$Cambridge: hermes/doc/cyrus_mailstore/canvas,v 1.1 2004/04/20 13:58:51 dpc22 Exp $

Overview of Canvas
==================

Disk Array (6x36 GByte RAID 5)
==========

Proposed disk Layout:
  /         2 GBytes
  swap      3 GBytes
  /var      2 GBytes
  /data   160 GBytes

All filesystems ext3.  /data dumped (rsynced?) to Otanes at regular
intervals. May want LVM for snapshots.

Packages
========

<Fill this in later. Basically minimal install plus tftp/NFS server and
 compilers>

Definite Functions
==================

CVS repository
  /data/ucvs

Master SuSE install server for the entire cluster.
  tftp server chroot to: /data/tftproot
  NFS server for postinstall scripts.
    /export/autoyast [/data/export/autoyast]
      switch_dir/
         9.0/
      cyrus_dir/
         9.0/
      hermes_dir/
         9.0/
      patches/
         9.0/

    /export/shared
      Available as /misc/shared via automount from any system in the
      cluster might be useful for sysadmins.

  _Possible_ DHCP server
  _Possible_ NFS server for SuSE installations and patches

Build server
  hermes-[12] should be absolutely minimal servers so that we can
  lash things down as tightly as possible. This does mean that we need
  somewhere else to build and install software.

User admin jobs:
  Create delete accounts on other servers.
  Download information from Jackdaw which gets converted into other dbases. 

  Shouldn't have to run as root given appropriate SSH keys to Cyrus,
  hermes-N servers.

Probable functions
==================

User database: NIS or LDAP master (*** Or do this on hermes-[12]?)
  Pushes updates to Hermes-1 and Hermes-2
  Hermes-1 and Hermes-2 should use local copy to avoid dependancy

  Password changes: two different interfaces:
    Prayer accountd => passwd program or wrapper

    Interactive users:
     EITHER allow incoming rlogin connections (don't need home directories)
         OR remote password changing program which interfaces with accountd.

Web of trust
============

All systems in the cluster (hermes-N/ppsw-N/cyrus-N) need to trust Canvas.
  root@canvas will be to install software on all other systems in the
  cluster using rdist or rsync. Ability to run "canvas# ssh <system>
  /etc/init.d/openssh restart" makes our life much easier.

Canvas should not share host key with any other system.

Canvas should have _minimal_ trust for any other system.