> Jeffrey Hutzelman <[EMAIL PROTECTED]> wrote:
>
> > I agree. Given the choice, I'd probably prefer going with only two
> > database servers than having a production server of any type be
> > someone's desk machine as well.
>
> For AFS database servers (running ka pt vl and bu server processes)
> have 3 machines. This way, quorum can still be established if
> you loose a server.
>
> Having 2 db servers means the sync site will not be recovered
> in the event of a server outage.
Well, "not recovered" is a bit strong. If you have only two servers,
then you have quorum if and only if the one with the lower IP address
is up. (If both are up, of course you do. If only the lower one is
up, it gets 1.5 votes, which is enough to elect itself. If only the
higher one is up, it only gets 1 vote, which is not enough).
Because of this, having exactly two servers didn't used to buy you much -
if your sync site went down, you lost the whole world, so it was the
same as having only that machine as a server. Nowadays, though, the
important services (kaserver, ptserver, vlserver) can all distribute
data in a read-only fashion even when out of quorum. So, even if your
sync site goes down, your cell keeps running; you just can't change
anything.
Unless you need them to handle the load, having a third database server
doesn't buy you much - if a DBserver dies, you get to keep making changes
even before you restore it to service. Now, that may be important to
sites who don't believe in restoring dead DBservers to service promptly...
If you do need them to handle the load, chances are pretty good that
you have more than 2 fileservers, and therefore the issue of making
a database server someone's office machine shouldn't come up (unless
all of your servers are people's workstations; I know of a couple of
sites that are forced to operate that way for political reasons).
> And yes, in an ideal world, desk workstations are clients while
> servers (with only admin logins) are purely dedicated to AFS
> database and file serving from a secured machine room.
True. Of course, most of us don't have an ideal world, and are thus
forced to run other things on our fileservers. In our environment,
most of the various services we provide are distributed across various
fileserver machines. That includes nameservers, timeservers, machine
room temperature monitoring, some license servers, and so on. A few
of the services that generate the most load are on their own machines;
naturally, news, WWW, and FTP fall into that category; in our case,
it also includes printers and workstation backups, simply due to the
sheer number of printers to be spooled and clients to be backed up.
Actually, we've recently begun some experiments with consolidating the
more critical services onto a smaller set of machines. In our case,
that means moving name and time servers onto the group of machines that
contain the most important AFS volumes (mostly shared software and AFS
heirarchy volumes); that allows us to keep more services available in
the face of a serious problem (e.g. an A/C outage), and also allows us
to justify spending some of our limited resources on better networking
for those machines.
-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]>
Systems Programmer, CMU SCS Research Facility
Please send requests and problem reports to [EMAIL PROTECTED]
