Got my first invites today. Already invited Rocky and Kelly (boy). The next 4 people to post a comment with your email will get an invite. I’ll blur your email in the comment after I invite you.
Mike :: Jun.21.2004 :: General :: 2 Comments »
Problem: each server creates a few connections, apache currently doesn’t cache/share connections between processes. Ldap server only will run about 100 threads. Having all those connections creates problems with recreating connections. Apache processes won’t accept logins. You have to close your browser and start a new one to login to a secure page. You get a new apache process serving your secure request.
Solutions: Fix apache. Run multiple LDAP servers.
Each server could have it’s own LDAP slave that it connects to. But still the apache connections are the majority of the problem and would be all on one server. We only have so many servers to run a DNS round-robin LDAP slave farm on. And I can’t figure out how to have multiple slaves. Openldap’s slapd doesn’t seem like the most scalable or configurable server to me.
What if we ran tons of slapd servers on a single machine, each listening on a different port. They would each use a small amount of memory, since our LDAP database is so small. Make each server connect to a different port, and spread each specifically secured directory in apache to a different port. So answerline logins would connect to one port, styx to a different, staff to another, etc. The Staff.php class that connects from PHP to get staff names for answerline and SINC could have some code to distribute it’s connections also.
It would probably be better to run a development build of apache that actually can cache connections. The ldap code has been much improved in the 2.1.X branch.
Just noting the port idea here for future reference.
My roommate Andy was searching for our house on google, trying to find information on the rumors that it is haunted and found this. Apparently from 1920 to 1960 this place housed the pastors from a lutheran church in bellingham. It was sold for $7,000 in 1960.
Read a good overview on anycast. (powerpoint file). It’d be sweet to implement that. It may be possible if we have control of the firewalls, or it could be done on the router.
I’m trying to read up on what is involved with having a linux box be the firewall. After many google searches, it seems we want to be doing ‘packet filtering’. This allows you to use the routable IP’s that the dorms currently have. It looks like each firewall end will have it’s own IP, so we’ll have to probably use some of the .31.0 subnet for that.
Two things:
Skim this email but read down to the bottom. Found here
Got Ipreg2 about half rolled out today. The dhcpd.conf file on loki is now being generated from settings in a DB and from a php script. Tomorrow I will add registrations to that and have students in BW start registering. After that Pat and I have to change quite a few apps over to using some new shared classes that wrap around all this.
Ideas for Ipreg2 have been boiling in my head for about a year and a half. It’s nice to get some really good code and DB design out. The new design will make it very easy to change stuff around. New DNS server IP? Change a DB entry. New hall comes online? Add an row to a DB. One hall gets free leases instead of having to register? Change a DB line.
Oh, and there will be a simple web UI to change all that…
Oh, and DNS zone files for our entire network can now be generated at the touch of a button, straight from a DB.