what nfs performance considerations are there for lamp environment
Hello lq enterprise:
Hurray, the circuit to my LAMP environment is now complete, and it turns on and works! I have Apache2 and php5 running on OpenBSD 4.1, and I have mysql running on a separate OpenBSD4.1 box, and I have ftp, afp, and nfs running on OS X 10.4 Server, dovecot runs on its own OpenBSD box, I run dns on my own admin machine running slackintosh linux, and all is hopefully protected by an OpenBSD transparent bridge tagging ethernet frames and filtering them with pf. All of these machines have powerpc g4 architecture.
I am looking for advice on achieving the best performance of the apache2 server, in regards to strategies for setting up network sharing.
Currently, I have created network shares on the os x file server, and I then mount the shares on the web server with "mount -t nfs /wwwzprivateip:/path/to/user1zshare /var/apache2/htdocs/user1zshare"
End result: apple users can use their "Connect-to-server" from their os x "Go" menu and drag files to their share, which get served by apache2... likewise, ftp users can ftp to a share that gets served by the apache2; I plan on later running the SMB service on OSX server to provide similar service to windows users...
The reason why I chose to create the shares on the file server, is that I can then mount them read only, because apache2 just has to read the html and php documents, and I thought this would be most secure (I know to make sure that none of the files are owned by the user apache 2 runs under).
However, I have also realized that I could just as easily, run a nfsd on the web server, and create shares on the web server that then get mounted on the file server, so that users on the file server connect to remote shares... in this case, I would have to mount the shares read-write, but apache2 should perform better since the files it serves are local.
I know NFS is not known for its security strengths, but I figured I could compensate with custom pf rules.
Being that I am a noob to LAMP over multiple hosts, I was hoping to hear advice and suggestions from you enterprising experts. Perhaps you can share your performance/security networking considerations.
Thanks in advance.
sry, this must have belonged in a noob forum
Well, reflecting upon my prior post, I guess it is a bit too broad of a topic, as there are so many rivers to the same ocean, and I am asking everyone to describe their own river...
But, because my setup spans multiple distributions, I didn't know which distro to post in... and if I had an actual enterprise setup, I would have the home folders and shared folders on a raid, with multiple web servers, load balancing appliances, backup appliances, multiple locations, etc... and well I don't... I've got six g4's, and half of them are xserves installed in a homemade rack,lol; but only one of them runs a proprietary operating system, os x server.
If anyone could suggest an opensource solution to offering Apple File Protocol to clients, then I would get rid of os x server as well: 'open source made easy'--yeah right; more like open source made expensive, and tweaking and tuning it to do what I need involved learning so much about the underlying darwin, and all the free tools that it's expensive gui has a cumbersome time setting up -- like bind -- that by the time I learned enough to set up bind, I felt like i don't need a thousand dollar gui--especially if I had to get one for all six machines... but duh.. everybody knows this, and that's why you've all been here in the first place :) But does anyone know a free replacement for serving AFP?
Right now, the closest thing I could come up with to a RAID, would be filling all four bays of the xserve running apache2 on openBSD, and reinstall with a raid setup--and one day I plan to. But meanwhile, I just want to create NFS shares for user data, and I am assuming it would be most efficient to create them on the xserve running apache2, and then get the xserve runnning osx10.4server to mount the nfs share on startup. Then, couldn't I modify the ldap database so that it stores its user and group data on the nfs share... maybe afp service will be slower, having to access the shared folder over my 10/100 (no gigabit here) ca5 network, but apache2 should have local access, and thus the greatest performance.
Anyhow, if anyone can see any flaws in this setup, barring the lack of redundancy and multiple appliances, but on the limited hardware I have described, if anyone has a better way--a smoother ride to the ocean--please share.
Also, if there is a more appropriate LQ forum, I would gladly take this up there.
There is no hurries or worries... some folks like sea kayaking; I like submersing myself in electrical fields in small rooms filled with computers and figuring out how they work, and now that I've discovered slackware, whenever my wife asks me what I've been up to, I just tell her I'm slacking off again. :)
|All times are GMT -5. The time now is 10:18 AM.|