Hi, Up until now my main production server has been a "bare metal" installation of CentOS 7.9 hosting a variety of stuff. * DNS server with BIND for eight domains * IMAP mail server with Postfix and Dovecot for these domains, with about two dozen mail accounts * Webmail with Roundcube for all the mail accounts * Various WordPress-based websites and blogs * Several instances of the management software Dolibarr * The learning platform GEPI for our local school * One instance of OwnCloud for half a dozen users The hardware has no problems to deal with all that performance-wise. But managing all this in one big bulk has become a bit of a problem, since the LAMP-based PHP applications (WordPress, Dolibarr, GEPI, OwnCloud) increasingly cultivate their idiosyncrasies, so this feels more and more like herding cats. My main goal in migrating all this stuff preogressively to a series of neat VMs hosted on a KVM hypervisor is clarity and ease of maintenance. Now I wonder what could be a smart subdivision of all these VMs. After a bit of brainstorming, here's what I can come up with. 1. It would make sense to regroup all the applications, e. g. one VM for all the Dolibarr hostings, and then a different VM for WordPress, and a third VM for OwnCloud. 2. It's tempting to have a lot of small VMs for clarity's sake. On the other hand, it's maybe better to have one single VM for all the mail stuff. 3. Should I put all the Roundcube instances in a separate VM? Or does that go with the Postfix/Dovecot mail VM? 4. DNS is a bit of a special case, a bit of a catch 22. I would be tempted to setup an extra (bare-metal) machine for just handling this. Since BIND provides the DNS information about the hypervisor and the backup server themselves this becomes a bit of a chicken-and-egg situation. 5. Even if it's tempting to multiply VMs, let's not forget that I have to keep an eye on hardware resources, not to forget I have to pay for every extra IPv4 address. I'd be curious to have your input, since I'm fairly new to this sort of approach. Cheers, Niki -- Microlinux - Solutions informatiques durables 7, place de l'?glise - 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : info at microlinux.fr T?l. : 04 66 63 10 32 Mob. : 06 51 80 12 12
> Hi, > > Up until now my main production server has been a "bare metal" > installation of > CentOS 7.9 hosting a variety of stuff. > > * DNS server with BIND for eight domains > > * IMAP mail server with Postfix and Dovecot for these domains, with about > two > dozen mail accounts > > * Webmail with Roundcube for all the mail accounts > > * Various WordPress-based websites and blogs > > * Several instances of the management software Dolibarr > > * The learning platform GEPI for our local school > > * One instance of OwnCloud for half a dozen users > > The hardware has no problems to deal with all that performance-wise. But > managing all this in one big bulk has become a bit of a problem, since the > LAMP-based PHP applications (WordPress, Dolibarr, GEPI, OwnCloud) > increasingly > cultivate their idiosyncrasies, so this feels more and more like herding > cats. > > My main goal in migrating all this stuff preogressively to a series of > neat VMs > hosted on a KVM hypervisor is clarity and ease of maintenance. > > Now I wonder what could be a smart subdivision of all these VMs. After a > bit of > brainstorming, here's what I can come up with. > > 1. It would make sense to regroup all the applications, e. g. one VM for > all > the Dolibarr hostings, and then a different VM for WordPress, and a third > VM > for OwnCloud. > > 2. It's tempting to have a lot of small VMs for clarity's sake. On the > other > hand, it's maybe better to have one single VM for all the mail stuff. > > 3. Should I put all the Roundcube instances in a separate VM? Or does that > go > with the Postfix/Dovecot mail VM?I'd suggest to have it on one VM. I guess Webmail and the other parts don't disturb each other and they really belong together, so why not put them into one instance.> > 4. DNS is a bit of a special case, a bit of a catch 22. I would be tempted > to > setup an extra (bare-metal) machine for just handling this. Since BIND > provides > the DNS information about the hypervisor and the backup server themselves > this > becomes a bit of a chicken-and-egg situation.If the backup server and the KVM host are two hardware servers, then why not put one DNS server on each of them? Primary on one and secondary on the other hardware so as long as one of these hosts are up, you have working DNS.> > 5. Even if it's tempting to multiply VMs, let's not forget that I have to > keep > an eye on hardware resources, not to forget I have to pay for every extra > IPv4 > address.Why not have some hosts with only internal addresses? I don't think all of the hosts will need public addresses, right? Regards, Simon> > I'd be curious to have your input, since I'm fairly new to this sort of > approach. > > Cheers, > > Niki > > -- > Microlinux - Solutions informatiques durables > 7, place de l'?glise - 30730 Montpezat > Site : https://www.microlinux.fr > Blog : https://blog.microlinux.fr > Mail : info at microlinux.fr > T?l. : 04 66 63 10 32 > Mob. : 06 51 80 12 12 > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >
On Sat, Apr 10, 2021 at 12:13 PM Nicolas Kovacs <info at microlinux.fr> wrote:> I'd be curious to have your input, since I'm fairly new to this sort of > approach. >This is the whole pets VS cattle choice. IMO each VM should have a singular use/purpose/app. VMs are effectively free. And also prevents unintended negative upgrade interactions. Think through this to the logical end as each process is it?s own environment/container/(docker) or each user execution is a unique instance (serverless).
On 4/10/21 6:13 PM, Nicolas Kovacs wrote:> I'd be curious to have your input, since I'm fairly new to this sort of approach.I would only separate things that for some reasons are "dirty", e.g. require non packaged installation. All the rest (like bind, postfix, dovecot) can happily live in the same machine. Splitting things too much will increase the maintenance effort, every stupid detail like new kernel installation, clock syncing, log rotation, security patching, etc. gets duplicated. Not to mention the need to now maintain a network connecting the pieces. Same considerations when using containers instead of VMs, you only gain some performance by not dragging entire kernels for each service. Start by isolating the service that is giving you most troubles. Then with a bit of experience, you can evaluate if proceeding along that road. Best regards. -- Roberto Ragusa mail at robertoragusa.it