[mirror-admin] rsync ACLs for tier1s
Stuart McKim
mckim at osuosl.org
Mon Apr 14 17:12:03 EDT 2008
We ran into a similar issue when we put our servers into cfengine to be
centrally managed. Instead of copying out a different config file for
each server, we wanted to be able to modularize it. This way, we could
have a separate file for each unique section.
The set-up uses a rsyncd.conf.d directory where we drop in files
containing the appropriate blocks of the final file. For example, we
have a 00base.conf file that includes the global settings, backup.conf
for our dirvish backups, and mirror.conf that defines the modules our
mirrors provide. For any ACLs that we pull from other sources, those are
put into individual files in the same directory using a cron job.
Whenever we update one of those files, we run a script that essentially
concatenates the files to make /etc/rsyncd.conf
Stuart
--
Stuart McKim
FTP Administrator
Open Source Lab
Oregon State University
On Sat, Apr 12, 2008 at 11:27:50AM -0700, J.H. wrote:
> While this list is nice, trying to add this to my current rsync setup,
> and maintain it. The biggest problem being, my rsync configuration is
> already long and complex, and adding straight up hosts allowed, that is
> long and would need constant updating into that is unmanageable (mainly
> since that can't be broken out, at least from what I'm seeing, into a
> separate maintainable file like the secrets file can be). I would love
> to see something more akin to the secrets file generated by fedora and
> made available to the tier1's so that they don't have to maintain that
> mapping, and than worrying about IP addresses explicitly is not an
> issue.
>
> Just my $0.02.
>
> - John 'Warthog9' Hawley
>
> On Sat, 2008-04-12 at 12:05 +0200, SpeedPartner GmbH wrote:
> > Hi,
> >
> > I just discovered
> > https://admin.fedoraproject.org/mirrormanager/rsync_acl
> > from an email by Kambiz on this list.
> >
> > Is that ACL autogenerated, including all tier1/tier2-sites? So should
> > the tier1s maybe move on to use that list instead of "rolling their
> > own"? We currently do hand-maintain a list on our tier1 ...
> >
>
> --
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.ale.org/pipermail/mirror-admin/attachments/20080414/2de865d3/attachment.bin
-------------- next part --------------
--
More information about the Mirror-admin
mailing list