 10, "Configuring NIS Service", from Solaris 2.6 System Administration set of books available from docs.sun.com . A. Create new slave server on Golgi: Source: "Managing NIS and NFS", O'Reilly, 2nd Ed, pg. 25-26. 1. Update "ypservers" file on Szechuan to include Golgi: On Szechuan: ypcat -k ypservers > /tmp/ypservers vi /tmp/ypservers {add "golgi golgi"} cd /usr/etc/yp cat /tmp/ypservers | /usr/etc/yp/makedbm - /var/yp/sdmir/ypservers 2. Initialize NIS on Golgi and start ypserv: On Golgi: ypinit -s szechuan Transferring map auto.direct from server szechuan. Transferring map auto.home from server szechuan. Transferring map auto.indirect from server szechuan. Transferring map auto.master from server szechuan. Transferring map auto.sgi from server szechuan. Transferring map bootparams from server szechuan. Transferring map ethers.byaddr from server szechuan. Transferring map ethers.byname from server szechuan. Transferring map group.bygid from server szechuan. Transferring map group.byname from server szechuan. Transferring map hosts.byaddr from server szechuan. Transferring map hosts.byname from server szechuan. Transferring map mail.aliases from server szechuan. Transferring map mail.byaddr from server szechuan. Transferring map netgroup from server szechuan. Transferring map netgroup.byhost from server szechuan. Transferring map netgroup.byuser from server szechuan. Transferring map netid.byname from server szechuan. Transferring map netmasks.byaddr from server szechuan. Transferring map networks.byaddr from server szechuan. Transferring map networks.byname from server szechuan. Transferring map passwd.byname from server szechuan. Transferring map passwd.byuid from server szechuan. Transferring map protocols.byname from server szechuan. Transferring map protocols.bynumber from server szechuan. Transferring map publickey.byname from server szechuan. Transferring map rpc.bynumber from server szechuan. Transferring map services.byname from server szechuan. Transferring map ypservers from server szechuan. The process "nsd", which provides both ypserv and ypbind functionality, is already running, since Golgi was already an NIS client. 3. Propogate new "ypservers" map to all slaves: On Szechuan: /usr/etc/yp/yppush ypservers B. Disable NIS slave server on Pitstop 1. Rebuild ypservers map on Szechuan: ypcat -k ypservers | grep -v pitstop | \ /usr/etc/yp/makedbm - /var/yp/sdmir/ypservers 2. Rename: /var/yp/sdmir -> /var/yp/disabled.sdmir 3. Kill ypserv daemon 4. Distribute new ypservers file on Szechuan: /usr/etc/yp/yppush ypservers C. Move NIS master from Szechuan to Blinky: 1. Copy source maps from Szechuan to Blinky: copy szechuan:/var/yp/maps tree to blinky:/var/yp/maps 2. Create domain directory: blinky: mkdir /var/yp/sdmir (permissions drwxr-sr-x) 3. Modify /var/yp/Makefile on Blinky: Here are the changes made to this file: * "#B=" -> "B=-b" (DNS forwarding) * DIR =/var/yp/maps * PWDIR =/var/yp/maps * Add to "all:" target: auto.sgi auto.direct auto.indirect * Remove from target "all": timezone * Add targets auto.sgi.time, auto.direct.time, auto.indirect.time * Change auto_home/auto_master to auto.home/auto.master * Add targets auto.sgi, auto.direct, auto.indirect at end 4. Copy szechuan:/var/yp/securenets file to blinky:/var/yp and to golgi:/etc . Add entry for localhost, since NIS lookups from the NIS master are done via the loopback interface, so they have an IP address of 127.0.0.1, not the external IP of the machine (robsonk@ebrd.com). 5. Copy source file /var/yp/maps/aliases to /etc/mail/aliases, since under Solaris this map's source must be in /etc/mail. 6. Do not use NIS for lookups for now on Blinky: cp /etc/nsswitch.files /etc/nsswitch.conf # No NIS 7. Initialize Blinky as a master server: On Blinky: cd /var/yp ypinit -m Output of make: make[1]: Entering directory `/var/yp' updated passwd updated group updated hosts updated ethers updated networks updated rpc updated services updated protocols updated netgroup updated bootparams WARNING: writable directory /var WARNING: writable directory /var/spool WARNING: writable directory /var WARNING: writable directory /var WARNING: writable directory /var WARNING: writable directory /var WARNING: writable directory /var WARNING: writable directory /var /var/yp/sdmir/mail.aliases: 127 aliases, longest 985 bytes, 9724 bytes total /usr/lib/netsvc/yp/mkalias /var/yp/`domainname`/mail.aliases /var/yp/`domainname`/mail.byaddr; rm /var/yp/`domainname`/mail.aliases; updated aliases updated publickey updated netid /usr/sbin/makedbm /var/yp/maps/netmasks /var/yp/`domainname`/netmasks.byaddr; updated netmasks updated auto.master updated auto.home updated auto.sgi updated auto.direct updated auto.indirect make[1]: Leaving directory `/var/yp' 8. Now use NIS for lookups: cp /etc/nsswitch.nis /etc/nsswitch.conf D. Create new slave server on Golgi (with Blinky as master): Source: "Managing NIS and NFS", O'Reilly, 2nd Ed, pg. 25-26. 