William,
I have a small "farm", in my case processing nodes for some
proof-of-concept Globus work, but I believe the idea is similar.
I use read-only minidisks for the root partition, which is also mounted
(r/w) as /mnt/slash on the master VM. (I suppose you could use
root-nfs for a non-s390 version.) /tmp and /var are VDISKs, with /var
being populated from a /var.ststic on the (read-only) / at IPL time.
/home and /usr/local are NFS mounted from the master VM.
Hence the RPM database is r/w to the nodes, but changes will be lost over
an IPL. However, the master node can perform security stuff using chroot:
---begin script---
#!/bin/bash
mount /mnt/slash
mount proc /mnt/slash/proc -t proc
mount --bind /home /mnt/slash/home # fake a nfs mount
mv /slash/var /slash/var2 # rename the dir that would be dynmaically populated
ln -s /var.startup /slash/var # make /var point to /var.static
chroot /mnt/slash bash
# RPM maintainance
rm -f /slash/var
mv /slash/var2 /slash/var
umount /slash/home
umount /slash/proc
umount /slash
---end script---
Thus nodes can be easily kept uptodate. The just bounce them (force,
xautolog) and the updated read-only root partition will be there.
As for user/department specific installs, I would recommend the good old
./configure --prefix=/usr/local/[department]/
option, then standard *nix user/group/other file/dir access policies to
prevent inter-department curiosity.
If users really want to use (binary) RPMs, there's always
rpm2cpio < file.rpm > file.cpio
and then
cd /usr/local/[department]/[package]/
cpio --extract --no-absolute-filenames < file.cpio
I hope this helps ('twas just my two new English pence worth :-)
Ashley Chaloner.
Deptartment of Computer Science,
University of Warwick, UK.
"Gordon Brown, texture like sun" - Royal Leamington Spa graffiti
