Sometimes old, low-tech sysadmin tricks do excellent job. 🙂
A friend of mine asked for help. Time had came for his company to grow up, and it had opened several offices across Europe. However, their IT system wasn’t up to that.
Their specialized software currently ran on a local server in their office. Now, every office had a server – but they had to use together a central database. The software could share a database between several instances, but access to it was built directly in the executable and required a local path. The company behind it had offered to add a client-server database model, but the cost was prohibitive.
Luckily, all of it ran over Linux, which has a huge set of tools for everything. I decided on a very simple and dumb solution. Mounted the directory with the database as local on the office servers through sshfs. It uses ssh as a transport agent, so the protection of data through Internet is very good.
sshfs database_user@database-server.mycompany.com:/some/path/to/database /local/mount/path
To avoid the need for ssh login, I generated (as the user that mounts the directory) a key for every remote server:
su db_dir_mount_user
ssh-keygen -t rsa -b 4096
(It asks for some action from you, and finally generates the key in the .ssh subdirectory in the home directory of the user, as two files: id_rsa and id_rsa.pub.)
Then, I authorized these keys at the server with the database. I went to it, and there (as database_user) copied the id_rsa.pub file from the remote server to the server with the database, and added it to the file .ssh/authorized_keys:
su database_user
rsync -avz db_dir_mount_user@local-server-1.mycompany.com:/home/db_dir_mount_user/.ssh/id_rsa.pub .ssh/local-server-1.id_rsa.pub
cat local-server-1.id_rsa.pub >> authorized_keys
So far, so well. However, when I started sshfs, it refused to work with a message:
fuse: device not found, try 'modprobe fuse' first
Turned out, the local office servers with the software were actually LXC containers. The company had one physical (well, and one backup 🙂 ) server per office, with several LXC containers running different things on it. Both the software container and the mother OS had fuse (which is required by sshfs) installed, but that was not enough.
The problem turned out to be a fuse device missing from the /dev directory. Which was easy to solve:
mknod /dev/fuse c 10 229
After that, everything went without a glitch. The experiments showed that the query times are low enough for production usage.
Yes, if this company continues to grow, rewriting the database communication as a client-server model will be unavoidable. However, this trick gave them some time to grow up more and find the money needed. 🙂