[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Re: RAQ & rsync
- Subject: [cobalt-security] Re: RAQ & rsync
- From: Bruce Timberlake <bruce@xxxxxxxxxx>
- Date: Thu, 13 Feb 2003 13:21:04 -0800
- Organization: BRTNet.org
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> We were thinking more about the mirror/backup system thread being
> posted earlier. It occurred to me, wouldn't it be possible to use
> rsync to mirror an entire Cobalt system to another one?
Absolutely. As long as it's a "similar" system (rsync to mirror a RaQ
4 to a RaQ 550, for example, wouldn't work. But RaQ 4 -> RaQ 4 would
be fine.)
> I know the Cobalt store a good deal of its configuration
> information in Postgres
The database is just to create and operate the UI with -- the system
itself doesn't actually depend on it.
> but with rsync the database files would get mirrored to the target
> system too.
Correct.
> We are thinking of this not so much to support a 'hot mirror', but
> as a way to have warm spares on hand that we could quickly (or
> automatically) bring on line if the primary system failed.
Good idea. There's some stuff you'd want to leave out, or copy to a
different destination location -- like the hostname info and/or IP
address configuration in /etc/sysconfig/network-scripts/ifcfg-eth0*,
etc. Just put a script in place that can quickly make the backed-up
info "live" on the mirror if needed, I suppose.
Also don't know if you'd want to bother with all the logfiles, etc.
Alternative - if you "hardwired" the 2nd ethernet ports to be the
"backup" IP address (the one you connect to while the server is in
'standby'), you could get around worrying about all the config info
you're copying, as that is set up for the primary ethernet port.
Then, if you need to bring the 'standby' server up as 'primary', just
plug the ethernet cable into eth0 and tweak your router/etc to send
traffic to the 'new' server. By keeping everything on the 2nd
ethernet ports, you avoid extra influence on the usage stats, or
traffic in general on the same connection the public is using (easier
if all boxes are in the same datacenter and you can wire up a 2nd
network for them to use).
FYI, I've got a rough outline of rsync mirroring procedures at
http://www.cobaltfaqs.com/wiki/index.php/Content%20replication%20with%20rsync%20(SSH)
(assumes using SSH as a transport mechanism). There's also a non-SSH
version (although I personally wouldn't use it except for mirroring
one server to another on a private network that's not exposed, etc).
Feel free to look at it, add to it, etc (the beauty of a wiki-based
system!)
- --
Bruce Timberlake
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+TAxAvLA2hUZ9kgwRAp8iAJ9x4jC0/j5e69/Cspr9/T2yzmNHEgCeKfbX
Mos/mCv+tif6AuLuabwZB5Q=
=YJxE
-----END PGP SIGNATURE-----