Server farm

Is a group of servers (internal, external, cloud etc.), possibly belonging to many different companies, under a single management.

Benefits of installing standalone Server Farmer

Even without (or before) setting a server farm, installing Server Farmer gives you many advantages over default OS configuration:

  • monitoring of public IP address changes (if you're behind NAT)
  • proper and working MTA configuration (the server is now able to send emails)
  • optional SMS notifications about urgent events
  • log monitoring (syslog logs are periodically analyzed and you are notified about unusual events)
  • log rotation in a proper way (including compression, date markers etc.)
  • server hostname is set in a more consistent way, properly recognizable by all system services, on all supported operating systems
  • PHP secure configuration
  • configuration of many system services are more consistent and secure on all supported operating systems
  • automatic daily/weekly, possibly encrypted backups (you only have to copy created archives to some external storage)
  • overall securing your system, eg. by cutting down unneeded system directory permissions, disabling unsecure sshd options etc.

Management server

Is a central server, which:

  • is able to connect via ssh to all other servers from the farm
  • holds ssh management (root) keys for all other servers
  • has sf-farm-manager, and possibly sf-farm-inspector extensions installed and configured
  • optionally has sf-backup-collector extension installed and configured to pull backups from other servers (this role can be as well delegated to other server or servers)

Server roles

Server role is just a functionality, or group of functionalities, that a given server is supposed to provide. Some roles are meant for all servers (eg. syslog), and some other only for specific servers. Roles are provided by Server Farmer extensions.

Farm manager

Farm manager role is the central role in server farm. It allows connecting to all other servers as root user via ssh and manage them. It is possible to have multiple servers with farm manager role inside a single farm (to achieve this, you have to replicate /root/.ssh and /etc/local directories between such servers on your own), however it's not recommended.

Farm manager extension contains several scripts that perform management actions on managed servers.

Farm inspector

Farm inspector is the part of farm manager role (and thus separate extension), which is responsible for collecting information about all other servers, and also network devices in the farm: their local user databases, free disk space, router configuration files etc. In typical configuration, this role is installed on the same server as farm manager.

Backup collector

All servers in a farm are responsible for creating daily and weekly backups, that are stored on their local drives. Backup collector is the central server, whose role is to pull these backups using scp and long-term store them.

Backup collector role can be fullfilled by management server, or by separate server. Also, there are many separate backup collector servers possible, where each of them handles backups only for some part of the farm.

All scp connections are done using dedicated ssh keys for backup user.

Management ssh key

Is a root ssh public key installed on all servers during Server Farmer setup. It allows futher ssh connections from management server.

Dedicated ssh key

Is an individual ssh key for given user at given server. By default, sf-farm-manager extension creates dedicated ssh keys for root and backup users during registering new server in the farm. All backups are transferred via scp using dedicated keys for backup user.

Registering a server in the farm

Is just executing add-managed-host servername.domain from management server as root. This:

  • makes a connection to the new server using management ssh key
  • adds new server to /root/.ssh/known_hosts
  • adds new server to one of /etc/local/.config/*.hosts files (depending on detected server type)
  • creates 2 dedicated ssh keys (for root and backup), stores key pairs in /etc/local/.ssh directory and uploads public keys to new server
  • possibly add new server to the backup collector (if installed on the same machine as management server)