Walter R. Moore wrote:
I've read the official docs and the howto
(http://blogs.sun.com/bobd/resource/Getting Started with AMGH.html) for
AMGH, and I've read through Sun's own AMGH script, and I feel really at
sea.
Can someone please break this down to the simplest scenario for me, with
examples?
The simplest scenario:
You have two FOGs:
FOG A
--------
hostA1
hostA2
FOG B
--------
hostB1
hostB2
You have two users:
Alice has a smartcard with CUID "Payflex.Alice" and always wants a
session in FOG A
Bob has a smartcard with CUID "Payflex.Bob" and always wants a session
in FOG B
You write a simple script, and install it somewhere say
/foo/bar/amgh.script on all servers as follows:
----- Begin /foo/bar/amgh.script
#!/bin/ksh
# This loop will evaluate all the key=value stdin as variable
assignments so this script can use the variables
while read A; do
eval "$A"
done
case $insert_token in
Payflex.Alice)
echo "host=hostA1"
echo "host=hostA2"
echo "username=alice"
;;
Payflex.Bob)
echo "host=hostB1"
echo "host=hostB2"
echo "username=bob"
;;
esac
exit 0
----- End /foo/bar/amgh.script
You make sure that on all servers /foo/bar and amgh.script are owned by
root and not writable by group or other, and that amgh.script is
executable by owner. For example:
% ls -la /foo/bar
drwxr-xr-x 3 root sys 512 Oct 1 13:32 .
drwxr-xr-x 3 root sys 512 Jul 18 18:04 ..
-rwxr-xr-x 1 root root 416 Jun 30 2005 amgh.script
It's useful to replicate this script by rdist, NFS mount, or alternate
mechanism. Think about HA factors in this solution - you don't want to
create a SPOF for example an NFS mount to a single non-HA NFS server.
You run '/opt/SUNWut/sbin/utamghadm -s /foo/bar/amgh.script' on one
server in FOG A and one server in FOG B.
That's it. If Bob inserts his card, then no matter where his DTU is
connected it will redirect to FOG B, and Alice will always get
redirected to FOG A.
If it's a new session, they'll get load balanced. If they already have
a session in the FOG, they'll connect to it. If anybody else inserts
their card they'll stay on whatever server the DTU is currently
connected to.
Note that when users remove their cards AMGH will not redirect the DTU
unless instructed to do so by the script, so DTUs will remain parked
where they are left. You can solve this by handling the pseudo.* tokens
and emitting host=* strings as appropriate based on the MAC address, or
else emit "use_firstserver=true" for a "return to home on card removal"
model. This will cause DTUs to return to the first FOG they connected
to upon last bootup/reset.
If you want AMGH to also handle Non-SmartCard Mobility, then you need
the script to match on the username key in stdin and behave similarly
(emit host=* strings as appropriate for the user).
Most scripts will not hard-code the user->host mappings directly in the
script, they'll use some external DB such as LDAP.
-Bob
Say I have a FOG that is my dhcp auth server etc for sun rays, and say I
wanted to have it handle all sessions except for specific tokens I have
marked as going to a separate server.
Thanks in advance -- feel free to answer to me or to the list.. if you
answer to me I'll be happy to summarize to the list.
-Walter Moore
------------------------------------------------------------------------
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
