[CentOS-mirror] Thoughts on DVD images
Jonathan Thurman
JThurman at nwresd.k12.or.us
Wed May 19 19:13:59 UTC 2010
> On 05/19/2010 06:08 PM, Jonathan Thurman wrote:
> > I don't think that the msync pool should be wide open for anyone to
> access. Those that are hosting public mirrors of content should have a
> pool that they can sync to that is restricted, or at least have
> priority over unknown users. Otherwise it could be more difficult for
> the public mirror system to stay up to date.
>
> Yeah, thats the main thing - being able to get the rsync tree's out to
> the public mirrors asap, while still having enough resources within
> .centos.org.
>
> So here is a question for you - as a mirror admin, would you host an
> rsync target that msync.c.o could push into ? It could be ether based
> on a user/pass acl or a key. And we would give you a list of ip's that
> will push to your machine.
I personally would consider push, but there are some major concerns that would have to be addressed.
Our environment doesn't lend itself to this as our mirror is really a load balanced cluster with a node that is designated for syncing. Of course with a little work, the push traffic could be sent to that node.
The major issue with Push is control. When I am pulling updates, I set the times that the pull happens. I can schedule the updates during known low-bandwidth times of the day. I can also specifically exclude things that I don't want to host (I don't, but I could).
I also see this as more work for the msync maintainers.
I do like the idea of key based syncing. I use keys frequently for automation, and find it easier and more secure than maintaining lists of IPs. So msync.centos.org creates a single account for the public mirrors to sync with, and each public mirror provides a key. Just append all of the keys to the authorized_keys file and sync that between the msync servers. When a mirror is added/removed, update the file once and have it sync automatically. No more IP ACLs to worry about, because no one really cares what IP I sync from.
-Jonathan
More information about the CentOS-mirror
mailing list