VM donation- change control/graph data backup
Hi folks, One of the things that was discussed in the meeting yesterday as change control and config backups. Perhaps along those same lines, we should think about also backing up the graph data somewhere. I’m not sure where any of this data physically lives right now, but perhaps it would make sense to put somewhere *other* than the 511 bldg. I’d like to offer up a VM donation located in Madison, WI to at least run RANCID to grab config backups of the IX switches, as well as a backup target for any data (graphs, route-server config, etc). Effort involved should be minimal, but we’d happily take point on getting RANCID set up and configured as well, and sending diffs to the technical committee, as well as whomever else might see value in seeing config changes happen (perhaps a list?) Let me know, and we’ll make it happen. -- Andrew Hoyos hoyosa@gmail.com
Currently the cacti graph data is all physically stored in Minnetonka in the US Internet data center, where the server lives. We have a dedicated VM instance currently for the MICE cacti server. This server (rrd files, mysql data, etc) is backed up to our own internal server backup system. Adding additional MICE services to this VM are definitely acceptable: rancid, syslog, etc. if so requested by MICE. This is perhaps getting deeper into implementation design than is appropriate at this point in the discussion but I suggest syslog data be sent and stored locally to the exchange to minimize the potential for data loss in the event of a network issue. Adding a secondary external syslog server might make sense too, such as to the Hoyos referenced VM offer, to the USI cacti server, etc. It could even be stored on a dedicated machine within the MICE network and then copied off site as well: syslog can do this in real time, other files/data could be rsynced or similar on the same backup job, a traditional backup application could be used, etc. ________________________________________ From: MICE Discuss [MICE-DISCUSS@LISTS.IPHOUSE.NET] on behalf of Andrew Hoyos [hoyosa@GMAIL.COM] Sent: Tuesday, November 17, 2015 9:38 AM To: MICE-DISCUSS@LISTS.IPHOUSE.NET Subject: [MICE-DISCUSS] VM donation- change control/graph data backup Hi folks, One of the things that was discussed in the meeting yesterday as change control and config backups. Perhaps along those same lines, we should think about also backing up the graph data somewhere. I’m not sure where any of this data physically lives right now, but perhaps it would make sense to put somewhere *other* than the 511 bldg. I’d like to offer up a VM donation located in Madison, WI to at least run RANCID to grab config backups of the IX switches, as well as a backup target for any data (graphs, route-server config, etc). Effort involved should be minimal, but we’d happily take point on getting RANCID set up and configured as well, and sending diffs to the technical committee, as well as whomever else might see value in seeing config changes happen (perhaps a list?) Let me know, and we’ll make it happen. -- Andrew Hoyos hoyosa@gmail.com
On Tue, Nov 17, 2015 at 09:38:16AM -0600, Andrew Hoyos wrote:
I’d like to offer up a VM donation located in Madison, WI to at least run RANCID to grab config backups of the IX switches, as well as a backup target for any data (graphs, route-server config, etc).
Sure. Although I do have some backups of the main switch/bird configs located here in my location (not at 511, but still Minneapolis). I have considered adding the configs I touch to my RANCID, but didn't find enough value I suppose. I already had a tech list setup (MICE-TECH), but then I started thinking about who should have access to what, and what should be an archive (public? Semi-public?) of tech discussions, vs. something that may have a little sensitive value (ie. config snippets with SNMP communities, CoPP firewall rules, etc.). vs. most of it (ie. BGP setup & questions/problems). So I didn't really move forward too much in having people use it. I had thought of doing RANCID into the MICE-TECH list, but again, archives and access to them came up in my mind as problematic things. What are others' thoughts? -- Doug McIntyre <merlyn@iphouse.net> ~.~ ipHouse ~.~ Network Engineer/Provisioning/Jack of all Trades
On Nov 17, 2015, at 11:20 AM, Doug McIntyre <merlyn@iphouse.net> wrote:
On Tue, Nov 17, 2015 at 09:38:16AM -0600, Andrew Hoyos wrote:
I’d like to offer up a VM donation located in Madison, WI to at least run RANCID to grab config backups of the IX switches, as well as a backup target for any data (graphs, route-server config, etc).
Sure. Although I do have some backups of the main switch/bird configs located here in my location (not at 511, but still Minneapolis). I have considered adding the configs I touch to my RANCID, but didn't find enough value I suppose.
I think one of the things that was touched on in the meeting yesterday was change control. RANCID diffs running on a 15/30 minute basis could be a cheap verification. Probably even from multiple places wouldn’t hurt.
I already had a tech list setup (MICE-TECH), but then I started thinking about who should have access to what, and what should be an archive (public? Semi-public?) of tech discussions, vs. something that may have a little sensitive value (ie. config snippets with SNMP communities, CoPP firewall rules, etc.). vs. most of it (ie. BGP setup & questions/problems).
I’d support this, and would happily participate in these discussions. Maybe just a members only list, added only by someone in some official capacity? Private archives would solve some issue there, and RANCID will by default, redact passwords/community strings.
I agree with the MICE-TECH list just to protect some of the configuration discussion. Perhaps we could say that any member can request the history at any time? I also think we would have to be sure to post planned changes, or at least notifications, to the discuss list as we do now. s *Shaun Carlson*Senior Manager of Information Technology | Arvig ph: (218) 346-8673 | em: shaun.carlson@arvig.com On Tue, Nov 17, 2015 at 12:13 PM, Andrew Hoyos <hoyosa@gmail.com> wrote:
On Nov 17, 2015, at 11:20 AM, Doug McIntyre <merlyn@iphouse.net> wrote:
On Tue, Nov 17, 2015 at 09:38:16AM -0600, Andrew Hoyos wrote:
I’d like to offer up a VM donation located in Madison, WI to at least run RANCID to grab config backups of the IX switches, as well as a backup target for any data (graphs, route-server config, etc).
Sure. Although I do have some backups of the main switch/bird configs located here in my location (not at 511, but still Minneapolis). I have considered adding the configs I touch to my RANCID, but didn't find enough value I suppose.
I think one of the things that was touched on in the meeting yesterday was change control. RANCID diffs running on a 15/30 minute basis could be a cheap verification. Probably even from multiple places wouldn’t hurt.
I already had a tech list setup (MICE-TECH), but then I started thinking about who should have access to what, and what should be an archive (public? Semi-public?) of tech discussions, vs. something that may have a little sensitive value (ie. config snippets with SNMP communities, CoPP firewall rules, etc.). vs. most of it (ie. BGP setup & questions/problems).
I’d support this, and would happily participate in these discussions. Maybe just a members only list, added only by someone in some official capacity? Private archives would solve some issue there, and RANCID will by default, redact passwords/community strings.
On Tue, Nov 17, 2015 at 12:13:20PM -0600, Andrew Hoyos wrote:
On Nov 17, 2015, at 11:20 AM, Doug McIntyre <merlyn@iphouse.net> wrote:
On Tue, Nov 17, 2015 at 09:38:16AM -0600, Andrew Hoyos wrote:
I’d like to offer up a VM donation located in Madison, WI to at least run RANCID to grab config backups of the IX switches, as well as a backup target for any data (graphs, route-server config, etc).
I guess nobody else spoke up, but I'd say sure, redundancy is always good most likely. -- Doug McIntyre <merlyn@iphouse.net> ~.~ ipHouse ~.~ Network Engineer/Provisioning/Jack of all Trades
participants (4)
-
Andrew Hoyos -
Doug McIntyre -
Justin Krejci -
Shaun Carlson