Databases and servers

On 2019-08-20 10:33:17 +0000, Karl Martin Skoldebrand wrote:

I just discovered that a client has done this:

They have two web applications A1 and A2. They have seperate hostnames/URLs.
Both have a production and a test database A1p and A1t/ A2p and A2t.

What they've done is have both A1p and A2p on the same actual databaser server
and A1t and A2t on the same server.

So, I'm thinking - if a bug in application A1 crashes the application and
database badly it will risk bringing down both services A1 and A2. The same
risk would be evident on a successful security breach.

I would prefer to A1p and A2p on seperate servers, maybe keeping A1t and A2t on
the same. (This is what seems to be happening when the database servers are
being repladed).

On rereading this I notice that I'm not sure what that means. If you
propose replacing the two servers with three (two production, one test)
or even four (two production and two test), I agree.

If you want to keep two servers, but rearrange them so that one server
has both the production and the test database for each app on the same
server, see below.

What is the general thought on the current setup?

Without knowing the details I think I would side with your client here:
It seems to me that the risk of accidentally clobbering a production
database which is in the same host as the test database is higher than
the risk of two different production databases interfering with each
other. Also, if you have the test and production database on the same
host, there are some procedures which you can't safely test (e.g. an OS
upgrade).

I would think about putting each database in virtual machine or at least
a container, though.

hp

--
_ | Peter J. Holzer | we build much bigger, better disasters now
|_|_) | | because we have much more sophisticated
| | | hjp@hjp.at | management tools.
__/ | http://www.hjp.at/ | -- Ross Anderson <https://www.edge.org/&gt;

On Tue, Aug 20, 2019 at 6:33 AM Karl Martin Skoldebrand <
KS0C77263@techmahindra.com> wrote:

Hi,

I just discovered that a client has done this:

They have two web applications A1 and A2. They have seperate
hostnames/URLs. Both have a production and a test database A1p and A1t/ A2p
and A2t.

What they've done is have both A1p and A2p on the same actual databaser
server and A1t and A2t on the same server.

Are these two PostgreSQL instances running on the same hardware, or two

databases within a single PostgreSQL instance?

So, I'm thinking - if a bug in application A1 crashes the application and
database badly it will risk bringing down both services A1 and A2.

Is this a common occurrence? Of all the occurrences of downtime in recent
memory (or better yet, from incidence documentation), what were the causes
of them? Is this near the top of the list?

Also, are the two apps completely independent, or are they used together
such that one being down makes the other one not very useful?

The same risk would be evident on a successful security breach.

On the other hand, more servers means more moving parts, means more
opportunities for mistakes in configuration or maintenance that let
breaches happen.

I would prefer to A1p and A2p on seperate servers, maybe keeping A1t and
A2t on the same. (This is what seems to be happening when the database
servers are being repladed).

I don't know what that last part means.

What is the general thought on the current setup?

In my experience, people acting on mere conjectures about what might cause
downtime in the future and how to prevent it have caused more downtime than
they have prevented.

Cheers,

Jeff

On Tue, Aug 20, 2019 at 6:33 AM Karl Martin Skoldebrand <KS0C77263@techmahindra.com<mailto:KS0C77263@techmahindra.com>> wrote:

Hi,

I just discovered that a client has done this:

They have two web applications A1 and A2. They have seperate hostnames/URLs. Both have a production and a test database A1p and A1t/ A2p and A2t.

What they've done is have both A1p and A2p on the same actual databaser server and A1t and A2t on the same server.

Are these two PostgreSQL instances running on the same hardware, or two databases within a single PostgreSQL instance?

They are two databases in a Single PostgreSQL instance access by different accounts with different permissions.>

So, I'm thinking - if a bug in application A1 crashes the application and database badly it will risk bringing down both services A1 and A2.

Is this a common occurrence? Of all the occurrences of downtime in recent memory (or better yet, from incidence documentation), what were the causes of them? Is this near the top of the list?

No it is not common.

Also, are the two apps completely independent, or are they used together such that one being down makes the other one not very useful?

Yes they are independent on the database level. They share the same Windows application server.

The same risk would be evident on a successful security breach.

On the other hand, more servers means more moving parts, means more opportunities for mistakes in configuration or maintenance that let breaches happen.

That is true.

I would prefer to A1p and A2p on seperate servers, maybe keeping A1t and A2t on the same. (This is what seems to be happening when the database servers are being repladed).

I don't know what that last part means.

repladed == replaced

What is the general thought on the current setup?

In my experience, people acting on mere conjectures about what might cause downtime in the future and how to prevent it have caused more downtime than they have prevented.
/M
Cheers,

Jeff
============================================================================================================================ Disclaimer: This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review the policy at http://www.techmahindra.com/Disclaimer.html externally http://tim.techmahindra.com/tim/disclaimer.html internally within TechMahindra. ============================================================================================================================

________________________________________
Från: Peter J. Holzer <hjp-pgsql@hjp.at>
Skickat: den 20 augusti 2019 22:58
Till: pgsql-general@lists.postgresql.org
Ämne: Re: Databases and servers

On 2019-08-20 10:33:17 +0000, Karl Martin Skoldebrand wrote:

I just discovered that a client has done this:

They have two web applications A1 and A2. They have seperate hostnames/URLs.
Both have a production and a test database A1p and A1t/ A2p and A2t.

What they've done is have both A1p and A2p on the same actual databaser server
and A1t and A2t on the same server.

So, I'm thinking - if a bug in application A1 crashes the application and
database badly it will risk bringing down both services A1 and A2. The same
risk would be evident on a successful security breach.

I would prefer to A1p and A2p on seperate servers, maybe keeping A1t and A2t on
the same. (This is what seems to be happening when the database servers are
being repladed).

On rereading this I notice that I'm not sure what that means. If you
propose replacing the two servers with three (two production, one test)
or even four (two production and two test), I agree.

===
I was proposing replacing the two servers with three (or four). Running production on two seperate servers and possibly the tests on one (or possibly two servers).

/M.
============================================================================================================================ Disclaimer: This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review the policy at http://www.techmahindra.com/Disclaimer.html externally http://tim.techmahindra.com/tim/disclaimer.html internally within TechMahindra. ============================================================================================================================