1. Update "ypservers" file on Blinky to include Golgi: On Blinky: ypcat -k ypservers > /tmp/ypservers vi /tmp/ypservers {add "golgi"} cat /tmp/ypservers | /usr/sbin/makedbm - /var/yp/sdmir/ypservers 2. Initialize NIS on Golgi and restart nsd: On Golgi: /var/yp/ypinit -s blinky Destination directory, /var/ns/domains/sdmir, already exists. Can we remove it? [y/n] y Transferring map auto.direct from server blinky. Transferring map auto.home from server blinky. Transferring map auto.indirect from server blinky. Transferring map auto.master from server blinky. Transferring map auto.sgi from server blinky. Transferring map bootparams from server blinky. Transferring map ethers.byaddr from server blinky. Transferring map ethers.byname from server blinky. Transferring map group.bygid from server blinky. Transferring map group.byname from server blinky. Transferring map hosts.byaddr from server blinky. Transferring map hosts.byname from server blinky. Transferring map mail.aliases from server blinky. Transferring map mail.byaddr from server blinky. Transferring map netgroup from server blinky. Transferring map netgroup.byhost from server blinky. Transferring map netgroup.byuser from server blinky. Transferring map netid.byname from server blinky. Transferring map netmasks.byaddr from server blinky. Transferring map networks.byaddr from server blinky. Transferring map networks.byname from server blinky. Transferring map passwd.byname from server blinky. Transferring map passwd.byuid from server blinky. Transferring map protocols.byname from server blinky. Transferring map protocols.bynumber from server blinky. Transferring map publickey.byname from server blinky. Transferring map rpc.bynumber from server blinky. Transferring map services.byname from server blinky. Transferring map services.byservicename from server blinky. Transferring map ypservers from server blinky. Kill nsd daemon and restart it: killall -HUP nsd NOTES: 1. On SunOS and Solaris systems, for ypset to work ypbind must be started with -ypset or -ypsetme options. These options are insecure and should only be used for debugging. Here's the error message you get when trying to use ypset without one of these options: /usr/etc/yp/ypset golgi ypset: Sorry, ypbind on host szechuan has rejected your request. 2. DIM: For now use "files" first for hosts and bootparams, and disable dns for hosts. These will be restored. Also, disable the name-service cache by renaming /etc/named.boot; put hard- coded nameservers in /etc/resolv.conf . 3. To use 'securenets' file, you need to add entry for localhost 127.0.0.1 (see C-4 above). 4. In /var/yp/Makefile have aliases.{dir,pag} copied to /etc/mail so local sendmail uses new maps: aliases.time: $(ALIASES) @cp $(ALIASES) $(YPDBDIR)/$(DOM)/mail.aliases; @/usr/lib/sendmail -bi -oA$(YPDBDIR)/$(DOM)/mail.aliases; $(MKALIAS) $(YPDBDIR)/$(DOM)/mail.aliases $(YPDBDIR)/$(DOM)/mail.byaddr; #=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= # Copy updated aliases.{dir,pag} to $ALIASES_DIR so master server uses them # DSFoster 8-27-01 @cp $(YPDBDIR)/$(DOM)/mail.aliases.pag $(ALIASES_DIR)/aliases.pag @cp $(YPDBDIR)/$(DOM)/mail.aliases.dir $(ALIASES_DIR)/aliases.dir @echo "aliases.{pag,dir} copied to $(ALIASES_DIR)" #=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= @rm $(YPDBDIR)/$(DOM)/mail.aliases; @touch aliases.time; @echo "updated aliases"; @if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) mail.aliases; fi @if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) mail.byaddr; fi @if [ ! $(NOPUSH) ]; then echo "pushed aliases"; fi 5. From Sun Manager's list, steps to take to set up NIS client: brodcast mode: 1.domainname your-domain 2.domainname > /etc/defaultdomain 3./usr/lib/netsvc/yp/ypbind 4.cp /etc/nsswitch.nis /etc/nsswitch.conf ypset mode: 1.domainname your-domain 2.domainname > /etc/defaultdomain 3.mkdir /var/yp/binding/your-domain 4.echo "your-nis-server-name" > /var/yp/binding/your-domain/ypservers 5.add the nis server to the clients hosts file 6.ypinit -c - answer the questions . 7./usr/lib/netsvc/yp/ypbind 8.cp /etc/nsswitch.nis /etc/nsswitch.conf