[1240] in Hesiod
Re: [Hesiod] Announce: Hesutils, the Hesiod utilities
daemon@ATHENA.MIT.EDU (JFLF)
Thu Feb 25 07:23:16 2021
To: Andy Bennett <andyjpb@ashurst.eu.org>, <hesiod@mit.edu>
From: JFLF <jflf-gitlab@outlook.com>
Message-ID: <VI1PR04MB7101DE1A2AD42903E3C547C8819E9@VI1PR04MB7101.eurprd04.prod.outlook.com>
Date: Thu, 25 Feb 2021 13:22:34 +0100
In-Reply-To: <f5f95430-cce4-4001-bffa-5a7b0dd372cf@ashurst.eu.org>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: hesiod-bounces@mit.edu
On 24/02/2021 21.17, Andy Bennett wrote:
> Hi,
Hi Andy,
>> This has to be the lowest-volume mailing list to which I am subscribed. :)
>>
>> In case anyone is reading, I would like to announce the public
>> availability of a little project of mine: the Hesutils.
>>
>> It is available there:
>> https://gitlab.com/jflf/hesutils
>
> Thanks for this!
>
> It looks great.
> I also have a script called `hesgen` that I wrote years ago but it's
> nowhere near as sophisticated or well written as this one!
Thank you for the kind words! I hope that you won't change your mind after looking into it more closely. :)
Please note that the documentation is in a state of flux, and it's not really ready for publication right now. Hesiod suffers from a lack of comprehensive documentation, so having good doc is important.
> I've been thinking again recently about another Hesiod deployment.
>
> What are the best practices these days with respect to provisioning
> machines and resolvers so that the tables are available where they are
> needed but not generally available to everyone on The Internet?
>
> I'm thinking of cases like machines provisioned in different clouds and
> individual desktop PCs that aren't in a cluster room but might be laptops
> that roam around.
I can't help you much there, all of my use cases were self-contained clusters.
I was going to add that the MIT still have their Hesiod NS (ns.athena.mit.edu) available over the internet without any security of any sort. That's the reason why there's an option to block requests to that NS in the Hesutils configuration file, as unconfigured clients would send their requests there. But it seems to have disappeared! I'm only getting a custom SOA with "HESREQ.mit.edu." as the rname.
When I started writing those scripts, about 4 years ago, that NS still answered. So it seems that the changes have happened comparatively recently. Does anyone know what happened? Are they still using Hesiod internally, or have they decommissioned their Hesiod infrastructure entirely?
Thanks!
JF
> Anyway, thanks for the tools. They look really good.
>
>
>
>>
>> This project evolved from short Bash scripts that I wrote a few
>> years ago for a Hesiod development. Over the years I worked on
>> it on and off, and it's getting to the point where I think that
>> it could be useful to other people. So I'm making it available.
>>
>> In a nutshell, the main script creates Hesiod records for a
>> subset of the regular users and groups already existing on the
>> current system. It is a database translation tool. It can
>> produce output in various formats for different DNS servers, and
>> has quite a few parameters to control what is written. In
>> particular there is a rather complex group of options to control
>> FILSYS records, with home path rewriting, external file or
>> command, etc. It's probably too much for anyone remotely sane,
>> but I had fun writing it.
>>
>> The code should be reasonably reliable. The core operations
>> (generating the PASSWD, UID, GROUP, GID records) have been
>> working for years, and used on a production system. There might
>> still be bugs here and there for some combinations of options. I
>> would be grateful if you could report any issue that you find.
>>
>> Any advice or suggestion for improvement is also welcome.
>>
>> I am currently writing the documentation. There is already
>> enough in the "docs" subdirectory to get going, if you are
>> familiar with Hesiod. At the moment not every link of the index
>> points to a valid file, but eventually I'll fill that in.
>>
>> There is no release tag yet. I'll tag once the doc will be in
>> shape, and I'll have many more tests.
>>
>> For now the easiest way to try is:
>>
>> git clone https://gitlab.com/jflf/hesutils
>> cd hesutils
>> # edit the configuration file hesutils.conf to your taste
>> ./src/hesgen -c hesutils.conf
>>
>> It won't modify or damage anything, and the records are printed on stdout.
>>
>> Note: the following packages are required:
>> bash (>= 4.0)
>> awk
>> sed
>> column
>>
>> Thanks!
>> JF
>
_______________________________________________
Hesiod@mit.edu
http://mailman.mit.edu/mailman/listinfo/hesiod
