Re: suEXEC witch mod_userdir
On Fri, Mar 13, 2009 at 12:44 PM, Marc Aymerich <firstname.lastname@example.org> wrote:
> On Thu, Mar 12, 2009 at 9:11 PM, Thomas Goirand <email@example.com> wrote:
>> Marc Aymerich wrote:
>>> Hi Thomas!
>>> Thanks for your recommendation. We have considered using DTC control
>>> panel in our servers, but the structure of DTC is not compatible with
>>> our system. We have 3 virtualized servers, for web, mail and mysql,
>>> each of this servers mounts a different disk partition from a SAN
>>> server, and DTC stores web and mail in the user home directory, so we
>>> have no idea how to adapt this to our needs.
>> I see absolutely no reasons why you would separate in 3 servers if they
>> are all visualized. If you do that, that is because you don't have
>> enough resources on ONE server, there is no reason otherwise.
> Yes, the reason why we use multiple servers is that one machine
> doesn't support the load, and especially, doesn't have enough memory
> in the hours of maximum traffic or when backup is running (we are a
> NGO but we have more than 500 domains with up to 1.5TB of traffic per
>> Anyway, that would be quite trivial to do so. You'd just have to hack
>> the very bottom of the cron job to disable apache in the mail server,
>> and mail server in apache, (I don't even talk about DNS replications as
>> that part is so trivial ...). Then I guess you would mount /var/www from
>> your SAN. That is about it...
>>> Is there a way (without rewriting a big part of DTC) to adapt DTC to out system?
>> There's no rewrite needed here. Just tweak the cron system, and disable
>> the daemons that you don't want.
> Ok, sounds great :), we will start testing DTC immediately. My last
> question is if it exists some documentation that describe how to
> implement DTC with services spread over multiple servers (apart from
> because I've found the first little problem just on the first step,
> and I believe that we'llfind more and more little problems. In Mode
> of EXAMPLE: Dependency problems with apt-get install dtc on web
> web:/# apt-get install dtc
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> Note, selecting dtc-postfix-courier instead of dtc
> Some packages could not be installed. This may mean that you have
> requested an impossible situation or if you are using the unstable
> distribution that some required packages have not yet been created
> or been moved out of Incoming.
> The following information may help to resolve the situation:
> The following packages have unmet dependencies.
> dtc-postfix-courier: Depends: postfix (>= 2.0) but it is not going
> to be installed
> Depends: postfix-mysql but it is not going to
> be installed
> Depends: postfix-tls (>= 2.0) or
> postfix (>= 2.2.10) but it is not
> going to be installed
> E: Broken packages
>>> Anyway we continue interesting in solve the suexec problem.
>> Have a try with sbox, you wont regret it. Lincoln D. Stein did a VERY
>> good job, I just made things configurable at runtime rather than compile
>> time (using the very nice libdotconf). Unless many apache stuff, you can
>> change things in the config file of sbox without restarting your web
>> server (as it's only a cgi-bin itself). Here are some example of changes
>> you can do:
>> - do_chroot On/Off
>> - set_limits On/Off
>> - priority
>> - maximum CPU time in seconds
>> - maximum size of a single file that can be created (blocks)
>> - maximum amount of in-memory data
>> - maximum stack size
>> - maximum memory ("resident set") usage
>> - max number of processes script can spawn
>> - max number of open file descriptors
>> This is really ideal to run ugly Perl cgi-bin scripts.
>> By the way, I'd like to find a nice way to build a Perl environment in a
>> chroot (I don't need anything else but perl), and for that, I'm quite
>> stuck. Best would be a minimal environment that allows to use CPAN to
>> add some modules. I often end up copying a WAY too much things, and I'd
>> like to know if any of you know a good way to have something really
>> minimal, and setup in a nicely (clean) way.
> Sounds good, and more if we'll use DTC.
> Thank you very much for everything!!
Sorry, but I forgot something about DTC.
We have web pages, mailboxes and db in 3 different partitions on the
SAN server, and every virtual server (web,mail,db) mounts their own
partition. I see in the DTC online documentation that you suggest to
mount the same big area (web pages and mailbox) in all the servers
using the same mountpoint. For performance reason we can't use nfs
(and we would like not to use GFS: decrease of performance and
downtime for reformating partitions), Well, the question is: Can our
data separation represent some relevant problems for DTC?
I promise that is my last question :)