| 1 | = FAQ for servers and VMs = |
| 2 | |
| 3 | == General == |
| 4 | |
| 5 | * What is a virtual machine? - VM is a server that physically runs on top of another server. http://en.wikipedia.org/wiki/Virtual_machine |
| 6 | * What is the advantage? - You can copy VMs easily to other hardware without need of reinstall (in particular useful if hardware brakes). |
| 7 | * Where do we use our VMs for? - for all our MOLGENIS deployments. |
| 8 | * How request one? - Ask Morris to add your new VM to the above list. |
| 9 | * Can VMs be automatically created and killed? - No, currently all server startup/shutdown goes via Ger or Wietze |
| 10 | |
| 11 | == Access == |
| 12 | * What kind of account do I need for VM access, and where do I get it? You need the standard LDAP in gcc group. |
| 13 | * How do I get a /home/myname directory? - Get somebody having root to create it for you on a particular vm (Ger, Morris, Wietze, ...) |
| 14 | * How do I log in to a VM? - From UMCG ssh yourname@molgenisXX.target.rug.nl. From home first go via vm7.target.rug.nl |
| 15 | * Do we use SSH keys for authentication? - No. For the moment everybody can setup their own keys if they like |
| 16 | * Is my account centralized across all VMs? - Yes. One login and password. Exceptions: vm7.target.rug.nl and gbic.target.rug.nl and millipede.service.rug.nl |
| 17 | * How do I install an additional application or library on a VM? - Binaries you can just put on your %PATH; otherwise as a 'root' to install RPMs |
| 18 | * Do I have root access on the VM's? - No. We aim to have VMs work without root access and have all software installed once centrally. |
| 19 | * Who have root access and when would they use it? - Ger, Morris, Wietze, ... |
| 20 | * Can I be a sudoer on a VM? Should I be? - QUESTION: can we install sudo on our servers?? |
| 21 | |
| 22 | == Operating system == |
| 23 | * Which OS do the VMs run? SUSE 11.x |
| 24 | * Is there anything I should pay special attention to? |
| 25 | * What are some basic commands and tools to get me started? |
| 26 | |
| 27 | == Storage and backups == |
| 28 | * What is GPFS? - GPFS is our central storage. We have a small share of it at /target/gpfs2/gcc/. |
| 29 | * What is the relation to the VMs? - All VMs have access to the shared storage always using the same path /target/gpfs2/gcc/. |
| 30 | * When should I work on the local drive, and when on GPFS? |
| 31 | * How do I access the GPFS? Do I need additional permissions? |
| 32 | * Are database better located on the local drive, or on GPFS? |
| 33 | * What locations are suitable for certain data or user groups on GPFS? |
| 34 | * Can I request additional local harddrive space, or other upgrades like CPU or RAM? |
| 35 | * Are the VMs automatically backupped? If not can I request this? - BIG TODO |
| 36 | * Which folders on the VMs or GPFS are backupped? How can I verify or request this? - BIG TODO. Are whole VMs backupped? |
| 37 | * How do I restore a backup? - BIG TODO |
| 38 | |
| 39 | == Configuration == |
| 40 | * How is my VM configured regarding to access and security, other than SSH/LDAP? - Everybody in 'gcc' group can login via ssh only. |
| 41 | * Where do I configure e.g. the firewall or proxy settings of a VM? |
| 42 | * Should I edit this if I can, and if so, what could go wrong? |
| 43 | * Which ports are opened by default, and what is their function? - Standard port 80 and port 8080 are open. |
| 44 | * How can I tweak memory usage of my applications? - TODO howto do this with ANT and Tomcat startup script |
| 45 | * How can I tweak memory usage of mysql? - TODO howto my.conf. In principle each VM should be preoptimized |
| 46 | * Can I monitor CPU, RAM, network or drive IO? - TODO |
| 47 | |
| 48 | == Hosting == |
| 49 | * What processes should be run under which user, with regards to security? - TODO If with GPFS you ideally would like a user per app |
| 50 | * How secure should a demonstration system be, with regards to running tools, disk access, HTML exploits, etc? - TODO sandboxed (only local resources) |
| 51 | * How can I test this, and what is the worst case scenario? - Worst case: private data is shared or deleted; This should be prevented at all times. |
| 52 | * Should I prepare for this? - Yes: simplest solution is to limit access to local data only. |
| 53 | * Can I offer static files or HTML pages for download on a VM? How do I do this? - Put them in standard /srv/www/htdocs (served at port 80) |
| 54 | * Can I run other dynamic content scripts such as Perl / PHP via my VM? - No, please request if you need this |
| 55 | * How secure should a production system be? Should it be seperated from demonstration systems? - Yes |
| 56 | * What guarantees should or can I offer my customers? - TODO need recovery procedure; 1st line, nightly backup of the VM; 2nd line, complete reinstall |