[server-admins] Server Admin

Troy A. Griffitts scribe at crosswire.org
Sun Dec 8 13:34:13 MST 2019 

Hey guys, I am including both server-admins list and crosswire-private
here, as I am not sure how many active users we currently have on the
server-admins list.  Please consider joining if you are willing to help
and are not a member.  I really, really, really would appreciate
experienced admins to help administrate and secure our servers.  Please
consider help serve at CrossWire in this capacity-- please.

So, the new hardware is finally in place, after some extended downtime. 
I a pretty excited about it.

When migrating to the new hardware, I've done the same thing as last
time, I've imaged the existing harddrives and am running the old server
now in a VM.

The new server has RHEL8 and can be reached with hyper.crosswire.org.  I
intend for it to be strictly a hypervisor, only running VMs.  It has a
ton of resources.

We have 2 256GB NVMe chips configured in RAID-1 (mirroring) for our /
(root) OS partition.

We have 6 2.4GB drives in a RAID-5 (parity) configuration for the main
storage.

And we have 2 2.4GB drives remaining which I plan to use for backup. 
I've left them non-raid because if something fails miserably and I need
to remove these drives and access them from other hardward, I don't want
to have to reproduce the RAID configuration exactly to access the data--
which has always defeated me.

I've migrated off VirtualBox in favor of the default RedHat
Virtualization packages-- I think.  I am a little hazy on this.  I am
not sure I understand the difference between KVM-QEMU-virsh and ovirt. 
I turned on cockpit to manager the VM, in general, but then had to use
virsh to customize.  Bridging the network adapter a real challenge, as
well.  There is no real good, current documentation from RedHat or
anyone else, for that matter.  Looking at the RHEL8 bridging
documentation, you'll find it sucks :)  Greg, if you can report that to
someone, it might be helpful :)  Anyway, I'd probably like to turn
cockpit off, for security reasons, but systemctl stop cockpit didn't
turn it off, so not sure what to do about that.  We also have a Dell
iDRAC port hooked up on the hardware and I'd like to secure that a bit
more.  Any advice on securing the hardware / hypervisor configuration,
would be greatly appreciated.

The 2 VMs we have running now are the two old servers: the last one:
host.crosswire.org running RHEL7 and the previous one:
guest.crosswire.org running RHEL6  I realize these aren't names
appropriately anymore (host does not host the guest system anymore--
they are both hosted by the new hypervisor).

We are still targetting removal of all the services from and retirement
of the RHEL6 server.  I don't think there is much left running over
there except mailman.  Any advice migrating mailman would be great.

We have a ton of unallocated resources still.  We have 128 hyperthreaded
CPUs in the box and I am only allocating 32 and 16 to the two VMs.  We
also have 256GB of memory, and I've allocated 64GB and 16GB to the VMs.

We might act as a mirror to pull some external load from these NT and OT
manuscript projects we are building for the German universities.  We
already offsite backup their images on our server.  So, we might stand
up a few new VMs for these projects.

Anyway, I am not a server administrator!  I would love the advice from
professional server administrators.  Please consider taking ownership
for some of our services we run.  We have had people claim ownershop for
our Wiki, Jira, Jenkins, etc., in the past, and this has been such a
blessing to me.  If you feel called to claim ownership of a service,
speak up.

Also, if you see any issues, now that I believe all is migrated and back
online, please let me know.

Praise God for providing new resources and for all of you to service
with, together in community,

Troy

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.crosswire.org/pipermail/server-admins/attachments/20191208/cd49bd85/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ckdjmhnannjhjccb.png
Type: image/png
Size: 83606 bytes
Desc: not available
URL: <http://www.crosswire.org/pipermail/server-admins/attachments/20191208/cd49bd85/attachment-0001.png>

More information about the server-admins mailing list