fd.o machines
See also MigrationPlan.
Machine Name |
Services |
CPU |
Memory |
Disk |
Location |
Status |
Notes |
Access |
tycho |
Fail safe -- iLO backup |
2x PIII 700MHz |
1G |
9GB (no RAID) |
PDX |
Operational |
Very unreliable, serial console unusable |
SW |
gabe |
Email -- postfix, mailman, amavisd, spamassassin, postgrey and bind |
2x Xeon 2.8GHz |
3.5G |
6x 36.4GB |
PDX |
Operational; currently still hosting wikis |
iLO |
SW |
kemper |
devel -- GIT/CVS/SVN master, download master, SQL server for BZ |
2x Opteron 270 |
4G |
6x 147GB |
PDX |
Fully operational |
iLO |
Dev (CVS/SVN/GIT-only) |
annarchy |
hosting -- web, anonftp, anoncvs, anonsvn, BZ frontend, dev home dirs, dev mbox if necessary |
2x Opteron 270 |
16G |
6x 147GB |
PDX |
Operational (BZ frontend, webcvs, gitweb, Planet, people.fd.o, Xen) |
iLO |
Dev shell |
fruit |
admin -- ldap, system backups, iLO |
1x Opteron 250 |
1G |
4x 36.4GB |
PDX |
Fully operational |
iLO |
SW |
Questions:
- Should we set aside space on annarchy/kemper for backups of each other?
fruit
Name |
Type |
Size |
Device |
/boot |
ext3 |
1G |
/dev/cciss/c0d0p1 |
/ |
ext3 |
1G |
/dev/cciss/c0d0p2 |
swap |
swap |
8G |
/dev/cciss/c0d0p5 |
fruit |
LVM |
62G |
/dev/cciss/c0d0p6 |
/usr |
ext3 |
5G |
/dev/fruit/usr |
/var |
ext3 |
10G |
/dev/fruit/var |
/home |
ext3 |
10G |
/dev/fruit/home |
/tmp |
ext3 |
8G |
/dev/fruit/tmp |
ok, icky but true, I couldn't get grub to install on fruit for some reason; it appears the disk access mechanism grub uses doesn't work. I did manage to get lilo working, but that required hand-editing the lilo.conf file as the installer produces a completely useless one. Don't forget to include the initrd.img, which is kinda important.
Other than that, the install appears to be going fine.
update -- after the machine was rebooted into it's own environment, grub installed cleanly. Of course, grub-instal doesn't bother to create a menu.lst, recovery from that was tricky.
annarchy
The raid array was configured as 5 disks in RAID 5 with a hot spare, for a total of 587.2GB.
Just like on fruit, create small initial partitions and plan on growing them as needed. Note that annarchy will (we hope) be running Xen so that we can run 'dangerous' projects in a tightly-controlled jail.
Name |
Type |
Size |
Device |
/boot |
ext3 |
1G |
/dev/cciss/c0d0p1 |
/ |
ext3 |
1G |
/dev/cciss/c0d0p2 |
swap |
swap |
32G |
/dev/cciss/c0d0p5 |
annarchy |
LVM |
553.2G |
/dev/cciss/c0d0p6 |
/usr |
ext3 |
5G |
/dev/annarchy/usr |
/var |
ext3 |
10G |
/dev/annarchy/var |
/srv |
ext3 |
10G |
/dev/annarchy/srv |
/home |
ext3 |
10G |
/dev/annarchy/home |
/tmp |
ext3 |
10G |
/dev/annarcny/tmp |
Note that this machine also had trouble with grub not working under debian installer but working fine once the machine was booted via lilo. I think I've got that little trick all figured out now. Again, select lilo, and then recover from the installer (fix the path to /boot/vmlinuz and add initrd=/boot/initrd.img), then reboot and run grub-install and then hand configure /boot/grub/menu.lst
pserver runs out of a chroot in /srv/anoncvs.freedesktop.org, which is push-rsync'ed from kemper.
kemper
I've configured this just like annarchy above. Only SWs have accounts by default.
Backups
We've got way more disk space than we'll need for a long time. I bought this setup so we could do backups inside our own systems as a first-level against single machine compromise or failure. We've got several kinds of things that need backups:
- CVS/bugzilla data -- must be secure, needn't be secret. Must be reliable and archival. PSU offers tape backups, we must regularly ensure that this is working.
- LDAP data -- must be secure and secret. Should be reliable; needn't be archival.
- Home directories -- should be secure, needn't be secret. Note that we offer backups of home directories solely for the convenience of the users; this isn't critical data and may get wiped at any time. Anyone using fd.o for archival purposes deserves whatever they get. These won't be backed up to tape; it's too expensive.
- System configuration -- must be secure, must be secret, should be reliable; needn't be archival. Fortunately, this is similar to LDAP data in that it doesn't change often, or at least doesn't change much.
In descending order of putative security, we have:
- tycho
- fruit
- kemper
- gabe
- annarchy
I suggest that we ensure that 'secret' data move only from less secure machines to more secure machines, so fruit backups can only go to tycho and perhaps some off-site machine (we can get space on an osuosl partition).
Naming
Names to be used after this include, in no particular order: charles (reserved for a powerpc machine), catsby, kara (reuse), brenna, div, merch, frank, twisp, period, cardboardtubesamurai (aka cts), mrtails, hector.
See also Wikipedia's entry on PA.