9front - general discussion about 9front
 help / color / mirror / Atom feed
From: Steve Simon <steve@quintile.net>
To: 9front@9front.org
Subject: Re: [9front] Two file servers sharing an auth server
Date: Thu, 3 Nov 2022 09:28:44 +0000	[thread overview]
Message-ID: <F2298560-68E4-404D-BC81-50B9C5D916BA@quintile.net> (raw)
In-Reply-To: <CABaXbEZEpJpbE2WOmbBsOzXkOFGuFEeqiGUTwZtM-NiJKn1y3A@mail.gmail.com>

having the web server boot diskless is very nice, if its content is small that is enough.

for a little extra performance you can copy the web content to a ramfs at boot.

if the content is big you could mount a local spinning/ssd at boot onto /usr/web and serve that, but having a diskless web and cpu servers makes things very clean and easy to maintain.

> On 3 Nov 2022, at 08:32, Nathan Zimmen-Myers <nathan@nzm.ca> wrote:
> William's question is important, the reality is that I'm just
> separating out which systems have access to what on their primary
> fileservers. This is just personal infrastructure and trying to have
> multiple accounts might just be a mental holdover from unix. All that
> I'm doing now with web1 is serving my personal website, and fs1 will
> eventually be used as a backend fs for "compute" nodes - temporary
> cloud servers for running compilations and other cpu-heavy tasks.
> As per Ori's response, I think I misunderstood a piece of the
> documentation and didn't tab the auth=ip on web1 or fs1, which
> explains some of the confusing error messages.
> I think for now I'll just cache web files on web1's hard drive, with
> web1 booting off of fs1. I don't see any reason why that would be too
> slow, and while I'm still learning the system I want to cut down the
> amount of work I do to keep configuration changes the same across both
> systems.
>> On Wed, Nov 2, 2022 at 7:56 PM <william@thinktankworkspaces.com> wrote:
>> On a bigger note. I was curious about the users. Its nice to have a single auth
>> as mentioned by ori. But what's the bigger goal. Do you plan to have a lot of users.
>> Do those users know basic unix commands to navigate around? What type of files
>> or media to you plan to serve?
>> Quoth ori@eigenstate.org:
>>> Quoth Nathan Zimmen-Myers <nathan@nzm.ca>:
>>>> As ori mentioned in IRC, keyfs is used to maintain the authentication
>>>> database which can be queried remotely (I believe? this might not be a
>>>> correct interpretation), is it correct to simply mount keyfs on web1
>>>> from fs1?
>>> No; I thought you wanted to move or replicate the users between the
>>> auth servers.
>>>> The other option which comes to mind, is to boot web1 from fs1, and
>>>> use web1's disk for documents to be connected to httpd, which may make
>>>> long-term maintenance easier. Would this be a more common
>>>> configuration?
>>> Just give them the same auth server:
>>> sys=foo ether=aabbccddeeff ip=
>>>      auth=
>>> sys=bar ether=aabbccddeeff ip=
>>>      auth=
>>> even better if you can share an fs, and
>>> therefore share the ndb, but you don't
>>> need to; just point at the auth server
>>> you want to use.
>>> you don't even need to *own* that auth
>>> server, though you'll need the owner of
>>> the auth server to add a speaksfor line
>>> if your hostowner is different.

  reply	other threads:[~2022-11-03  9:30 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-02 19:18 Nathan Zimmen-Myers
2022-11-02 20:23 ` ori
2022-11-02 23:53   ` william
2022-11-03  0:43     ` Nathan Zimmen-Myers
2022-11-03  9:28       ` Steve Simon [this message]
2022-11-03 10:33         ` sirjofri
2022-11-03 20:57           ` Steve Simon
2022-11-04  0:00             ` william
2022-11-04  6:58             ` sirjofri
2022-11-04  7:09               ` william
2022-11-04  8:29                 ` sirjofri

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=F2298560-68E4-404D-BC81-50B9C5D916BA@quintile.net \
    --to=steve@quintile.net \
    --cc=9front@9front.org \


* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).