Changes between Initial Version and Version 1 of MolgenisServersFaq


Ignore:
Timestamp:
2012-09-01T13:15:33+02:00 (12 years ago)
Author:
Morris Swertz
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • MolgenisServersFaq

    v1 v1  
     1= FAQ for servers and VMs =
     2
     3== General ==
     4
     5* What is a virtual machine? - VM is a server that physically runs on top of another server. http://en.wikipedia.org/wiki/Virtual_machine
     6* What is the advantage? - You can copy VMs easily to other hardware without need of reinstall (in particular useful if hardware brakes).
     7* Where do we use our VMs for? - for all our MOLGENIS deployments.
     8* How request one? - Ask Morris to add your new VM to the above list.
     9* Can VMs be automatically created and killed? - No, currently all server startup/shutdown goes via Ger or Wietze
     10
     11== Access ==
     12* What kind of account do I need for VM access, and where do I get it? You need the standard LDAP in gcc group.
     13* How do I get a /home/myname directory? - Get somebody having root to create it for you on a particular vm (Ger, Morris, Wietze, ...)
     14* How do I log in to a VM? - From UMCG ssh yourname@molgenisXX.target.rug.nl. From home first go via vm7.target.rug.nl
     15* Do we use SSH keys for authentication? - No. For the moment everybody can setup their own keys if they like
     16* Is my account centralized across all VMs? - Yes. One login and password. Exceptions: vm7.target.rug.nl and gbic.target.rug.nl and millipede.service.rug.nl
     17* How do I install an additional application or library on a VM? - Binaries you can just put on your %PATH; otherwise as a 'root' to install RPMs
     18* Do I have root access on the VM's? - No. We aim to have VMs work without root access and have all software installed once centrally.
     19* Who have root access and when would they use it? - Ger, Morris, Wietze, ...
     20* Can I be a sudoer on a VM? Should I be? - QUESTION: can we install sudo on our servers??
     21
     22== Operating system ==
     23* Which OS do the VMs run? SUSE 11.x
     24* Is there anything I should pay special attention to?
     25* What are some basic commands and tools to get me started?
     26
     27== Storage and backups ==
     28* What is GPFS? - GPFS is our central storage. We have a small share of it at /target/gpfs2/gcc/.
     29* What is the relation to the VMs? - All VMs have access to the shared storage always using the same path /target/gpfs2/gcc/.
     30* When should I work on the local drive, and when on GPFS?
     31* How do I access the GPFS? Do I need additional permissions?
     32* Are database better located on the local drive, or on GPFS?
     33* What locations are suitable for certain data or user groups on GPFS?
     34* Can I request additional local harddrive space, or other upgrades like CPU or RAM?
     35* Are the VMs automatically backupped? If not can I request this? - BIG TODO
     36* Which folders on the VMs or GPFS are backupped? How can I verify or request this? - BIG TODO. Are whole VMs backupped?
     37* How do I restore a backup? - BIG TODO
     38
     39== Configuration ==
     40* How is my VM configured regarding to access and security, other than SSH/LDAP? - Everybody in 'gcc' group can login via ssh only.
     41* Where do I configure e.g. the firewall or proxy settings of a VM?
     42* Should I edit this if I can, and if so, what could go wrong?
     43* Which ports are opened by default, and what is their function? - Standard port 80 and port 8080 are open.
     44* How can I tweak memory usage of my applications? - TODO howto do this with ANT and Tomcat startup script
     45* How can I tweak memory usage of mysql? - TODO howto my.conf. In principle each VM should be preoptimized
     46* Can I monitor CPU, RAM, network or drive IO? - TODO
     47
     48== Hosting ==
     49* What processes should be run under which user, with regards to security? - TODO If with GPFS you ideally would like a user per app
     50* How secure should a demonstration system be, with regards to running tools, disk access, HTML exploits, etc? - TODO sandboxed (only local resources)
     51* How can I test this, and what is the worst case scenario? - Worst case: private data is shared or deleted; This should be prevented at all times.
     52* Should I prepare for this? - Yes: simplest solution is to limit access to local data only.
     53* Can I offer static files or HTML pages for download on a VM? How do I do this? - Put them in standard /srv/www/htdocs (served at port 80)
     54* Can I run other dynamic content scripts such as Perl / PHP via my VM? - No, please request if you need this
     55* How secure should a production system be? Should it be seperated from demonstration systems? - Yes
     56* What guarantees should or can I offer my customers? - TODO need recovery procedure; 1st line, nightly backup of the VM; 2nd line, complete reinstall