Hi all, I am an SA in training and ive been reading a lot about the importance of separating out your workspace/server into separate partitions such as /, /data, /home, /ftp, /usr, /boot vs dividing it into just a /, /boot, /data. and it seems that doing it how Ive been reading about with more partitions is more secure but what about when one partition becomes full? isnt that more of a problem vs one big /data partition where that is not an issue? what would you guys say the best solution would be? also read that you want to have twice as much swap as RAM and that dividing swap into 2 partitions helps with performance. is this true?
thanks
On 07/16/2014 12:21 PM, dustin kempter wrote:
Hi all, I am an SA in training and ive been reading a lot about the importance of separating out your workspace/server into separate partitions such as /, /data, /home, /ftp, /usr, /boot vs dividing it into just a /, /boot, /data. and it seems that doing it how Ive been reading about with more partitions is more secure but what about when one partition becomes full? isnt that more of a problem vs one big /data partition where that is not an issue? what would you guys say the best solution would be? also read that you want to have twice as much swap as RAM and that dividing swap into 2 partitions helps with performance. is this true?
thanks
Dustin,
Take a look at the archives...this exact topic was beat to death not that long ago.
Historically, separating partitions was the way to go as it took less time to fsck a smaller partition than a larger partition and to recover a smaller partition than a larger partition. That's how I do it and have always done it, but that doesn't necessarily make it right nowadays. It's a bit more time consuming setting it up that way and I'm not sure if there are benefits to doing that so much anymore (especially with the changes made in the last couple of years in regards to the /usr consolidation and the fact that computers and disk drives are so much faster these days). You do/can run into problems where disk space runs out on the partition but alot of that can be mitigated if you are using LVM partitions (something else that I don't use as it seems like added administrative overhead). If you partition your servers into / and /boot and a swap space and just add a /data directory under / then the disk space issues should not be relevant. As far as swap space, it depends on how much ram you have. If you have a server with 64Gb of ram are you really going to have a swap partition with 128Gb? I doubt it. Since swap space is used when ram is completely used up (and maybe for core file creation?) you probably will need some amount of swap (again, depending on what your server is being used for) but I don't think the rule of thumb anymore is twice the amount of ram. As to multiple swap partitions, there's a brief writeup about that at http://linux.about.com/od/ptn_howto/a/hwtptn10t02.htm that you might find interesting.
Kevin
On 07/16/2014 07:21 PM, dustin kempter wrote:
Hi all, I am an SA in training and ive been reading a lot about the importance of separating out your workspace/server into separate partitions such as /, /data, /home, /ftp, /usr, /boot vs dividing it into just a /, /boot, /data. and it seems that doing it how Ive been reading about with more partitions is more secure but what about when one partition becomes full? isnt that more of a problem vs one big /data partition where that is not an issue? what would you guys say the best solution would be? also read that you want to have twice as much swap as RAM and that dividing swap into 2 partitions helps with performance. is this true?
thanks
First you should read about the FHS: http://www.pathname.com/fhs/ You don't have to know everything, but so you get some general idea what you want to separate for which purpose
For space problems you can use LVM: https://wiki.archlinux.org/index.php/Lvm I think BTRFS has its own solution but that's just for the record and you should really understand LVM and the basics about partitioning before.
Try with some virtual machines and different distros ( so you really know what to do and not only with the help of some specific installer) some settings so you get a feeling for it.
When you know the basics and security is important then I would suggest: http://wiki.gentoo.org/wiki/File_System_Security Even though it's a bit different for Fedora.
If you don't need swap then don't use it. If you need any and/or how much depends on your needs. And I don't see how 2 partitions would help (except there's some kind of RAID).
If you have no idea how much you would need then you could search for some requirements if it is a specific program that needs much. Since I don't know what the load will be and how much ram he has there's no way to make a general statement. I always use a virtual machine on which I test new things and create there a bigger swap file if needed.
At least that's how I think about it.
On 07/16/2014 09:57 PM, poma wrote:
On 16.07.2014 19:54, Mike Wilson wrote: ...
If you don't need swap then don't use it.
How evaluate that can we?
poma
On 16.07.2014 22:20, Mike Wilson wrote:
If you have no idea how much you would need then you could search for some requirements if it is a specific program that needs much. Since I don't know what the load will be and how much ram he has there's no way to make a general statement. I always use a virtual machine on which I test new things and create there a bigger swap file if needed.
At least that's how I think about it.
For some simple cases may not be necessary, however at least you don't want leave folks without S4 functionality. And with the time I somehow got the impression, the swap-piness question isn't quite simple as it might seem. However.
poma
On 07/17/2014 12:57 AM, poma wrote:
On 16.07.2014 22:20, Mike Wilson wrote:
If you have no idea how much you would need then you could search for some requirements if it is a specific program that needs much. Since I don't know what the load will be and how much ram he has there's no way to make a general statement. I always use a virtual machine on which I test new things and create there a bigger swap file if needed.
At least that's how I think about it.
For some simple cases may not be necessary, however at least you don't want leave folks without S4 functionality.
Yeah, hibernation is for me one of the reasons why a normal workstation user would need swap. But there are many people who just shut down and don't need/want more... It really depends on the user's needs. However hibernation is something I should have mentioned.
And with the time I somehow got the impression, the swap-piness question isn't quite simple as it might seem. However.
poma
You made me curious. What's your advice/procedure to determine the size of swap?
