Technical Discussion Meeting -- 2014-04-16

  • Present: alisond, cc, gdutton, gordonr, iainr

network storage

cc -- asserting that RAT are unhappy with SANs, especially for KVMs; and that replacement SAN boxes seem to be awfully expensive -- asked if a network block-storage system might be a feasible way to provide network-accessible storage? In particular something like Ceph. Matthew Richardson of Engineering gave a good talk (click the down arrow on the Storage slide) which mentioned his use of Ceph RBD, hence the recommendation.

iainr/gdutton suggested this was not a bad idea in principle and would like to try it. It seemed to bring the advantages of the SAN as we have it, without any of the disadvantages (save perhaps complexity). gdutton would like guarantees of local availability for the KVM use case.

iainr and gdutton have already been looking at gluster, speculatively for the lab exam servers (of course with lab exam desktops themselves as clients). In gluster, the filesystem is a FUSE addon, but seems mature and stable and reliable and performant at the server-side gives. Replication guarantees were the initial driving factor for this. Additionally, gluster is good at extensibility: 'submit' (for some future definition of the word) could plug into it.

Ceph and GlusterFS appear to comparable from a brief web search - iainr suggests that GPFS and GridFS are sort-of candidates, also, but both have a huge disadvantage of requiring passwordless key-based root SSH betwen machines.

Client performance would not be an issue for labs, so FUSE is OK. But KVMs need client guarantees so an alternative interface - which both Gluster and Ceph have to offer - is more appropriate.

Lab Exams

alisond neatly segued the conversation onto lab exam configuration.

IS' internal proposals wouldn't survive contact with Informatics students, but this has already been established. Subsequent proposed configurations don't seem to be safe or maintainable, and don't seem to take into account how much of the main features of the system are provided generically by DICE, not specifically by "an exam system".

The problem seems to be "trivially" solved by buying a handful of PCs, and borrowing some hardware and space (G.07 is quite large...). But of course that doesn't mean it's going to be fundable. There are VAT issues of course but we must by now be at least 6 years into our 10 year tax purdah? Certainly more intelligent assignment of hardware would be required, but we do have lots of spares, and exams don't require tip-top machines. Perhaps we could lease machines for the exams? Perhaps we could borrow them temporarily from other schools? Or even from the IS labs...

FH will create additional pressure of course. But only the "real" exams need to be held simultaneously for all. Setup costs would then be limited to very few days per year.

Heartbleed - what have we missed?

Well, we're fully patched. Self-manged, surprisingly few vulnerable services, and none through the firewall. Many web services are low-volume and verifably untouched. Cosign is high-volume and we're unsure what analysis has been done, but necessarily limited impact of any potentially retrieved material.

Conclusions

  • cc was optimistic about network storage and lab exams
  • gdutton was optimistic about the future of the technical discussions, since the 'free form' approach seemed to work OK.

-- GrahamDutton - 16 Apr 2014

Topic revision: r2 - 16 Apr 2014 - 11:18:57 - ChrisCooke
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies