wiki:MolgenisServersFaq

Version 1 (modified by Morris Swertz, 12 years ago) (diff)

--

FAQ for servers and VMs

General

  • What is a virtual machine? - VM is a server that physically runs on top of another server. http://en.wikipedia.org/wiki/Virtual_machine
  • What is the advantage? - You can copy VMs easily to other hardware without need of reinstall (in particular useful if hardware brakes).
  • Where do we use our VMs for? - for all our MOLGENIS deployments.
  • How request one? - Ask Morris to add your new VM to the above list.
  • Can VMs be automatically created and killed? - No, currently all server startup/shutdown goes via Ger or Wietze

Access

  • What kind of account do I need for VM access, and where do I get it? You need the standard LDAP in gcc group.
  • How do I get a /home/myname directory? - Get somebody having root to create it for you on a particular vm (Ger, Morris, Wietze, ...)
  • How do I log in to a VM? - From UMCG ssh yourname@…. From home first go via vm7.target.rug.nl
  • Do we use SSH keys for authentication? - No. For the moment everybody can setup their own keys if they like
  • Is my account centralized across all VMs? - Yes. One login and password. Exceptions: vm7.target.rug.nl and gbic.target.rug.nl and millipede.service.rug.nl
  • How do I install an additional application or library on a VM? - Binaries you can just put on your %PATH; otherwise as a 'root' to install RPMs
  • Do I have root access on the VM's? - No. We aim to have VMs work without root access and have all software installed once centrally.
  • Who have root access and when would they use it? - Ger, Morris, Wietze, ...
  • Can I be a sudoer on a VM? Should I be? - QUESTION: can we install sudo on our servers??

Operating system

  • Which OS do the VMs run? SUSE 11.x
  • Is there anything I should pay special attention to?
  • What are some basic commands and tools to get me started?

Storage and backups

  • What is GPFS? - GPFS is our central storage. We have a small share of it at /target/gpfs2/gcc/.
  • What is the relation to the VMs? - All VMs have access to the shared storage always using the same path /target/gpfs2/gcc/.
  • When should I work on the local drive, and when on GPFS?
  • How do I access the GPFS? Do I need additional permissions?
  • Are database better located on the local drive, or on GPFS?
  • What locations are suitable for certain data or user groups on GPFS?
  • Can I request additional local harddrive space, or other upgrades like CPU or RAM?
  • Are the VMs automatically backupped? If not can I request this? - BIG TODO
  • Which folders on the VMs or GPFS are backupped? How can I verify or request this? - BIG TODO. Are whole VMs backupped?
  • How do I restore a backup? - BIG TODO

Configuration

  • How is my VM configured regarding to access and security, other than SSH/LDAP? - Everybody in 'gcc' group can login via ssh only.
  • Where do I configure e.g. the firewall or proxy settings of a VM?
  • Should I edit this if I can, and if so, what could go wrong?
  • Which ports are opened by default, and what is their function? - Standard port 80 and port 8080 are open.
  • How can I tweak memory usage of my applications? - TODO howto do this with ANT and Tomcat startup script
  • How can I tweak memory usage of mysql? - TODO howto my.conf. In principle each VM should be preoptimized
  • Can I monitor CPU, RAM, network or drive IO? - TODO

Hosting

  • What processes should be run under which user, with regards to security? - TODO If with GPFS you ideally would like a user per app
  • How secure should a demonstration system be, with regards to running tools, disk access, HTML exploits, etc? - TODO sandboxed (only local resources)
  • How can I test this, and what is the worst case scenario? - Worst case: private data is shared or deleted; This should be prevented at all times.
  • Should I prepare for this? - Yes: simplest solution is to limit access to local data only.
  • Can I offer static files or HTML pages for download on a VM? How do I do this? - Put them in standard /srv/www/htdocs (served at port 80)
  • Can I run other dynamic content scripts such as Perl / PHP via my VM? - No, please request if you need this
  • How secure should a production system be? Should it be seperated from demonstration systems? - Yes
  • What guarantees should or can I offer my customers? - TODO need recovery procedure; 1st line, nightly backup of the VM; 2nd line, complete reinstall