on sending a kerberos keytab to the client machine
David Magda
dmagda at ee.ryerson.ca
Tue Sep 25 16:41:15 CEST 2012
On Tue, September 25, 2012 03:02, Toomas Tamm wrote:
> Getting all this data into machine-readable form and onto your FAI
> server may well involve a lot more manual labour than typing an unique
> secret into each machine at install time...
[...]
Depending on your hardware vendor, it may be possible to get a spreadsheet
of serial numbers, which could then be accessed during installation via
dmidecode.
A while ago I was involved in a cluster build-out of about two hundred
machines, and our vendor was able to provide a list of machine serial
numbers and MACs from the order. When the hardware was installed, a hand
scanner was used to read in the MAC addresses in the order/location of
each machine was placed in the various racks. We used this to pre-populate
our DHCPd configuration with location-based hostnames.
When we experienced hardware issues, the vendor/colo techs could be
directly to machine in question (cage, rack, u-number) with a minimal fuss
via the serial number:MAC:hostname combination.
We didn't need it, but if a per-host secret was necessary, then the serial
number could have been used. We could either of used the provided
spreadsheet, or scanned it in at the same time as the MAC (both are often
on the hardware):
http://www.amazon.com/gp/bestsellers/electronics/15327871/
We currently use one of these for LTO tapes. They're surprisingly handy
when deal with large numbers of anything that have a bar coded identifier.
More information about the linux-fai
mailing list