Changes between Version 1 and Version 2 of standard-server-split
- Timestamp:
- Jun 10, 2011, 3:27:08 PM (13 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
standard-server-split
v1 v2 1 = StandardServer Split =1 = MOSH Server Split = 2 2 3 3 == Overview == 4 4 5 Over the last several years, many May First/People Link members who are hosted on our shared, standardservers, have begun running web sites that require more resources than we are able to easily provide or that we are able to predict in advance. As a result, we have frequent periods in which any given standard server runs slowly or even crashes.5 Over the last several years, many May First/People Link members who are hosted on our shared, [wiki:mosh MOSH] servers, have begun running web sites that require more resources than we are able to easily provide or that we are able to predict in advance. As a result, we have frequent periods in which any given standard server runs slowly or even crashes. 6 6 7 7 There are three problems with our infrastructure that hamper our ability to address these situations: 8 8 9 * While a series of bash scripts has eased the deployment of new standard servers, the process is still cumbersome, taking several hours. 10 * Our standard servers provide both web and mail services, preventing us from optimizing servers for one or the other task 9 * Our MOSH servers provide both web and mail services, preventing us from optimizing servers for one or the other task 11 10 * The mail services require members to customize their desktop email clients based on the particular standard server they are using (e.g. chavez.mayfirst.org or viewsic.mayfirst.org). Therefore, moving mail services from one server to another to re-distribute load requires a level of member coordination that makes it infeasible in most cases 12 11 … … 15 14 The following steps are a proposal for addressing these problems: 16 15 17 * Complete the transition to Puppet to ease the work involved with deploying new standard servers18 16 * Abstract the use of all mail configuration so that all members use the same settings 19 17 * Move all mail services to dedicated mail servers, leaving current standard servers as dedicated web / mysql / shell servers 20 21 The middle task is the most complicated, so I will explain more here.22 18 23 19 There are three mail settings in use by MFPL that require a server's domain name: … … 31 27 * relay.mayfirst.org: Currently, we have authenticated mail relay on each of our standard servers. If we setup one or several servers that had a login for every MFPL user, we could easily transition to the use of a single domain name for all mail relaying. 32 28 33 * mx.mayfirst.org: We could setup one or several mx servers with minimal postfix customizations, that could accept ''all'' mail intended for MFPL and then route mail to the particular server that houses the account. By keeping a list of all valid email accounts on all mx servers, we would also be able to reject mail for unknown mailboxes and we even deal with viruses, etc. before email reaches the server housing the actual mailbox29 * incoming.mayfirst.org: Using [http://www.debianadmin.com/howto-install-nginx-webserver-in-debian.html nginx] or [http://www.debianhelp.co.uk/perdition.htm perdition], we could setup one or several IMAP/POP proxies that similarly redirect requests to the appropriate server based on a database / table lookup. 34 30 35 * incoming.mayfirst.org: Using [http://www.debianadmin.com/howto-install-nginx-webserver-in-debian.html nginx] or [http://www.debianhelp.co.uk/perdition.htm perdition], we could setup one or several IMAP/POP proxies that similarly redirect requests to the appropriate server based on a database / table lookup.31 * mx records should stay configured to the individual server. This way, our DNS records can provide a canonical way to identify the ''real'' mail server for any given domain. 36 32 37 33 == Implementation == … … 39 35 The transition would need to be implemented so that there is a long overlap period whereby the current approach to mail settings work as do the new approach. 40 36 41 All three changes would require changes to the Members Control panel, so that the creation of an email account triggers action not only on the user's primary server (to preserve backward compatibility), but also on the newly added servers.42 43 37 Implementing relay.mayfirst.org is the easiest of the three, since we can use the same software and configuration we are currently using - with the exception of implementing it on a dedicated server. Once in place and tested, we can begin using it immediately. It will, however, require users to change their own desktop email settings. 44 45 mx.mayfirst.org requires us to explore a new postfix configuration. However, again, not significantly complicated or new. Furthermore, once this change is in place, we can update DNS entries without relying on users to make the change.46 38 47 39 incoming.mayfirst.org requires us to explore new software, making it the most complex step. Furthermore, it will also require users to change their local settings. 48 40 49 Probably best to make all threechanges first, and then request that users update their settings. Through our mail logs we can accurately assess exactly who has made the changes and who hasn't.41 Probably best to make all changes first, and then request that users update their settings. Through our mail logs we can accurately assess exactly who has made the changes and who hasn't. 50 42 51 43 Only after everyone has made the changes can we really put this new setup to use by moving users around and splitting off our standard servers into web and mail servers.