Re: [9front] Two file servers sharing an auth server

[Steve Simon <steve@quintile.net>]

having the web server boot diskless is very nice, if its content is small that is enough.

for a little extra performance you can copy the web content to a ramfs at boot.

if the content is big you could mount a local spinning/ssd at boot onto /usr/web and serve that, but having a diskless web and cpu servers makes things very clean and easy to maintain.



> On 3 Nov 2022, at 08:32, Nathan Zimmen-Myers <nathan@nzm.ca> wrote:
> 
> William's question is important, the reality is that I'm just
> separating out which systems have access to what on their primary
> fileservers. This is just personal infrastructure and trying to have
> multiple accounts might just be a mental holdover from unix. All that
> I'm doing now with web1 is serving my personal website, and fs1 will
> eventually be used as a backend fs for "compute" nodes - temporary
> cloud servers for running compilations and other cpu-heavy tasks.
> 
> As per Ori's response, I think I misunderstood a piece of the
> documentation and didn't tab the auth=ip on web1 or fs1, which
> explains some of the confusing error messages.
> 
> I think for now I'll just cache web files on web1's hard drive, with
> web1 booting off of fs1. I don't see any reason why that would be too
> slow, and while I'm still learning the system I want to cut down the
> amount of work I do to keep configuration changes the same across both
> systems.
> 
>> On Wed, Nov 2, 2022 at 7:56 PM <william@thinktankworkspaces.com> wrote:
>> 
>> On a bigger note. I was curious about the users. Its nice to have a single auth
>> as mentioned by ori. But what's the bigger goal. Do you plan to have a lot of users.
>> Do those users know basic unix commands to navigate around? What type of files
>> or media to you plan to serve?
>> 
>> 
>> Quoth ori@eigenstate.org:
>>> Quoth Nathan Zimmen-Myers <nathan@nzm.ca>:
>>>> As ori mentioned in IRC, keyfs is used to maintain the authentication
>>>> database which can be queried remotely (I believe? this might not be a
>>>> correct interpretation), is it correct to simply mount keyfs on web1
>>>> from fs1?
>>> 
>>> No; I thought you wanted to move or replicate the users between the
>>> auth servers.
>>> 
>>>> The other option which comes to mind, is to boot web1 from fs1, and
>>>> use web1's disk for documents to be connected to httpd, which may make
>>>> long-term maintenance easier. Would this be a more common
>>>> configuration?
>>> 
>>> Just give them the same auth server:
>>> 
>>> sys=foo ether=aabbccddeeff ip=1.2.3.4
>>>      auth=1.2.3.4
>>> 
>>> sys=bar ether=aabbccddeeff ip=2.4.6.8
>>>      auth=1.2.3.4
>>> 
>>> even better if you can share an fs, and
>>> therefore share the ndb, but you don't
>>> need to; just point at the auth server
>>> you want to use.
>>> 
>>> you don't even need to *own* that auth
>>> server, though you'll need the owner of
>>> the auth server to add a speaksfor line
>>> if your hostowner is different.
>>> 
>>> 
>>