File distribution
From SystemImager
Contents |
Using overrides to distribute file across network
NOTE: this feature is available only in SystemImager 3.9.4 and above.
Overview
si_pushoverrides is a tool to distribute configuration files from the image server to the clients or group of them, using the SystemImager overrides. The command accepts a list of group or node names as arguments and concurrently synchronizes the content of the associated overrides to them using a server-drien approach (the image server copies the files to the clients using rsync over ssh to exploit the advantages of bandwidth optimization and security).
si_clusterconfig is a tool to manage and show the cluster topolgy. In show-mode the command accepts as argument a list of hostnames, host-ranges and/or host-group, it resolves them in the equivalent list of hostnames and prints them to stdout. The edit-mode can be interactive (option -e) or batch (option -u). In interactive edit-mode si_clusterconfig opens an editor in your terminal that allows to modify the client group definitions and their properties using a XML syntax. In batch edit-mode it only parses the pre-defined XML configuration and refresh the opportune SystemImager internal configuration files.
Define the cluster topology
Run the command si_clusterconfig -e as root.
There are 3 levels of hierarchy for the overrides:
- global override (to be distributed to all the nodes)
- group overrides (to be distributed only in a group of nodes)
- node overrides (to be distributed in a single node)
IMPORTANT: the files in the global override are distributed to all the nodes. If there is a file with the same path and the same name in a group override, the group override wins. If there is a file with same path and same name in a node override and a group override, then the node override wins.
The required elements are:
- the name of your image server: <master></master>
- the name of the global group (that identify all the nodes): <name></name>
- the name of the global override: <override></override>
A simple example
/etc/systemimager/cluster.xml:
<xml>
<master>master1</master>
<name>all</name>
<override>all</override>
<group>
<name>Login</name>
<image>RHEL5</image>
<override>Login</override>
<node>node001</node>
<node>node002</node>
</group>
<group>
<name>Compute</name>
<image>Ubuntu_gutsy</image>
<override>Compute</override>
<node>node003-node010</node>
</group>
</xml>
This is a 10-nodes cluster definition. The hostname of the image server is master1; the cluster has 2 login nodes (node001 and node002) that use the override called Login and 8 compute nodes (node003, node004, node005, node006, node007, node008, node009 and node010), that use the override called Compute.
Example 1: distribute the passwd, shadow and group to all the nodes
Create the files:
# cp -p /etc/passwd /var/lib/systemimager/overrides/all/etc/passwd # cp -p /etc/shadow /var/lib/systemimager/overrides/all/etc/shadow # cp -p /etc/group /var/lib/systemimager/overrides/all/etc/group
From master1 run the command:
# si_pushoverrides -v all
Basically when you specify the global override all the nodes defined in cluster.xml are updated accordingly to the hierarcy of the overrides.
Example 2: distribute different access.conf to Login and Compute nodes
Allow root to login on "Login" nodes only from the local domain. /var/lib/systemimager/overrides/Login/etc/security/access.conf:
-:root:ALL EXCEPT LOCAL .localcluster.domain.org
Disallow direct login on "Compute" nodes for non-privileged users. /var/lib/systemimager/overrides/Compute/etc/security/access.conf:
-:ALL EXCEPT root wheel:ALL
From master1 run the command:
# si_pushoverrides -v Compute Login
Example 3: close the second login node (node002) to non-privileged users
/var/lib/systemimager/overrides/node002/etc/security/access.conf:
-:ALL EXCEPT root:ALL -:root:ALL EXCEPT LOCAL .localcluster.domain.org
From master1 run the command:
# si_pushoverrides -v node002
See also
- man si_pushoverrides(8)
- man si_custerconfig(8)
