Poll: your oppinion about the best setup...
April 2018
Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30          
This site is an effort to share some of the base knowledge I have gathered through all this years working with Linux, FreeBSD, OpenBSD, Python or Zope, among others. So, take a look around and I hope you will find the contents useful.
Recent Entries
Recent Comments
Recent Trackbacks
OpenBSD (9 items)
BSD (0 items)
FreeBSD (19 items)
Linux (3 items)
Security (3 items)
Python (22 items)
Zope (13 items)
Daily (144 items)
e-shell (9 items)
Hacks (14 items)
PostgreSQL (3 items)
OSX (8 items)
Nintendo DS (0 items)
enlightenment (0 items)
Apache (3 items)
Nintendo Wii (1 items)
Django (24 items)
Music (12 items)
Plone (7 items)
Varnish (0 items)
Lugo (2 items)
Sendmail (0 items)
europython (7 items)
Cherokee (1 items)
self (1 items)
Nature (1 items)
Hiking (0 items)
uwsgi (0 items)
nginx (0 items)
cycling (10 items)
Networking (1 items)
DNS (0 items)

Syndicate this site (XML)

RSS/RDF 0.91

28 febrero

Poll: your oppinion about the best setup...

...for a new intranet server

This post will probably end like a shoot on my feet (hope not), but I would like to ask you (my daily readers) about your oppinions regarding the setup of my new intranet server, just keep reading the post and you will find the questions at the end of it.

UPDATE: Paco shared his point of view over this topic, anybody else willing to add some more information?

Last week, I got a new intranet server, a Dell Poweredge 6650 (click to get the full specs), being a 4-dual-xeon processor (8 3Ghz cores), 8Gb of DDR RAM and 2 146Gb SCSI harddrives + 1Tb NAS space its most noticeable specs.

This server was bought to fulfill the following tasks:

1- Intranet server:

This is a production "do-not-touch-it-if-it-works-fine" server. Every services will have to be running 24x7 without interruption. External (Internet) access to this server is forbidden.

  • OpenLDAP database with user information (used as a backend for authentication purposes)
  • Samba PDC for some MS Windows clients in the network
  • NFS export of some space to Linux clients in the network (users' homes and some shared directories between different departments)
  • Web/application server for some production webapps we need for work (mostly Zope, django and php based apps, so we need Apache2, mod_python/mod_wsgi, mod_php, Zope, etc)
  • Database server (both MySQL and PostgreSQL) to store the databases of the previously mentioned webapps.
  • RCS server, where we store the source code of our projects (currently using svn, but probably will be bazaar/darcs/git/whatever repos soon) + trac access to manage the projects.
  • Internal DNS/DHCP server, resposible to give ip addresses to authorized machines and give them a name too (automatic name-to-address mapping)
  • Internal NTP server to keep everything on time.
  • OpenERP server, as we are using OpenERP as our ERP software solution, and we need it to be in production state for our company.

2- Development server:

We need a clone of our public production servers (the servers where we publish customer-access products), in order to perform some final tests before publishing. External (Internet) access to this server is needed.

  • Web/application server, as in the case of the intranet server, Apache2, mod_python/mod_wsgi, mod_php, Zope...
  • Database server, with both MySQL and PostgreSQL
  • Everything needed for the tests (dependencies, like programming languages, libraries, etc).
  • Customers will have access to this server, to check products/services before putting them online (production state).

3- Shared rcs server:

For some of our projects, we do some collaboration with people outside our office, and mostly important, outside our company. For these collaborations, we need to set up a rcs server to share both source code and documentation with external developers. External (Internet) access to this server is needed.

  • rcs software (bazaar/git/darcs/svn/whatever)
  • trac (so we'll need at least apache + mod_python + sqlite/postgresql)

4- testing server:

As we are continuously improving our development environment with new tools, we should have a testing sandbox server to install/deinstall new software, mostly open source software, just to test it. As these tests are performed by non-high-techie users, we need an environment that could be broken at a given time, but that could be reinstalled without pain. External (Internet) access to this server is forbidden.

Ok, those are our needs, now the posible choices:

1- FreeBSD

Our currently infraestructure is using almost FreeBSD for every serving needs. Our currently public servers (x3) are running FreeBSD 6-STABLE and 7-STABLE and our current intranet server runs 7-STABLE too. Having such an homogeneous environment is quite good, as you can move things from one server to another easily.

For this server we could use 7-STABLE (hardware is well-supported) running the Intranet server and using jails to setup the other 3 servers. Setting up a jail for each server allow us to have 4 independent servers, each one with it's associated ip address and its dedicated resources (which is needed as both server 2 and 3 will be accesible from the Internet using a somehow DMZ-like setup.

  • Pros:
    • Everything will be running under the same OS, which means easier updates, easier setups, etc.
    • Creating a new jail is a matter of minutes (no need to go through the installation process of a whole system)
    • We can create a jail that contains a full FreeBSD system on it, or we can create a jail for only a service (similar to a chroot-environment, but with it's own ip address and such). This could be a very interesting solution for servers 2 and 3.
    • Perform backups of each jail is pretty easy, as you can create a tarball containing the whole jail (from the main OS) and save it anywhere.
    • There is no need to have different device definitions between jails. As there is no hardware layer emulation, jails get access to devices directly (which is somehow faster than usual virtualization).
    • I've worked with jails in the past, so I'm quite familiar with the environment.
  • Cons:
    • If someday we need a different operating system for one virtual environment (like Linux, for example), we will have to add another machine.
    • The FreeBSD/Jails combo will not take advantage of the Xeon processors Virtualization optimizations (not sure, but I don't think it will)
    • Each jail share the main OS kernel, so you can't have different kernels betweek jails (which could be interpreted as a less-secure way of doing things)

More about Jails:

2- Linux

Using a Linux distribution and Xen we could set up a lot of different virtual servers on top of a strong Linux system, setting the ammount of resources for each virtualizated system, and we could get a full-featured multi-operating system infraestructure.

