From owner-freebsd-questions@freebsd.org  Wed Sep  7 16:28:41 2016
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 29977BCB699
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Wed,  7 Sep 2016 16:28:41 +0000 (UTC)
 (envelope-from matthew@FreeBSD.org)
Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk
 [81.2.117.100])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "smtp.infracaninophile.co.uk",
 Issuer "infracaninophile.co.uk" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id C82306BF
 for <freebsd-questions@freebsd.org>; Wed,  7 Sep 2016 16:28:40 +0000 (UTC)
 (envelope-from matthew@FreeBSD.org)
Received: from zero-gravitas.local (unknown [85.199.232.226])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 (Authenticated sender: m.seaman@infracaninophile.co.uk)
 by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id D75251578
 for <freebsd-questions@freebsd.org>; Wed,  7 Sep 2016 16:28:30 +0000 (UTC)
Authentication-Results: smtp.infracaninophile.co.uk;
 dmarc=none header.from=FreeBSD.org
Authentication-Results: smtp.infracaninophile.co.uk/D75251578; dkim=none;
 dkim-atps=neutral
Subject: Re: NFS or rsync for sharing files between FreeBSD servers?
To: freebsd-questions@freebsd.org
References: <CAPTAQBJD1qZ9kZSrXOOuKLHC6J_O3jBPiH4Yqav3qfQp8V7wtA@mail.gmail.com>
From: Matthew Seaman <matthew@FreeBSD.org>
Message-ID: <3aba0440-1e9a-b8cc-6517-4de28161dccf@FreeBSD.org>
Date: Wed, 7 Sep 2016 17:28:24 +0100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0)
 Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <CAPTAQBJD1qZ9kZSrXOOuKLHC6J_O3jBPiH4Yqav3qfQp8V7wtA@mail.gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature";
 boundary="E7nGmQneOalwT3VkeCgHsXob9Ix3mahuW"
X-Spam-Status: No, score=-0.4 required=5.0 tests=BAYES_00,RDNS_NONE,
 SPF_SOFTFAIL autolearn=no autolearn_force=no version=3.4.1
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on
 smtp.infracaninophile.co.uk
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Sep 2016 16:28:41 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--E7nGmQneOalwT3VkeCgHsXob9Ix3mahuW
Content-Type: multipart/mixed; boundary="A4Fv1gmo61SqXwGxvdXcSm6Gbib1gqAfp";
 protected-headers="v1"
From: Matthew Seaman <matthew@FreeBSD.org>
To: freebsd-questions@freebsd.org
Message-ID: <3aba0440-1e9a-b8cc-6517-4de28161dccf@FreeBSD.org>
Subject: Re: NFS or rsync for sharing files between FreeBSD servers?
References: <CAPTAQBJD1qZ9kZSrXOOuKLHC6J_O3jBPiH4Yqav3qfQp8V7wtA@mail.gmail.com>
In-Reply-To: <CAPTAQBJD1qZ9kZSrXOOuKLHC6J_O3jBPiH4Yqav3qfQp8V7wtA@mail.gmail.com>

--A4Fv1gmo61SqXwGxvdXcSm6Gbib1gqAfp
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 2016/09/07 17:09, Amitabh Kant wrote:
> We need to share a number of directories between 3 servers running 9.3 =
=2E
> Most of these directories contain php/html/js/images files which do not=

> change frequently.
>=20
> We need to keep the directories in sync on all three servers. Currently=
, we
> run a rsync command every time there is a change in one of the
> files/directories. Sometimes it does happen that we forget to run the r=
sync
> script making one of the servers return old versions.
>=20
> That is where we are planning to introduce a nfs_server on one of the
> servers, while the other two will be nfs_clients accessing the files
> through a shared directory. I understand that it would present a single=

> point of failure, but in terms of disk access speed, will it make a hug=
e
> difference further impacting the web servers running on the nfs_client
> servers ? The servers are connected to each other over gigabit lines, a=
nd
> the files are themselves not greater than 20-30 kb on an average, with =
some
> of  the larger image files somewhere around 4-5 MB.

Alternative 1)

Set up your web servers to proxy and cache the content from one machine
which is assumed to have the definitive copy.  That will work well with
plain html, js or images -- but you'll have to be a bit cunning about
getting the PHP files as raw content and then using them asa PHP
application.  You'll need to play with the cacheing parameters until you
achieve a good compromise between discovering updates in a timely
manner, not continually going back to the origin server and keeping
locally cached copies considered 'fresh' even if the origin server has
gone away.

Alternative 2)

Use ZFS to make regular snapshots and send any new content to the other
servers.  This is effectively like using rsync, but even more efficient,
as ZFS already knows exactly what changed, so you don't have to scan
bother sender and receiver to work out what changed.

Alternative 3)

Simply run your rsync job out of cron regularly.

Both options 2 and 3 assume you'll set up password-less SSH keys to
authenticate unattended connections.  This is reasonably safe if a) you
do it as non-root and ensure the userid you login to has just the
minimal permissions it needs to be able to fulfil its function and b)
you take advantage of the features in the authorized_keys file that
allow you to prescribe where a key can be used to login from, and maybe
even to use a forced command.

	Cheers,

	Matthew


--A4Fv1gmo61SqXwGxvdXcSm6Gbib1gqAfp--

--E7nGmQneOalwT3VkeCgHsXob9Ix3mahuW
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQJ8BAEBCgBmBQJX0EAuXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxOUYxNTRFQ0JGMTEyRTUwNTQ0RTNGMzAw
MDUxM0YxMEUwQTlFNEU3AAoJEABRPxDgqeTnBZgP/A9dJ/xRmqTPUrimerOVmlcr
rBpTlQvazeJIDxi2UY/Uoc5xzNAxwXim6ZtZpmjOf6GFSYfJUXOp28LDj7emwCBr
80DrpRln8axeb/Sw5cVtb80FxlBiIT9/749go3IZma9djReU4MC6OJUuXnU+qz8w
I8jArbSVxxNl1C7OicFVo5SZ3Tj5xLYNJ2ZmxLcg/q5c0kk4f5/5X7yWp8P6A/8V
GczVft/jn4QfpN7Lp6TF5eWY7kxaSb81CgdQsLMuf7dndGeeohkIA6oCjCFfLcqi
lA5AkqnqBWZo2zsJrHebxxpsppNIb2TIBrWWdT6+ypHm2ka84DkEdKEveNCwyx8V
akRiX6EpacLc3zTveBLtDceJkl928KcMvLqJWY6r2z0xOZaqRNbQ9Zq48lWUBnUm
CQzvZgb+ljcy8/wV/W7mqqAORCiZ6QnvAmu/riw0XAaaNHj90CJTR0XB/P4m/hWb
72ymVrg+PWenGRgbcEXF29ZaVEoTaI3Ibjc02e6uXatlGO5dsQUZQPtahET5rpJX
6XomjzTSTXZDwBfXi/lo1UwQeElGcKmsD55YIGHOfpH0dM+4AsS9OKlLSDWn7mNm
eI+kVi1r6cUWvw4II+n2oK13rFH/ppW7kjFKxoCasTYMvnI/i1h6/MKgxxBngZpB
cfCQePOJCbz0JS7WiLlo
=nEVo
-----END PGP SIGNATURE-----

--E7nGmQneOalwT3VkeCgHsXob9Ix3mahuW--