[AktiviX-discuss] RFC please .. devloping our infrastructure

Alan Dawson aland at burngreave.net
Sat Aug 26 22:22:26 UTC 2006 

Quoting Alan Dawson <aland at burngreave.net>:

> ... I can provide more details if required.
> 
>

cat  aktivix-tech-changes
Start
-----

Describe existing machine set up
   - miserably the machine seems to be broken now.. but this is a dual opteron,
2GB ram, 4x250GB SATA disk on a 3ware 9xxx ( i forget the exact number ) raid
controller in a raid5 configuration, giving a 750GB of useable disk space.  The
/home partion has 500Gb in it.

There are several partitions

255 heads, 63 sectors/track, 91178 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1         486     3903763+  83  Linux
/dev/sda2             487       91178   728483490    5  Extended
/dev/sda5             487        1702     9767488+  83  Linux
/dev/sda6            1703        5349    29294496   83  Linux
/dev/sda7            5350        5835     3903763+  83  Li
/dev/sda9            6809       79754   585938713+  83  Linux
/dev/sda10          79755       91178    91763248+  83  Linux

Mounted like

proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
usbfs on /proc/bus/usb type usbfs (rw)
/dev/sda9 on /home type ext3 (rw)
/dev/sda7 on /tmp type ext3 (rw,noexec)
/dev/sda5 on /usr type ext3 (rw)
/dev/sda6 on /var type ext3 (rw)

Note sda10 is not mounted .. this was my ~100Gbyte get out of jail free card..
which we can use to rejig the system in a way i describe later.

Describe Options for virtualisation and the benefits
        - virtualisation is a way of splitting the resources of a physical
machine into number of virtual machines.  The virtual machines are logically
separate from each other and cannot interfere or alter the running of the
physical host or the other virtual machines. This gives obvious administrative
and security benefits.
   -  Virtualisation technology.
                -       UML, Linux Vserver, Xen, ...
                        There are a number of different ways of virtualising
machines.  They have subtle differences, and actually solve different
problems.
                                UML has made itself into the linux kernel, but I
am not going to consider use because its performance is not as good as some of
the others.
                                Linux Vserver is a way of creating virtual
servers, its used by other international tech collectives, and has been used by
us on the shadow server from the tachanka server collective.  It allows
vservers to share the ram and cpu of a host machine whilst being locked into a
secure container which they cannot escape from.  It uses a single kernel which
is available across all vservers.  CPU and RAM usage can be limited, but its (
felt at least to me ) relatively difficult.
                                XEN requires allows creation of different
virtual server, caled domains.  These virtual servers have a hard limits of CPU
and RAM assigned to them, which cannot be exceeded by the virtual servers. It
allows many different OS to be run on top of it, but the kernel must be
modified ( at least on CPU hardware that does not  support native
virtualisation - everything except the very latest CPU from Intel and AMD. ) 
Its concievable that a linux vserver virtualisation could be used in a xen
domain.

I prefer to use XEN in the first place, and if we require vserver - because we
wish to borrow some of the vserver techniques from other collectives we can
install vserver on a xen domain.


   - Reference server security protocols page

Describe how to move to xen
        - has 100GB disk space in a spare partion
        - tarball up the existing fs to spare partition
        - install and reboot to xen
        - blow away existing /home
        - convert to LVM
        - untar existing server to LVM
        - add a xen kernel and modules to the LVM
        - boot it as a xen machine
        - fix any bugs!
        - Time scale 2 days
        - Risks
                - fuck up and my friends lose their job :-(
                - fuck up and i lose my friends  :-(

Discuss moving lists
        - easy done this twice now.  Time scale 2 days

Discuss moving mail
        - issues passwords, time scale, new structure which has better
decentralised management using a simple non techy interface.

Time scales ?
        -  need to discuss some of the details with the NGO who owns the server
        -  lists can move quickly, mail longer,
        -  other services can move before mail

End up
-----

Pictures of riseup syscp thing

http://deb.riseup.net/web-server/syscp/

though riseup say they would have used ravencore instead.
also there is
http://wiki.boum.org/Frangipane

Talk about web hosts / drupal farm / wiki farm / mkdoc farm



-- 
"If you make decisions about software -- or anything -- based solely on
short-term cost and benefit, someone with a longer view can easily
manoeuver you into a trap from which it is hard to escape."

More information about the AktiviX-discuss mailing list