[mirror-admin] Outdated mirrors?

Carlos Carvalho carlos at fisica.ufpr.br
Wed Jul 16 16:58:26 EDT 2008 

Matt Domsch (Matt_Domsch at dell.com) wrote on 16 July 2008 15:25:
 >On Wed, Jul 16, 2008 at 04:53:06PM -0300, Carlos Carvalho wrote:
 >> A push mechanism is also good at spotting problems such as this one.
 >
 >I'm very open to push mirroring, and have looked into Debian's
 >packages which do this, a few months ago.  I would welcome assistance,
 >it's not something I have time to figure out and implement widely
 >right now.

No packages are needed. In Debian the downstream mirror just sets up
an account accessible via ssh with a predefined command, which is the
update script. The upstream mirror just does something like

ssh -i your-key sync-account at downstream > /dev/null 2>&1 &

when it finishes its own update. Notice that the update procedure
doesn't change, only how it's launched. Of course I'm supposing nobody
runs the update as root or similar security flaws. This is also an
opportunity to fix them...

There are other ways as well. For example, downstream can configure a
rsync module with write access, and upstream sends the changes
directly. This is how suse and sourceforge do; it's better when the
changes are small compared to the whole archive because it saves an
expensive rsync disk scan of the tree. Definitely not the case of
Fedora though, which does daily changes that force poor mirrors to get
~2GB/day :-( :-(

So you just have to:
- publish a public key
- ask for the account/sites that wish to get pushed via ssh
- include them in your update script

And... find a way to discover when to push other mirrors in the jungle
of redhat netapp storages...

For tier-[01] pushing should be compulsory.

In the case of the ssh trigger one could also demand to have the
downstream rsync log mailed to some dedicated (guess who?) admin
who'll make sure that mirrors indeed update. This is what I do for the
ones who sync officially from us. It's feasible when they're few; that
limit of 10 tier-1 worldwide comes in conveniently. That's the whole
point of official tiered mirrors after all.

--

More information about the Mirror-admin mailing list