[CentOS-mirror] Thoughts on DVD images

[Jonathan Thurman]

> On 05/19/2010 06:08 PM, Jonathan Thurman wrote:
> > I don't think that the msync pool should be wide open for anyone to
> access.  Those that are hosting public mirrors of content should have a
> pool that they can sync to that is restricted, or at least have
> priority over unknown users.  Otherwise it could be more difficult for
> the public mirror system to stay up to date.
> 
> Yeah, thats the main thing - being able to get the rsync tree's out to
> the public mirrors asap, while still having enough resources within
> .centos.org.
> 
> So here is a question for you - as a mirror admin, would you host an
> rsync target that msync.c.o could push into ? It could be ether based
> on a user/pass acl or a key. And we would give you a list of ip's that
> will push to your machine.

I personally would consider push, but there are some major concerns that would have to be addressed.

Our environment doesn't lend itself to this as our mirror is really a load balanced cluster with a node that is designated for syncing.  Of course with a little work, the push traffic could be sent to that node.

The major issue with Push is control.  When I am pulling updates, I set the times that the pull happens.  I can schedule the updates during known low-bandwidth times of the day.  I can also specifically exclude things that I don't want to host (I don't, but I could).

I also see this as more work for the msync maintainers.

I do like the idea of key based syncing.  I use keys frequently for automation, and find it easier and more secure than maintaining lists of IPs.  So msync.centos.org  creates a single account for the public mirrors to sync with, and each public mirror provides a key.  Just append all of the keys to the authorized_keys file and sync that between the msync servers.  When a mirror is added/removed, update the file once and have it sync automatically.  No more IP ACLs to worry about, because no one really cares what IP I sync from.

-Jonathan