Common Wisdom

From Nuclear Physics Group Documentation Pages
Revision as of 12:41, 2 June 2010 by Aduston (talk | contribs) (→‎Network)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

Common Wisdom

These are nuggets that all sysadmins must read so we don't keep making the same mistakes.

Network

  1. All server systems, whether physical or virtual, that have direct access to the backend network, should use the backend network as their primary network interface. I.e. in resolve.conf the line is "search farm.physics.unh.edu unh.edu", this way the name "einstein" resolves to "10.0.0.248" and traffic goes over the backend network. This is safer and faster. Configuration files should ALWAYS use "einstein" or "jalapeno" as the name, and never "einstein.unh.edu" or "einstein.farm.physics.unh.edu", so that if you need to change the primary network to the unh net (say you move the system to a location outside the computer room) then you only need to change one configuration, not many.
  2. The resolve.conf ALWAYS, should have more than one DNS server. Major trouble with roentgen was that jalapeno was down and roentgen had only one DNS server, jalapeno. This is a major weakness in have only virtual DNS servers. Everything is dead when the VMware system is not functioning, and you cannot get to the virtual hosts because you don't have DNS. A minimal DNS setup should be:
search farm.physics.unh.edu unh.edu
nameserver 10.0.0.253 # jalapeno
nameserver 132.177.128.99 # nic.unh.edu

It doesn't hurt to also include 132.177.102.2 # ns1.unh.edu

Updates

  1. We should avoid unnecessary kernel updates. These can cause more trouble than they help and we really don't need the latest kernel supporting the latest gadgets. The automatic update system needs to be configured to not update the kernel. However, we do need to keep an eye on kernel vulnerabilities, and if a critical patch is needed, we update the kernel and then immediately reboot. This ensures that we are around when any trouble arises. A kernel update needs to always be followed by the appropriate dependent update: NVidia, VMware.....