I suggest always mounting
/tmp in some particular ways to defeat malicious attacks that may exploit these options:
/tmp as an in-memory tmpfs if RAM is available for it so nothing persists across re-boots. This paranoid logic can be extended to
/var/run, and even
/var/log with a teeny bit of hacking. Just adding the mount options in /etc/fstab and rebooting will work, but afterwards the former contents of those directories will still be on disk under the mount-points. To clear that up the system must be booted from alternate media (E.g. Parted Magic or recovery mode cdrom/flash boot) so you can delete these contents.
-o noexec,nosuidThese are the real problem: anyone can create a new executable/script, especially one with super-user privileges. On some systems a few packages or open source builds may give a warning about this. I’ve observed these to mostly cope correctly with that situation, though once or twice I have temporarily rebooted without “
noexec” to allow some complicated software installer to run.
While this may seem slightly more far-fetched than #2, and similarly may conflict with a small number of applications (just nudge them about it in their bug tracker or IRC or mailing list and developers usually correct this problem), still, don’t go making up whacky devices into my kernel here either! This should _not_ apply to
/var/run, since that is where applications truly should be creating their sockets and other device files.
To avoid the potential for an electrical shock hazard, you must include a third wire safety grounding conductor with the rack installation. If server power cords are plugged into AC outlets that are part of the rack, you must provide proper grounding for the rack itself. If server power cords are plugged into wall AC outlets, the safety grounding conductor in each power cord provides proper grounding only for the server. You must provide additional, proper grounding for the rack and other devices installed in it.
The ambient operating temperature of equipment, when installed in an equipment rack, must not go below 5 ̊C (50 ̊F) or rise above 35 ̊C (95 ̊F). Extreme fluctuations in temperature can cause a variety of problems.
The equipment rack must provide sufficient airflow to the front of the server to maintain proper cooling. It must also include ventilation sufficient to exhaust an average of 750 BTUs per hour for a fully loaded server (see mfg. specs.).
It is important to note that this is the maximum, and a minimum or typical system could be much less. You may want to calculate the BTU/hr more accurately for your configuration. An extra 500 BTUs per hour over many systems would translate into a large error when calculating air-conditioning capacity.
The specific HVAC needs are based on the total wattage consumed in the room by all equipment combined with the total cubic volume of air. Rows of racks should be paired with air-intaking sides (front) facing each other in cold aisle arrangements for correctly provisioned HVAC requirements (the opposite would require double the cubic volume throughput from the same HVAC equipment).
Oh yeah, and one more thing: your racks need to be physically bolted to the ground and all the equipment in them needs to be laterally secured so they do not just slide out any old time.
A long time ago on a hill far away in New Jersey two guys who were ‘supposed to be working’ invented a language to provide one common interface to programming the various different processor architectures offered by vendors at the time and the result was C, which they needed to build an OS to run a video game on an orphan computer they had sitting around. After the documentation group and several universities got hold of what they had done it was not long before it came to be said: “we don’t know what operating system people will run in the future, but we know it will be UNIX”. That sentiment applies to every modern OS under the hood, whatever name or vendor.
Just as C gave us a common language for multiple architectures, today Python does the same for all modern systems. Salt is that operating system being built on top of Python and takes a radically open and simple approach to all things equally well from trivially simple to enormously sophisticated tasks. It is the very opposite of vendor-specific platforms and language-specific automation.
I do not know what people will use in the future to automate and scale across multiple system platforms, but it will be Salt.
Repeatedly I hear from my industry colleagues about time and effort lost both adopting and avoiding other well-known solutions for simple and complex automation of all the effort needed just to get to where work can then be done, particularly in QA environments, echoing my own experiences. Good solutions do not themselves disturb existing practice nor require days or weeks of adoption & integration; they reduce complexity, level of effort, and staff hours spent. Salt fulfills this all weather simply for remote execution or in orchestrating large-scale deployments in record time. It is astonishingly simple and powerful.
I plan to bring these benefits anywhere they are needed; any time they will substantially reduce costs and delight engineers. Some things just should not take up your time.
Most of what I’ve seen about this topic focuses on high performance for large-scale production on magnetic disks. A filesystem journal on an SSD can be rationalized in those environments if you insist, but SSD’s are going to write to any part of the storage equally fast, and for all you know the ‘wear-leveling’ features may be scattering your journal all over the place. Save yourself the extra write and extra opportunity for something to go wrong: disable the journal and enable extents while you’re at it.
As root or with sudo:
# tune2fs -O ^has_journal /dev/YOURDISK
# tune2fs -O extents /dev/YOURDISK
Note that to do this on your root disk you will need to temporarily boot from another linux disk. I suggest using the awesome Parted Magic on a USB stick. Please tip the man while you’re there.
Extents are a different way of mapping where a file’s data exists and have been used for many years in SGI’s XFS and the popular and speedy NTFS on windows. Enabling extents can potentially increase performance even more.
There are lots of other tuning options you may see, but mostly these support having larger and larger files and directories beyond what any laptop is likely to experience (unless perhaps you are a Big Data developer), or support improved fsck time, which is very much tied to replaying the journal if you have one.
Technology products require especially toxic ingredients and processing, particularly screens and batteries, so it costs the earth something for you to have that gadget, and it also costs something for it to be discarded.
The point is: the longer you use the same device/computer, the better it is for the environment. Upgrading when a new device is made shortens the service life of the one you already have if it is still functional.
I’m not saying we should all use old stuff, but try to give it a good long service lifetime if you would, please.
“Four days will quickly steep themselves in nights. Four nights will quickly dream away the time” [and then the moon will be new.] –Shakespeare, ‘A Midsummer Night’s Dream’
The icon I use is a crop of the moon on a hot night camping with friends at Lake Merced (near Modesto) over an enchanting memorial day weekend, taken well after midnight. You can see the original on my oft neglected flickr page: Modesto moon
Algebra and Geometry are two giraffes –sister & brother, respectively (actually they’re a couple of toy giraffes, but they are really Very Tall Giraffes). Algebra is named after a donkey that once appeared on an episode of ‘The Little Rascals’. They are from Africa, of course, don’t ya know, and have also been to London and Paris (yep, really).
Now, Lenticular and Pentabular are their distant cousins in Africa and at first it seems like they don’t get along, but in the end they do.
Also, I figure the Loch Ness monster is actually just a giraffe going for a swim. ‘Dunno how it got there, but that’s not really part of the story.
several species of small furry animals gathered together in a cave grooving with the pict.