Re: Moving /usr stopped wireless network!
From: Peter T. Breuer (ptb_at_oboe.it.uc3m.es)
Date: Mon, 6 Oct 2003 23:49:33 +0200
Ed Murphy <email@example.com> wrote:
> On Mon, 06 Oct 2003 19:15:41 +0200, Peter T. Breuer wrote:
> > For example, I do not want the growth of log files to stop my mail
> > server. Therefore /var/log and /var/spool are now on different
> > partitions. Were this not so, somebody could stop my mail server by
> > pinging my machine continuously, thus registering an entry in the logs
> > from icmplog.
> Pay attention, Paul, because this is where Peter's viewpoint becomes
> absolutely right. A full partition seems like a loss *until* you
> encounter a situation where it prevented a more important partition
> from *also* becoming full.
Well, that's not the only rationale, as you know. But thanks.
> Mind you, you should also look into configuring a size-based logrotate
> if you're dealing with a mission-critical server situation like this.
Logrotate only runs once a day. And it needs extra space in the log
partition in order to compress the logs, so it can actually contribute
to such a problem, snookering itself. There is no effective defense
against unexpected log growth except sending them all off disk.
Somebody should build some more intelligence into syslogd.
Mind you, sending them off disk doesn't always work either, because
they can stuff the secondary node, taking it down or stopping its
mailer, which then starts to emit messages asking for help, or other
machines start to ask for help in talking to it, and the mail messages
bounce to your MX ... owwwww. If that goes off air, the secondaries
will take the mails, and their secondaries, and then you are doomed
to days of receiving mails at thousands per hour as the queues empty
around the universe.
Even an intermittent ethernet problem can trigger thousands of mails
from arpwatch, complaining. If you have two hundred machines on your
class C, each of them yelling, the result is catastrophic. They can
saturate the net and take out your MX, generating more error messages
and mail bounces ...
> I only have three partitions myself, because that's how it was
> pre-installed; but it doesn't get nearly enough usage to matter. I'm
> barely over 20% disk usage. My music collection is about 2% of the
> size of the disk. Four weeks worth of logs are less than 0.1%. I
My incoming MX is a P100! With immensely expensive scsi disks of about
8GB each :-). As you can imagine, it is immensely reliable. It has no
fan on board - not even a heat sink! It has daemons that monitor other
daemons ... the whole thing will reboot itself via a softwatchdog if
it gets into impossible trouble. Yes, it has been going since P100s
were state of the art.
It probably has about 30 partitions. I'm not sure ... a lot of them are
softraided together in different combos, for different reasons, to
guarantee recovery if one disk dies. It used to support about 100 users
as well, but nowadays it's just handling mail and dns and NIS and DHCP.
Yes - that means it has tftpboot partitions.
> also receive e-mail through my ISP and pull it down with fetchmail,
> lest I risk losing e-mail during downtimes (rare but possible).
Your ISP will probably helpfully delete your mail if you don't do it
Let me not mention those horrible dictionary spam attacks. I am not
allowed to dump the mail directly - instead I have to devote one
machine to collecting mail for people who dont exist.