[mirror-admin] Blocking ips on dl.fedoraproject.org (Or Please update your mirrors in mirror-manager)
Stephen John Smoogen
smooge at gmail.com
Fri Mar 25 15:01:26 EDT 2016
Hi we are seeing a large number of partial rsync on the main download
servers which are causing problems for tier0/1 mirrors to get to the
servers. What we are seeing is that an ip address will start a rsync
of a large tree and then will drop the connection as the server takes
time to work through 1-10TB of disk space. The ip will then initiate a
new connection which another download server will try to fulfill but
again with a time-out and restart. This is adding a large amount of
IOPs onto our backend storage causing a cascading set of problems
through the infrastructure.
We are going to have to put a firewall rules to drop connections from
these systems so that the alpha and other work can get properly
mirrored onto the registered Tier 0 and Tier 1 mirrors. If that
doesn't work we will be putting firewall rules that only Tier 0 and
Tier 1 mirrors are allowed to connect to the download servers.
I am not sure to post the list of ips on this list but I will put the
domains which I could track back via DNS
uk-noc.com.
wideopenwest.com.
alshamil.net.ae.
ip-connect.net.ua.
math.uh.edu.
main.ad.rit.edu.
mirror.yandex.net.
pdx.edu.
unicamp.br.
sl-reverse.com.
univ-ubs.fr.
isp.ip.pt.
c3sl.ufpr.br.
None of these mirrors are registered in mirrormanager exactly as the
ip address which is coming. If you have ips which you use to mirror
from please add them to the mirrormanager so we can whitelist these
ips. [I nearly blacklisted a couple of tier0 because the ip address
listed for the mirror wasn't correct. If I didn't catch all of
them...]
Finally, to cut down mirroring problems please do the following:
1) Do not put in a cron job that you are going to do an rsync update
every 15 minutes as several of the above mirrors seem to do. We do not
update the trees that often and rsyncd has to stat every file.
2) Please review the tips and tricks at
https://fedoraproject.org/wiki/Infrastructure/Mirroring#Mirror_Frequency
Using the last-sync to schedule updates when they actually occur can
help lower rsync usage.
Thank you
--
Stephen J Smoogen.
--
More information about the Mirror-admin
mailing list