[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SAGE] number of eggs in a basket

To: sage-members@sage.org
Subject: Re: [SAGE] number of eggs in a basket
From: Phil Pennock <phil.pennock@globnix.org>
Date: Fri, 7 Jan 2005 17:43:43 +0100
In-Reply-To: <20050106223237.GK18275@netmeister.org>
Mail-Followup-To: sage-members@sage.org
References: <20050106223237.GK18275@netmeister.org>
Sender: owner-sage-members@usenix.org

On 2005-01-06 at 17:32 -0500, Jan Schaumann wrote:
> I have a system that basically is a single point of failure:  if it's
> down, nothing goes.  The services on that machine are WWW, NIS, NFS and
> mail.  Mail is delivered to ~/.mail so mail can be read via NFS and need
> not be fetched.
> 
> I do not like having all my eggs in this one basket, but on the other
> hand distributing the services to several machines seems to complicate
> things and increase the likeliness of one of the services failing.

How many fires do you want to fight at once?  If you only have to worry
about one service, you have more flexibility in fixing things.
Particularly if you want to do something like reboot to test that
everything now comes up cleanly on reboot: it's easier to justify "this
service has been down anyway, I'm only extending the outage by 4
minutes" than "there's going to be another outage of all these other
services".

If you want to split just one off and there's no direct
business/performance reason to choose any particular one, then the
question I have is, "Where do you keep your design notes and bug-fix
notes, or reports on how past problems were dealt with?"  Split that
one off such that it's not dependent on the rest, because not only is
it now less likely to fail (or be broken into and vandalised thanks
to a hole elsewhere) but you also now have access to all the history and
information needed to speed up bringing the other services back.

Eg, if you use email for this, keep email separate.  If a
Wiki/thingy-du-jour, split WWW off instead.

All this assumes that you don't have CGI scripts or the like on WWW.  If
you do, I advise that you split that one off, and fast, because it
should be treated as a different security profile to the others.
NIS and NFS very definitely don't run arbitrary code of extremely
low quality on the server (contentious, I know), and with Mail just
being an NFS mount, that doesn't either.
-- 
P: Well, what do we have as a diagnostic tool?
J: Customers

Follow-Ups:
- Re: [SAGE] number of eggs in a basket
  - From: Steve Simmons <scs@lokkur.dexter.mi.us>

References:
- [SAGE] number of eggs in a basket
  - From: Jan Schaumann <jschauma@netmeister.org>

Prev by Date: Re: [SAGE] number of eggs in a basket
Next by Date: Re: [SAGE] number of eggs in a basket
Prev by thread: Re: [SAGE] web form handling software
Next by thread: Re: [SAGE] number of eggs in a basket
Index(es):
- Date
- Thread