[vox] Stuff you really need to run a GNU/Linux network

[Michael Wenk]

On Mon, Sep 13, 2010 at 9:12 PM, Brian Lavender <brian at brie.com> wrote:

>
> That is along the lines that I am thinking. For any suited networking
> environment with more than one machine, it seems that you need a good
> way to replicate users and authenticate them. I noticed with Fedora 13
> that you can point it to an LDAP and KDC and you are good to go.
>
> And, why have DNS on the local network when LDAP is perfectly suited?
>

Because this is what DNS was designed for.  I've yet to work in a place that
was completely homogeneous, usually, you have at least a few non UNIX/Linux
machines, and DNS is a standard.  I ran DNS locally on my home network for
this very reason.  Just about anything that can network TCP/IP will talk it.
 And I'm not talking solely about PCs/workstations here.  You have other non
PC equipment in your network.


>
> The really strange thing I have noticed is when you go to organizations
> and they name their systems, devmx01, smtpmark01. That is really
> annoying when you can use a directory server to store these attributes.
>
>
I disagree.  I can with just a simple hostname command determine exactly
what the node does.  Its names like "fiddle" or "d0r3k9s2" that make no
sense.  And having to query LDAP is IMO annoying as hell.


> I think to really catapult GNU/Linux, we have to be able to easily
> deploy these services. Otherwise, we'll just remain hobbyists or single
> server hackers (with backups).
>

 I'm kinda confused, I thought a good portion of web servers out there run
on LAMP..  If you want a specific example, I believe Google uses a linux
variant as their main OS.  I would hardly call them a single server hacker,
tho their "manage by install" setup is one on steroids, or at least that's
what I have been given to believe by reading.


> And speaking of backups, what better way can you think besides having
> an offsite backup of rsyncing your data to another hot fail server?!!!
>

That's great in some setups, until you lose the hot fail server.  Sure you
get redundancy, but there's nothing like the safety of a non volatile
backup.  Of course this is highly dependent on what data we're talking
about.  In many cases, rsync'ing to another server, or hell, just
tar/encrypt/uuencoding and gmailing the data is also fine.  But sometimes
you want the safety of tape/optical/etc.

One other thing, just having backups is not enough.  You need to test said
backups, and test them regularly.  I have known occasions, when the backup
equipment has failed, and failed in a way that the only way we knew it
failed is when we started the restore and looked at random bits coming off
the media.

My advice is there is not one backup strategy that works.  Know the data
you're backing up, how important it is, and tailor your backup strategy
based on that.  And then test.  If you don't test, you don't know that it
works.

One other thing about tools..  I have known a ton of different tools in my
career, and over time, all have changed.  Tool X may be king now, but it's
likely to be worthless in time.  However, the concepts, they always work.
 So know those, and be able to adapt to any tool, then you will always be
able to do your job as a system admin.

Mike

-- 
Michael Wenk
mjwenk at ucdavis.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.lugod.org/pipermail/vox/attachments/20100914/9e047f44/attachment.htm