[Hcoop-discuss] Next hardware configuration/Email service

Adam Chlipala adamc at hcoop.net
Mon Jan 30 13:24:17 EST 2006 

Justin S. Leitgeb wrote:

>1) one or two relatively small web servers (with or without RAID 1, 
>mostly depending on if we can keep load low enough to switch users from 
>one web server to the other in the event of a failure).
>
>2) a system for services like IMAP and sendmail that only a core group 
>of admins needs shell access on - we could start on RAID 1 but I think 
>the I/O would kill us here, too as IMAP becomes more important.  IMAP 
>servers have huge I/O needs and RAID 10 would be nice eventually.
>
>3) a system loaded with cheap SATA disks for syslog and backups?
>  
>
What about having a centralized shared filesystem with shared user 
accounts, but not accessing it directly wherever that would introduce 
unacceptable performance penalties?  Instead of relying on the generic 
caching behavior of our network filesystem drivers, we would use 
domain-specific caching of the kind you suggested for web clusters.  
Files used by web and mail servers (for instance) would have primary, 
"logical" homes on the shared filesystem, but they would mostly be 
accessed from copies of the relevant directory tress stored on 
particular servers.  We would rsync the copies with the "real" versions 
daily.  For web site files, I think this would be rsyncing from shared 
to cached files; for mail, I think it would go in the other direction.

We would only have to worry about hardcore backup stuff for the shared 
filesystem.  Most servers would only need some simple level of RAID to 
prevent loss of the last day's data due to a disk failure.  On the file 
server, we'd worry about protection against benevolent human error (keep 
multiple images of all data) and system break-ins (regular copying of 
all data to an off-network location, where even someone who gains root 
access can't get to it).

 From the perspective of members, they could have the benefit of the 
unified filesystem view while working on performance-critical stuff.  
Then they would just need to run a suitable "publish" command to get 
their important service files cached in the right way.

>What about using LDAP or an alternative for managing these user accounts 
>across servers?  I'm not familiar enough with the applications you've 
>developed to know for sure how that would work out, but it seems that 
>there are plenty of tools for account administration, and we could 
>easily build something ourselves.  And in the setup above, the user 
>would only need accounts on two machines -- the web host they're 
>assigned to, as well as an IMAP account on the mail server.
>  
>
At CMU, where I went to undergrad, they used AFS with Kerberos to manage 
a shared filesystem with common user accounts.  This might work for us.

More information about the HCoop-Discuss mailing list