|
Grex > Coop > #284: Grex Town Hall -- How do we move forward? - Fall, 2010 |  |
|
| Author |
Message |
| 25 new of 334 responses total. |
kentn
|
|
response 218 of 334:
| 
Dec 4 01:42 UTC 2010 |
I looked at their web page and they say something about guest accounts
or similar, but if you want to give me a regular account I'll take a
look at how we've got it set up. At least, if we enter issues as
issues and staff members have a chance to look at them and comment
(like I've seen in most helpdesk software) maybe that will take care
of some of the back and forth.
|
kentn
|
|
response 219 of 334:
|
Dec 4 22:44 UTC 2010 |
Here's something that looks interesting, if we were thinking of doing
some sort of training or providing tutorials:
http://moodle.org/
It also has forum facilities in addition to other facilities for
education. It's free software, and there is commercial support
available.
Of course, we probably don't need anything quite so complex to provide
a tutorial. And things like slideshows can be produced other ways and
presented in other ways.
Just something to think about if we want to add some educational
materials to Grex, such as Unix skills or programming languages
instruction.
|
cross
|
|
response 220 of 334:
|
Dec 5 01:40 UTC 2010 |
resp:216 I've created accounts for you and Denise (the only two board
members who didn't have RT accounts). Pending the results of the current
election, I'll add anyone else as needed.
I've created queues for "grex-staff-tasks" and "cyberspace-board-tasks".
Board and Grex staff are members of the former; board along is members of the
latter.
|
kentn
|
|
response 221 of 334:
|
Dec 5 03:54 UTC 2010 |
Thank you, Dan!
|
kentn
|
|
response 222 of 334:
|
Dec 5 23:48 UTC 2010 |
Here's another idea. It's just getting started so no idea of how viable
it is in the longer term, but for those who like text-based applications:
http://www.flatpress.org/home/
(A text file-based blogging system that does not require a database)
|
veek
|
|
response 223 of 334:
|
Dec 6 02:19 UTC 2010 |
that's neat!
|
veek
|
|
response 224 of 334:
|
Dec 8 11:22 UTC 2010 |
we might also want to look into HTTP compression for apache.. browsers
can request compressed data if the server supports it. Apache does:
mod_deflate and mod_gzip.
|
kentn
|
|
response 225 of 334:
|
Dec 9 04:33 UTC 2010 |
Okay, so several of us were talking about getting users access to
MySQL and PostgreSQL, both of which are installed here on Grex. I had
mentioned that the Board discussed such access months back and the
comment I heard from staff members was that any such usage needed to
be part of the quota system, potenially necessitating a complex setup
to make sure the size of db files got counted under the right quotas.
One way to implement this sort of setup is to run multiple db servers,
each pointing to a db in a single user's home directory. It sounds
complicated and potentially resource intensive.
Dan asked who said that, and at this point I don't recall, only that a
couple staff appeared to agree that was the way to go. I never heard
anything more about it after that.
Personally, I think it would probably work just fine if we had one
central db and allowed users to have accounts on that and to create
tables there under their user ids. That would certainly make the setup
much easier.
As to the potential for abuse, I don't see it as any different from any
other application that uses disk space. It's something to manage. And
if we made it by request and for validated users, we'd in theory know
who was causing issues, if any occurred. And probably we'd have less
abuse type of issues in a requested service, as well. There are no
guarantees, but I'm fairly tired of seeing the potential threat of abuse
holding the rest of the users back from getting the apps they'd like.
So, why don't we try this and see how it goes?
I think it would be a wonderful situation to be in where we outgrow
our current computer due to more people using the system in more ways,
rather than watch the current system die of old age.
|
kentn
|
|
response 226 of 334:
|
Dec 9 18:05 UTC 2010 |
So, anyway, what do we plan to do about database access for users?
And how about CGI access?
|
veek
|
|
response 227 of 334:
|
Dec 9 18:18 UTC 2010 |
CGI can be given without too many complications. For MySQL, how about
we create a separate partition of 1GB and stick everything on that
(it's automatically quota limited to whatever the mysql-user has access
to which should be 1GB and mysql-homedir). We could create a bunch of
test mysql-accounts/databases for people to experiment with.. that way
we could:
1. allot something really quick if a newuser wants it.
2. we could start advertising it as a service.
so if a newuser arrives, he can start work straight away on a
pre-created account. By the time his script his ready, we'll prolly
have come to some decision on how to handle MySQL properly (in terms of
automated scripts to create db with a "proper" name, and some kind of
disk quota measuring mechanism and validation/whitelist)
|
veek
|
|
response 228 of 334:
|
Dec 9 18:21 UTC 2010 |
initially, i see the test mysql-accounts as being shared by a bunch of
users each working with his bunch of tables. eg: database name: test1,
table veek, table cross, table foo etc.. 1GB shared by everyone..
|
veek
|
|
response 229 of 334:
|
Dec 9 18:27 UTC 2010 |
more importantly, what Sindi pointed out, we need a duplicate rootFS
with suitable network-config! That's an absolute priority.. if the
server goes down, someone in 'provide' just resets the box and we boot
up via the 2nd FS so staff can login and fix FS1. Why didn't we go with
something like this earlier on.. any idea??
