From Nuclear Physics Group Documentation PagesJump to navigationJump to search
These are nuggets that all sysadmins must read so we don't keep making the same mistakes.
- All server systems, whether physical or virtual, that have direct access to the backend network, should use the backend network as their primary network interface. I.e. in resolve.conf the line is "search farm.physics.unh.edu unh.edu", this way the name "einstein" resolves to "10.0.0.248" and traffic goes over the backend network. This is safer and faster. Configuration files should ALWAYS use "einstein" or "jalapeno" as the name, and never "einstein.unh.edu" or "einstein.farm.physics.unh.edu", so that if you need to change the primary network to the unh net (say you move the system to a location outside the computer room) then you only need to change one configuration, not many.
- The resolve.conf ALWAYS, should have more than one DNS server. Major trouble with roentgen was that jalapeno was down and roentgen had only one DNS server, jalapeno. This is a major weakness in have only virtual DNS servers. Everything is dead when the VMware system is not functioning, and you cannot get to the virtual hosts because you don't have DNS. A minimal DNS setup should be:
search farm.physics.unh.edu unh.edu nameserver 10.0.0.253 # jalapeno nameserver 10.0.0.248 # einstein nameserver 188.8.131.52 # nic.unh.edu
It doesn't hurt to also include 184.108.40.206 # ns1.unh.edu
- We should avoid unnecessary kernel updates. These can cause more trouble than they help and we really don't need the latest kernel supporting the latest gadgets. The automatic update system needs to be configured to not update the kernel. However, we do need to keep an eye on kernel vulnerabilities, and if a critical patch is needed, we update the kernel and then immediately reboot. This ensures that we are around when any trouble arises. A kernel update needs to always be followed by the appropriate dependent update: NVidia, VMware.....