Nikolai Prokoschenko's questions

(Please note: this question is one of many "why don't you just try it?" questions. I certainly will, but since I haven't found an obvious answer by googling, I thought I might as well make it easier for someone who might need this later by asking on ServerFault)

My web application is served over HTTPS behind some load balancers and allows users to authenticate using client certificates in some cases. Now I'm being asked whether I'd like to offload SSL encryption/decryption to load balancers so that I'd be running a plain HTTP site (and thus with easier debugging and configuration) while the load balancer would be doing HTTPS for the users. Free extra CPU cycles certainly sound good, however, I'm not convinced that I'd still be able to check users' client certificates.

Is it possible to use client certificates without running a full-blown HTTPS site?

I'm about to convert a single-server single-database web application into a physically distributed high-available configuration with servers on two physical locations (for now). Now, obviously, I need a load balancer (more like a reverse proxy in this case, but I'll call it "load balancer" for simplicity), which would route requests for mywebsite to either node1.mywebsite or node2.mywebsite. However, I assume that high-available servers are no use if my load balancer goes down. Therefore, so my train of thought, I'd actually need two load balancers, one on each location. However, I'd still want a single external point of access, therefore I'd need a load balancer for the load balancers, which in turn would need to be balanced across locations... this goes on and on.

So what's wrong with my reasoning? How would I ensure high availability of my load balancers in practice, assuming each of the physical locations could be disconnected from power for a long period of time?

PS: I'm aware of the fact that my understanding of the distinction between HA and load-balancing is mediocre at best. What I want is an available server even when the power on one location goes down. Thank you for your understanding.

I have a bunch of Xen DomUs running on Xen 3.3.2 on RHEL5.4. I've setup those VMs as a complete Xen rookie and now I notice that using virt-manager might not have been the best idea, since I don't have any python-based configuration files at all, only config.sxp file for each domain in /var/lib/xend/domains. Apparently, it's a good idea to have them though, so my question is: how can I recover from my newbie mistakes and re-create those configuration files without starting from scratch?

We've got several RHEL5 development servers, one for each developer. Each server is developer's own sandbox, with Subversion checkout available through Samba shares (having RHEL5 clients is out of option, corporate policy requires Windows XP). Now several developers have notebooks as main development boxes and would like to have their code available even when there's no network connectivity, e.g. in the presentation room or at home. R/W preferred, of course, but R/O would do too.

I'm thinking about some system with transparent persistent caching, lie a virtual drive which would synchronize with the original share when online and replace the network drive when offline. There are possibly other solutions, what would you recommend?

EDIT: Judging from the comments, I notice how difficult it is to explain what we are doing. I'll just try again. There is a central SVN repository and developers' devel-boxes to work on. However, they are not allowed to use those boxes as Linux clients directly, but instead they need to use Windows XP as development client because of corporate restrictions. So the webserver stays on the RHEL5 devel-box (which is reference platform), checkout stays there too and is shared to the developer via Samba (exclusively!). There is no misunderstanding of what SVN is and isn't, it's just that the checkouts are located on the server and not on the client. Because of that, they are not available online, but it's desired that they are -- and this has been the essence of my question.

Tell me if this is easier to understand :)

Everytime I install something with yum, it tries to install both x86_64 and i386 versions of the package if both are available. Is there any way I can forbid that without specifying the arch of the package?

My DomUs on a Xen 3.4 on an RHEL5 are crashing when too much memory is needed:

(XEN) p2m_pod_demand_populate: Out of populate-on-demand memory!
(XEN) domain_crash called from p2m.c:1091
(XEN) Domain 15 (vcpu#3) crashed on cpu#2:
(XEN) ----[ Xen-3.4.0  x86_64  debug=n  Not tainted ]----
(XEN) CPU:    2
(XEN) RIP:    0010:[<ffffffff80062c02>]
(XEN) RFLAGS: 0000000000010216   CONTEXT: hvm guest
(XEN) rax: 0000000000000000   rbx: 0000000000000001   rcx: 000000000000003f
(XEN) rdx: 0000000004812000   rsi: ffff810001000000   rdi: ffff810004812000
(XEN) rbp: 0000000000000282   rsp: ffff810007635cf0   r8:  ffff810037c0288e
(XEN) r9:  00000000000023e1   r10: 0000000000000000   r11: 0000000000000001
(XEN) r12: ffff81000000cb00   r13: ffff8100007e43f0   r14: ffff81000000fc10
(XEN) r15: 00000000000280d2   cr0: 0000000080050033   cr4: 00000000000006e0
(XEN) cr3: 0000000006760000   cr2: 0000000003d47078
(XEN) ds: 0000   es: 0000   fs: 0000   gs: 0000   ss: 0000   cs: 0010

Can I disable populate-on-demand for HVM somehow? Xen 3.3 didn't exhibit such behaviour...

I've got a bunch of Xen 3.4 DomUs that are currently running as HVM because of our infrastructure (Kickstart which doesn't handle Xen PVM yet). Both DomU and Dom0 are RHEL5 machines. If I understand the documentation and configuration correctly, it would suffice to install kernel-xen on the DomUs, replace hvm with pvm in the .xsp files and set the correct boot loader. But has anyone tried this, is this really this easy?

It's actually quite simple: is there any way I can set maxmem at runtime from the command line? If I edit the .xsp files, how can I ensure they are being re-read by Xen?

I need to provide some configuration customization to several servers in our small department network. We are using RHEL5 currently and since I don't want to repeat work, I'd like to create RPMs with that configuration and upload them to our RHN.

Now the problem: assuming I want to distribute NTP configuration via /etc/ntp.conf. Sadly, there is no /etc/ntp.d/ to put my files into, thus I'd have to overwrite the ntp.conf with my RPM. How do I do that properly, i.e. without losing that configuration when ntp is updated and also without possible configuration files conflicts?

I'm setting up a new server based on RHEL5 and wanted to install some python modules which don't come with it. I've seen that setuptools have an option to build RPM packages out of modules, but unfortunately this only works with setup.py, not with easy_install. However, I'd like to keep dependency resolving of easy_install so that manual setup.py is not an option.

How would you solve this situation? I would like to avoid installing packages to /usr/local especially since stock python from RHEL5 doesn't define a python path underneath of /usr/local by default.