basically it's a normal bsd install on hda1 and dd if=/dev/hda1
of=/dev/hda2, and then suitable grub(or whatever bootloader entries)
entries for both hda1 and hda2..
|
nharmon
|
|
response 230 of 334:
|
Dec 9 20:12 UTC 2010 |
We could have a script that runs on some interval that checks the size
of users' databases, and if the size exceeds some quota, it revokes
INSERT and CREATE permissions until the size is back under quota.
|
nharmon
|
|
response 231 of 334:
|
Dec 9 21:15 UTC 2010 |
Or perhaps write a stored procedure do it instead.
|
kentn
|
|
response 232 of 334:
|
Dec 10 00:02 UTC 2010 |
Both of those ideas sound good to me, Nathan. It's just a matter
of someone writing some code.
|
cross
|
|
response 233 of 334:
|
Dec 10 03:11 UTC 2010 |
Seems this is a popular problem to solve:
http://www.cyberciti.biz/tips/linux-unix-setting-up-mysql-database-quotas.h
tml
|
nharmon
|
|
response 234 of 334:
|
Dec 10 04:47 UTC 2010 |
This response has been erased.
|
nharmon
|
|
response 235 of 334:
|
Dec 10 04:51 UTC 2010 |
#!/usr/local/bin/bash
#
# Assumes each user has 1 database, named the same as their username.
MYSQLUSER="root" # MySQL username
MYSQLPASS="changetherootpasswordyo" # MySQL password
MYSQLHOST="localhost" # MySQL hostname or IP
EXCLUDEDB="test mysql information_schema" # Databases to be excluded
DBQUOTA=1 # Database quota in MB
MYSQL="$(which mysql)"
DBS="$($MYSQL -u $MYSQLUSER -h $MYSQLHOST -p$MYSQLPASS -Bse 'show
databases')"
for DB in $DBS
do
if [ "$EXCLUDEDB" != "" ];
then
for i in $EXCLUDEDB
do
[ "$DB" == "$i" ] && ( continue 2; )
done
fi
DBSIZE=$($MYSQL -u $MYSQLUSER -h $MYSQLHOST -p$MYSQLPASS -Bse 'SELECT
sum(data_length+index_length)/1024/1024 FROM information_schema.TABLES
WHERE table_schema=\"$DB\" GROUP BY table_schema')
if [ $DBSIZE > $DBQUOTA ];
then
$MYSQL -u $MYSQLUSER -h $MYSQLHOST -p$MYSQLPASS -Be 'REVOKE
INSERT, CREATE ON $DB FROM \'$DB\'@'localhost'
fi
done
|
nharmon
|
|
response 236 of 334:
|
Dec 10 04:53 UTC 2010 |
The above will check the size of every database not specifically excluded,
and revoke the user's ability to insert rows, or create tables. It's
pretty rough, and I had some problems with the command substitutions
toward the end. But it might lead to something useful.
|
kentn
|
|
response 237 of 334:
|
Dec 10 04:58 UTC 2010 |
Does that process look like it could be automated safely along with
account setup in MySQL? I assume each user needs to have their own
account set up, so any tables they create would remain separate from
other users' tables. Since each user gets a link back to the main MySQL
db, the user should be able to add tables to their own acccount without
a problem and the quota system will control how much data they can save.
Is that your understanding?
Anyway, this is what was discussed in a prior Board meeting in terms of
keeping a quota for the DB files in addition to the regular data under a
user's home directory.
I assume postgreSQL could be set up in a similar fashion.
|
kentn
|
|
response 238 of 334:
|
Dec 10 04:59 UTC 2010 |
Nate slipped a couple responses in there (and thanks for that!). I
was referring to #233 in my response #237.
|
veek
|
|
response 239 of 334:
|
Dec 10 12:13 UTC 2010 |
resp:237 I don't think it would be such a great idea to symlink from
the sqlarea into the userHomeDir.. what if the userdeletes his dbDir
and creates another symlink? There's a whole can of worms we are
opening up.. i think.. the moment you have a system process writing to
a user area. I'm not saying it's a bad idea.. it's a nice solution
because it looks cleaner..
|
kentn
|
|
response 240 of 334:
|
Dec 10 13:48 UTC 2010 |
There will always be issues. What percent of users are likely to do
something like this?
If we aren't worried about getting the DB files under the quota system,
then we could go with the monitoring solution. But I have a feeling,
running reports, reviewing them, sending messages to people, etc. will
take up just as much time as the occasional person who deletes a symlink
and then wants a link somewhere else.
|
veek
|
|
response 241 of 334:
|
Dec 10 14:35 UTC 2010 |
This response has been erased.
|
nharmon
|
|
response 242 of 334:
|
Dec 10 14:54 UTC 2010 |
I don't think we should fool around with trying to put mysql files in
home directories and such. I think we should simply put /var/db/mysql
(or wherever you want to store the files) on it's own filesystem,
readable/writable only to the mysql process user, and allow people
access to it through the mysql-client and extensions.
Just tell everyone who gets a database knows that databases are for
experimental purposes and they may become unusable from time to time due
to disk constraints. That we ask they keep their databases under a
certain size, with voluntary compliance.
If voluntary compliance ends up not working, we can try something else.
|