+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Development Area (/forum-1.html)
+--- Forum: General discussion (/forum-11.html)
+--- Thread: Real HA cluster implementation (/thread-10439.html)
Pages: 1 2
Real HA cluster implementation - alexskynet - 04-18-2010 06:44 AM
Hi everyone
I've just discovered this project and it looks very promising.
I'm planning to deploy it in a real world cluster with two active/active nodes and a shared storage.
I've found very little documentation about some aspects of this setup, so I looked into the code just to understand some details.
I plan to use pam_mysql to store users in database and have them shared among the cluster nodes (no scripts and nothing else is required ro have users in sync)
It should be as simple as changing the calls to useradd and userdel and setup some pam configuration files to completely separate real Linux users from virtual ISPCP users.
Then I want to use dovecot, postfix (with quota) and pure-ftpd since I'm very confortable with using those pieces of software in conjuction with mysql (I've found some information about this on the ISPCP site).
I may share this project if anyone is interested, and I'd like to have any kind of suggestion about this setup if anyone has already any piece of information.
If the developing team likes to have a look the code I'm going to change/write, I'll more than happy to share it.
My running platform are Fedora 12 and the fothcoming Fedora 13
Best regards
Alessandro Bianchi
RE: Real HA cluster implementation - BeNe - 04-19-2010 03:58 PM
Quote:I may share this project if anyone is interested, and I'd like to have any kind of suggestion about this setup if anyone has already any piece of information.I´m interested in this Project of course! ispCP in Cluster enviroment is good solid idea.
Would be cool if you can share some Code and Docu, whatever.
Thanks & Greez
BeNe
RE: Real HA cluster implementation - alexskynet - 04-20-2010 05:15 AM
(04-19-2010 03:58 PM)BeNe Wrote:Quote:I may share this project if anyone is interested, and I'd like to have any kind of suggestion about this setup if anyone has already any piece of information.I´m interested in this Project of course! ispCP in Cluster enviroment is good solid idea.
Would be cool if you can share some Code and Docu, whatever.
Thanks & Greez
BeNe
Today I installed ISPCP on a test system.
The solution to centralize users is libnss-mysql that I've installed and I'm going to test tomorrow.
It allows to store all users data (home, uid, gid, shell, password) in a mysql database and to work transparentely with the local shadow file.
I only need to add a couple of tables in ISPCP database and change very few lines in the createuser/deleteuser routines.
The ISPCP directory itself and the mail/web diretctories will be stored on a NFS SAN (i'll simulate this by using a FREENAS installation) and the mysql databases will be stored on a dedicated MySQL server (taht can be duplicated in many ways)
It should work with relatively small amount of changes in the code.
I'll also introduce a variable in the configuration file to enable/disable the usage of the nss library, so that the code of ISPCP will work with no changes in single environments or cluster environments
Stay tuned ...
Alessandro Bianchi
RE: Real HA cluster implementation - Nuxwin - 04-20-2010 07:39 AM
Hello ;
Of course, I'm interested to by your feedback here. I'm working also on the HA implementation of ispCP with linux-vserver and heartbeat + ldirectord.
In the future, each ispcp services engine script will be correctly separated and will provides some hooks to allow the changes of the default behavior. Currently, the engine scripts don't allow to change easily the management of unix users.
Sure, you're welcome for any improvement and new idea.
RE: Real HA cluster implementation - xister - 04-20-2010 06:20 PM
But the future is far far away
RE: Real HA cluster implementation - Nuxwin - 04-20-2010 06:53 PM
(04-20-2010 06:20 PM)xister Wrote: But the future is far far away
You welcom to contribute
RE: Real HA cluster implementation - xister - 04-20-2010 07:36 PM
Sorry, if I could I would progam, but i´m only a tester
RE: Real HA cluster implementation - alexskynet - 05-01-2010 12:08 AM
Well
Today I modified the scripts used to set up and delete user accounts to have them inserted into a database's table.
Now users are created in ISPCP db and can be authenticated by any server (p.e. by SSH) in the cluster using nsslib like a "real" local user.
All the changes go into ispcp_common_code.pl and are very few lines of code.
I've added a new configuration value called USENSSMYSQL so if I set it to 1 it uses the NSS patch, and if I unset it or set it to 0 the original code form ISPCP is run.
Dovecot authenticates users on the database (and so does Postfix)
Now I'm planning to integrate pure-ftpd (seen the howto).
The actual implementation uses two cluster members and a NAS for shared storage, so the members may easily switch in Active/Passive status.
I plan to also work on a path to enable ISPCP to work with NATted load balanced servers.
If anyone is interested, I'm preparing a very simple howto to reach the actual status
RE: Real HA cluster implementation - pgentoo - 05-01-2010 02:44 PM
Can't openldap be configured via pam so standard "useradd" and similar commands add to ldap instead of /etc/{passwd,shadow,group}
I'm wondering if the same thing could be accomplished without actually changing ispcp... ?
I'm also setting up an HA environment for another project i'm wokring on, but once it's done i'll piggyback my hosting setup on it, so i'm very interested.
RE: Real HA cluster implementation - alexskynet - 05-02-2010 01:43 AM
(05-01-2010 02:44 PM)pgentoo Wrote: Can't openldap be configured via pam so standard "useradd" and similar commands add to ldap instead of /etc/{passwd,shadow,group}
I'm wondering if the same thing could be accomplished without actually changing ispcp... ?
I'm also setting up an HA environment for another project i'm wokring on, but once it's done i'll piggyback my hosting setup on it, so i'm very interested.
I suppose the answer is yes, and the same thing may be done using nsslib-mysql.
But this is not my desired behaviour.
I want to avoid that a useradd changes the configuration of the system.
REAL users, like root, support users and daemons, will work as usual, while ispcp users will not.
The only need for "real users" (nss, ldap or local) is required if you plan to give ssh as a service, but if you only plan to only use ftp, mail and httpd this ca be very easily done with virtual only users.
I have some setups worink in the real world where no "real users" exists:
dovecot, postfix, httpd and pure-ftpd are able to use mysql users with absolutely no connection with real users
Last but not least I think ISPCP should use one single backend, since this makes easier for users to fix any situation.
ISPCP uses MySQL so users will very likely know a little bit of it, I don't see the need for users learning to use/configure LDAP to use both LDAP and MySQL (one for users and one for ISPCP).
I'm not saying that LDAP is not good, but only that I, as user, would prefer a SINGLE backend where in emergency I can access and do any changes
NSS is part of any modern distribution and configure it is a matter of very few minutes.
Anyway I'd like to see the same thing done using LDAP.
I'm preparing a small step by step howto about using NSS, patching ISPCP and some using it.
I've also in mind a very simple hack to enable ISPCP to work with natted IPs.
Is something very simple as adding one column to the IPs table, adding a ISNATTED configuration variable and changing a single query to enable BIND/Apache to be configurd automagically in a transparent way