Re: Search machine is ready - Mailing list pgsql-www
| From | Magnus Hagander |
|---|---|
| Subject | Re: Search machine is ready |
| Date | |
| Msg-id | 6BCB9D8A16AC4241919521715F4D8BCEA0F79D@algol.sollentuna.se Whole thread Raw |
| In response to | Search machine is ready ("Joshua D. Drake" <jd@commandprompt.com>) |
| Responses |
Re: Search machine is ready
|
| List | pgsql-www |
> >> Your requirements as listed above distinctly note a lack of a need > >> for root access. Thus I really don't know what your concern is > >> outside of a feeling that you need "control". > > > > Yes, we do. The community should control things, not > individual companies. > > Are you saying that Command Prompt is not a part of the > community? Or myself for that matter? I don't think that's what he's saying at all. The point I beleive is that your "support staff" is probabliy not reading -www and the other community lists regularly, and therefor not up to date on every part of how things are run. And specificall, I would assume he's referring to the "web community" - as in the ppl working activeliy with the web sites and serviers - which is a lot smaller still. (But hey, we'd welcome additions there) > > None of the other entities providing the project with hosting have > > gone out of their way to deny us the ability to control the > services > > we provide, > > I am not going out of my way. I am not sure why you have such > a problem with this. > > 1. This is the way that Command Prompt, Inc. does hosting for > all people that it hosts. Nobody gets root access. Really? For "server hosting" as well, or do you just do "web hosting"? > 2. You still haven't provided a single reason why you "need" > root access. AFAIK, you need root to restart apache, just as an example. (So it can bind to port 80). Say after a recompile because you needed to tweak a module. Sure, you can set up sudo for each individual command, but that means you have to know everything ahead of time. > > as the people who ultimately have to make sure these things > work we do > > not feel that having to rely on (for example) a level 1 > support tech > > in the middle of the night who has no idea what our server > does or how > > it works is in any way a good thing. > > What level 1 support tech would this be? I don't have any > level 1 support techs. Remember, we are not a hosting company. Whatever people you'd page in the middle of the night if things go down :-) Or is that you all the time? > > This is a dedicated server for the PostgreSQL project, that you > > offered to us knowing full well we were expecting full root > access to. > > Well no. I didn't expect that you would need root access > because I have 50 dedicated machines at the facility none of > which need root access. > > I am not trying to be difficult here but all I see is, "Well > we like to do things as root and since this is only a > community machine you should let us." That's not really so. Maybe there weren't enough details in the original mail. We do beleive there is a *reason* for it. See above for one example. > I on the other hand am trying to bring a certain level of > stability and quality to the infrastructure. That requires a > level of discipline which means we use things like sudo, acls > and group rights. We don't use root. I do beleive we'd be fine without root as long as we could do all the things required - it's not root in the absolute that's needed. This does include recompiling and restarting "line of business" apps like apache. (But not necessariliy things like changing system libs or kernel - I'm fine with some on-site tech dealing with that) > You will need to configure apache... I will make sure you can > do so via included confs. See above - config not enough, recompile/replace needed. For flexibility. (Needed is always a relative matter of course, but it would certainly make things a hell of a lot easier) > You will need to be able to stop/start postgresql. You will > be able to do so via sudo. > > You will need to be able stop/start apache... You will be > able to do so via sudo. > > You will need to be able to add users... I can give you sudo > rights to do that (although that scares me a bit). Well as said above, we can set everything up with sudo. But that cuts down flexibility quite a bit, since every time you need to do something "outside the box", you're stuck. But in general, if you're scared of the people maintaining the other community servers, then perhaps there is a bigger problem... > You want to be able to upgrade software? That should be done > via scheduled times with a plan in place in case there is an > issue and if part of the core OS (postgresql/httpd) should be > done via apt-get if at all possible. For core-os, absolutely. For LOB, we've learned from the stuff we have on the other machines that building them from source is more or less required. Using the pre-packaged ones isn't flexible enough when it comes to which modules are loaded and not. And assuming you test things properly (say on a different port) before you do it, you can do most upgrades with sub-second downtime, so they can be done without scheduling a particular service window. Some things take longer, and need to be scheduled. //Magnus