|
On Fri, 14 Apr 2000, Jochen Tuchbreiter wrote:
> the things I worry about most:
>
> - if one machine gets cracked, the cracker is able to deface all sites we
> host since every realserver has access to the whole nfs-volume
>
> - if one user is able to write a cgi that takes down a whole box then he
> will be able to take down all boxes in the cluster one after another - this
> may reduce uptime as compared to a "many isolated boxes" solution
hadn't thought of it from that angle. LVS doesn't make things better or
worse in this case.
> > and you want to do this by nfs introducing the fileserver as a spof.
>
> Thatīs exactly what I want to avoid by having two NFS boxes which are in
> sync almost in realtime. The webslaves will check if the nfs-server does
> respond and will mount the "spare" server in case of a failure.
keeping 2 nfs servers in sync if updates are occuring frequently is a
problem. I haven't tried this, but Linux allows you to mirror disks.
This will handle the disk fail but not the failure of the server writing
to them.
> I wonder if File I/O will be a weak spot on such a system - this will
> certainly be a limiting factor for the cluster-size.
how fat is your internet connection? bigger than the bandwidth of reading
from your fileserver?
> I guess Iīll have to look for some other solution
> probably at the expense that both fileserver will not sync in realtime but
> every hour or so.
this makes life a lot easier for you
Joe
--
Joseph Mack mack@xxxxxxxxxxx
|
