Contributed by dhartmei on from the success-stories dept.
First and foremost, I would just like to point out that this article is in no way supposed to be a plug for our organization; more than anything, it is to illustrate our use of OpenBSD and show some homage to this great OS.
Let me introduce myself, my name is Daniel Selans, and I have been actively using OpenBSD for the last 4-5 years in multiple environments, starting from enterprises to regular home server and desktop usage. My latest project - Metawire.org Open Hosting, is also run on OpenBSD and this is just an insight of my experience with it. I can only hope, that someone might find this interesting and maybe even inspiring, for I have proven to myself that I can practically achieve anything with this great OS.
So what is Metawire.org you ask? Metawire.org was started by me and my colleague Eric Harrison about a year ago. Basically it is a free multi-hosting solutions provider. It offers shell accounts, virtual hosting, email hosting, DNS hosting and so on, with virtually no restrictions set upon the users, unlike 99% of all other providers.
When we started the project, we had previous experience running a hosting provider, luckily also on OpenBSD (1999-2002 Brained.org). Since the previous experience, we had learned a lot regarding administration, security, reliability and most importantly in our case, scalability (one of the larger problems we ran into with Brained.org). Planning and preparing for the worst possible scenario is one of the most important things one can do before sailing into a new project. And that is exactly what we did.
One of the first steps that had to be taken with Metawire was, that we had to create a plan on how services were going to be distributed within the network, to even out the load. Although initially this wouldn't have presented a problem, but with quick growth, this can create unnecessary headaches for the admins, and even worse - downtime.
Three things come to mind : separation of services - httpd, databases, mailserver for lowering loads; backups - that's obvious and failover server(s) in case the main server decides to die for no apparent reason.
So one of the first steps that we took, was putting together 3 servers which would be running the main services, additional server for backups, which was also the main file server for keeping the users files (mounted via nfs on the main server) and the failover server. It is obvious for what reasons we needed to separate the main services, so I won't go into detail on that topic. Moving right along, we quickly cron'd a few scripts which would do daily user file backups, and weekly full disk image backups. From there, a few more perl scripts and we had the failover server up and running. The idea behind the failover server is simple - the failover server checks on a constant basis if the main server is alive, and if not, quickly grabs the latest image off the backup server, notifies admins via email and sms of the failure and sets itself up as the main server, waiting patiently until the main box is resurrected.
Obviously a word that goes hand in hand with scalability is automation. One thing that you might run into running a shell server, is quick recognition and user land growth. While this is a good thing, it's not always the same for the admin in question. Most of us have lives outside computing, and adding 300+ user sign ups by hand is definatelly not my idea of a good time. So one of our next goals was to create a user management system, which would literally automate user adding to a point of where we have to make 3 or 4 keystrokes. After a few weeks of patient coding, I came up with "mwums" - MetaWire User Management System (which is soon going to be released publicly under BSD license). The user management tool would automatically pick up on the signup file(s), intake all of the entries (name, email, shell, domain, reason, date, host, etc.) and based on our choice accept/reject/ban/dismiss the signup request. It would automatically login to the fileserver, create the necessary entries, set permissions, quotas, and everything else associated with the user.
Once these necessary steps were taken, we were up and ready to go. And this my friends, is the result. We've been running Metawire.org with very minimal downtime, no security problems for the last year and have had over 8500 signups, with ~3000 active users. It is an incredibly fun experience, and I would suggest anyone to try it for themselves.
One thing that I can most definatelly note is that with the use of OpenBSD, the experience was made by far simpler, and headache free. The common belief out there is that OpenBSD is best used for security gateways, firewalls, routers and etc. Well, I personally do not believe so. The capability of this OS is only admin deep. The more you know, the more you can achieve. I have personally ran OpenBSD in large enterprise environments as web servers, file servers, database servers, and frankly, it's resource management and speed is uncomparable to most other operating systems out there, multiply that with the security standards, and you've got an amazing OS.
Metawire.org is just another example of what this OS is capable off.
Thanks for listening guys,
- Daniel Selans
(Comments are closed)