[mirror-admin] rsync ACLs for tier1s
Matt Domsch
Matt_Domsch at dell.com
Sat Apr 12 17:00:30 EDT 2008
On Sat, Apr 12, 2008 at 12:05:49PM +0200, SpeedPartner GmbH wrote:
> Hi,
>
> I just discovered
> https://admin.fedoraproject.org/mirrormanager/rsync_acl
> from an email by Kambiz on this list.
>
> Is that ACL autogenerated, including all tier1/tier2-sites? So should
> the tier1s maybe move on to use that list instead of "rolling their
> own"? We currently do hand-maintain a list on our tier1 ...
This is the full list of active mirrors (including both public and
private) as known to MirrorManager, based on what addresses each Host
has included in the database. The initial thought was to use it as
you expect - to populate the rsync ACLs. It's not being used (yet) on
the master mirrors, but I hope that day will come. Several Tier 1
mirrors are using this list to decide who gets access.
The drawback to using this list is that, honestly, anyone who has a
Fedora Account System account can create a Site and a Host in the MM
database, and add their addresses to the ACL. There are 283 entries
right now. In practice, it hasn't been a problem - we haven't had a
ton of people signing up as mirrors only to leech the bits before
they're announced but not truly acting as mirrors. If it becomes a
problem we may have to go back to people manually asking for entry to
specific Tier 1's ACLs.
Other Tier 0/1 mirrors, such as fedora-archive.ibiblio.org,
effectively only serve content to Internet2 connected mirrors. So far
these have chosen to edit their ACLs manually to accomodate this. Now
that we've got automatic Internet2+peers detection in MM, I could make
that a query option (e.g. rsync_acl?internet2=True), but that isn't in
place right now. Presumably we'd add the query option
(rsync_acl?private=False) to exclude non-public mirrors. What other
query criteria would anyone like to see here?
(BTW, we're in change freeze for the F9 release, so I won't update MM
for this until after F9 is out.)
Thanks,
Matt
--
Matt Domsch
Linux Technology Strategist, Dell Office of the CTO
linux.dell.com & www.dell.com/linux
--
More information about the Mirror-admin
mailing list