On 17.07.2014 11:05, Mike Wilson wrote:
On 07/17/2014 12:57 AM, poma wrote:
On 16.07.2014 22:20, Mike Wilson wrote:
If you have no idea how much you would need then you could search for some requirements if it is a specific program that needs much. Since I don't know what the load will be and how much ram he has there's no way to make a general statement. I always use a virtual machine on which I test new things and create there a bigger swap file if needed.
At least that's how I think about it.
For some simple cases may not be necessary, however at least you don't want leave folks without S4 functionality.
Yeah, hibernation is for me one of the reasons why a normal workstation user would need swap. But there are many people who just shut down and don't need/want more... It really depends on the user's needs. However hibernation is something I should have mentioned.
And with the time I somehow got the impression, the swap-piness question isn't quite simple as it might seem. However.
poma
You made me curious. What's your advice/procedure to determine the size of swap?
The anaconda will automatically determine it for you, do not worry. ;)
poma
On 16 July 2014 18:54, Mike Wilson mike.zagoti.wilson@gmail.com wrote:
On 07/16/2014 07:21 PM, dustin kempter wrote:
Hi all, I am an SA in training and ive been reading a lot about the importance of separating out your workspace/server into separate partitions such as /, /data, /home, /ftp, /usr, /boot vs dividing it into just a /, /boot, /data. and it seems that doing it how Ive been reading about with more partitions is more secure but what about when one partition becomes full? isnt that more of a problem vs one big /data partition where that is not an issue? what would you guys say the best solution would be? also read that you want to have twice as much swap as RAM and that dividing swap into 2 partitions helps with performance. is this true?
thanks
First you should read about the FHS: http://www.pathname.com/fhs/ You don't have to know everything, but so you get some general idea what you want to separate for which purpose
For space problems you can use LVM: https://wiki.archlinux.org/index.php/Lvm I think BTRFS has its own solution but that's just for the record and you should really understand LVM and the basics about partitioning before.
Try with some virtual machines and different distros ( so you really know what to do and not only with the help of some specific installer) some settings so you get a feeling for it.
When you know the basics and security is important then I would suggest: http://wiki.gentoo.org/wiki/File_System_Security Even though it's a bit different for Fedora.
If you don't need swap then don't use it. If you need any and/or how much depends on your needs. And I don't see how 2 partitions would help (except there's some kind of RAID).
Since the OP mentions they are in sysadmin training it is worth pointing out there is life beyond FHS, which just tells you where to put things within the root filesystem itself. One reason for having /home mounted separately for example is that it may be on a network location, or sometimes even divided by user groups (this is a footnote in the FHS). In some environments you may want separate filesystems available for reasons of backup, project management or archival. Often this is done in conjunction with something like network attached storage, which might provide its own tools for management of filesystem space. Virtual machines are another approach, though they may themselves connect to a NAS for example. The FHS doesn't mention things 'scratch' space, which is quite common in research environments (and often a headache as data sits there long term...), one approach would be to put in under /media or /mnt as a catch all, but it's not uncommon to see sites create their own hierarchies under /var for it instead. (Exercise, why does it not go under /srv?)
On Jul 16, 2014, at 11:21 AM, dustin kempter dustink@consistentstate.com wrote:
Hi all, I am an SA in training and ive been reading a lot about the importance of separating out your workspace/server into separate partitions such as /, /data, /home, /ftp, /usr, /boot vs dividing it into just a /, /boot, /data. and it seems that doing it how Ive been reading about with more partitions is more secure but what about when one partition becomes full?
I'm not sure how it's made more secure. Features of the technology backing a particular mount point is what would do that. For example raid1 /home, or raid5/6 for /var for a server. Or a gluster volume at /var or /home.
Partitions are kindof annoying actually, for the exact reason of what happens when the partition gets full. LVM makes this easier to manage because you can resize an LV and then the filesystem. Even better is LVM thin provisioning, where you make each volume an "ideal" size for its practical lifetime, it only consumes from the VG what is actually being used. Filesystem resize is avoided, which causes certain inefficiencies anyway and just adds to the non-deterministic nature of filesystems (Btrfs is sortof an exception).
isnt that more of a problem vs one big /data partition where that is not an issue?
Sure so use one big partition and maybe quotas to contain things, or LVM, or gluster or ceph volumes. /boot on a plain partition makes sense, and for workstations/laptops it's useful to have /home separate just because it makes OS reinstalls easier than blowing away a whole system and restoring /home from a backup.
what would you guys say the best solution would be? also read that you want to have twice as much swap as RAM and that dividing swap into 2 partitions helps with performance. is this true?
Best solution depends on the problem you want to avoid or solve. The installer's python-blivet code has swap recommendations. It's something like 2x up to a certain amount of memory, then it's 1x, and above maybe 64GB it's 1/2. You really don't want to be under swap pressure with any regularity, to the point if this is a server you might be better off with swap on an SSD. If you're using XFS, you can estimate memory requirements for fs repair using:
xfs_repair -n -vv -m 1 <dev>
If you give xfs_repair the minimum it could be hours for a repair, not good for a server. So again, if you can't afford the right amount of RAM to support the filesystem size, then in a bind you can use an SSD for swap and while it won't be "fast" it won't be dog slow (hours or days).
http://xfs.org/index.php/XFS_FAQ#Q:_Which_factors_influence_the_memory_usage...
Chris Murphy
-
Chris Murphy -
Dustin Kempter -
Ian Malone -
kevin martin -
Mike Wilson -
poma