  • Pros
    • Xen uses whole virtual machines, with their own hardware access layer and their own devices, so they are completely separated from the dom0 (the host).
    • As a result of the previous point, we could have different Linux distributions running at the same time, as well as the same distribution with different kernels. There is even an option to run FreeBSD as guest in a Xen environment.
    • Seems like there is full support for NetBSD, so we could keep ourselves in the BSD land (as dom0 or guest) if really needed (I doubt it, as it would take the same effort to move things from FreeBSD to linux than from FreeBSD to NetBSD).
    • Xen will take advantage of the Xeon processors virtualization optimizations
    • Xen is in a more-active development process
  • Cons
    • I'm not familiar with Xen at all (never used it before).
    • Xen has a community version, but seems like the enterprise version (not free) is the choice for a setup like ours.
    • Each time we need to add a new system, we will have to go through the whole installation process of the Linux distribution of choice (installing the full-system).
    • Xen could be a little bit complex than jails, not only to set up, but to maintain the whole thing. It will add some overhead too (but I think the 6650 could take care of that).

More about Xen:

There are even some links where you can read some comparisons between both Xen and jails, and some other choices (vmware, solaris zones, etc):

Fine, now everything was explained and you have an idea about my decission-to-be-taken...

What's your oppinion?, Should I use FreeBSD/Jails?, should I use Linux/Xen?, Should I use NetBSD/Xen?, Did any of you, my daily readers, manage such an environment?, Could anybody point me to some more pros/cons of using one or another solution?

Any comment will be appreciated.

Posted by wu at 12:38 | Comments (1) | Trackbacks (0)
<< Rapid DNS Zone serial update | Main | ImportError: No module named i18n.normalizer.interfaces >>
Re: Poll: your oppinion about the best setup...


Te contesto en castellano que me expreso mejor.
Si a alguien le interesa mi respuesta te lo mando traducido ...

Casualmente tengo un entorno de cada (uno en casa y otro en el trabajo).
No puedo comparar en igualdad porque el equipo que tengo en casa es muy inferior al del trabajo, pero te cuento lo que pienso.

En el trabajo tenemos un dell, con quad core, 8GB de RAM ... Lleva CentOS/Xen (community) en el dom0 y 5 CentOS domU. Está muy bien para desarrollo y tienes cierta flexibilidad con los sistemas que necesitas y demás, pero yo no lo usaria para cosas "en producción" por una razón: rendimiento.
Por mi experiencia el rendimiento ni se asemeja a las máquinas físicas con "iguales características". No sé como estará el tema con las versiones Enterprise.
Es especialmente sangrante la degradación de rendimiento cuando se "abusa" combinaciones de LVM tanto en el dom0 como en el domU.

Comentas que ya conoces FreeBSD/Jails así que no te coy a contar nada que no sepas ya ...

En cuanto a configuración de Xen vs Jails creo que los jails on más fáciles de configurar, però Xen no es nada del otro mundo. Usando heramientas como VirSH es bastante sencillo.
El mantenimiento una vez montado el entorno es bastante similar. Yo siempre trato los jails y los domU como máquinas "reales", no hago demasiadas actuaciones en el host anfitrión. De hecho hasta los backups los hace bacula de cada máquina.

Por tanto, mi recomendación: Si tienes necesidad de usar un sistema diferente de FreeBSD (ahora mismo no se me ocurre nada de lo que comentas que no puedas desplegar en FreeBSD ...), opta por Linux/Xen. Si no, FreeBSD/Jails es lo que opino que será mejor.

Espero que te sirva.


Posted by: paco at febrero 28,2009 21:38
Re: Poll: your oppinion about the best setup...

Gracias por la respuesta paco. Ningún problema con las respuestas en español (ya ves que yo mezclo indiscriminadamente :D).

En cuanto a tus opiniones, mas o menos se acerca a lo que tengo en mente. Me preocupa el rendimiento y ya comentaba en el post que para solucionar esos problemas esta la version enterprise (Clayton, espero tus comments, que se que gestionas Xen enterprise... :D), pero ya nos metemos en:

1- Tener que pagar por esa solucion (cuando hay otras opciones por las que no tendriamos que pagar).

2.- Limitarnos a una distro de linux soportada por Xen enterprise (suse, centos/redhat, etc).

En principio yo casi votaría por la opcion de Jails, pero tengo que ver como encaja en el entorno de la oficina, donde los demas son más propensos a virtualizacion como tal (tengo compañeros que ya usan cosas como vmware o parallels bastante.)

Lo dicho, gracias por tu opinion, a ver si alguien mas se anima! :D

Posted by: Wu at marzo 01,2009 10:55
Please send trackback to:http://blog.e-shell.org/143/tbping
There are no trackbacks.
Post a comment