[CentOS-mirror] IRC meeting regarding new mirroring system for CentOS

Tue Nov 9 22:52:34 UTC 2010
Peter Pöml <peter at poeml.de>

Hi Jim,

thanks for your detailed feedback.

Am 09.11.2010 um 00:44 schrieb Jim Kusznir:
> For me as a mirror admin, the only feature I don't like about
> MirrorBrain is that I don't have the ability to log in and "check on"
> or admin my mirror.

Does that mainly concern you when something stops working, and you wonder why?

From administering different MirrorBrain setups for a few years, I can say that this is not a question that pops up frequently. One of the most frequently asked questions here on this list, why someone's mirror does not get requests, never occured to me. Maybe MirrorBrain does less checking than other frameworks? Anyway, MirrorBrain does not disable all redirection to a mirror just because some files are not yet there. 

The primary need I saw so far for mirror admins to change something would be to modify the URL their mirror is reachable at, and (in some cases) adjust the amount of requests they are assigned. Also, it can be convenient to be able to temporarily switch off redirection completely. Looking at scan/monitoring logs would come to mind as well. Triggering a scan. (Other suggestions?)

In order to make these changes modifiable to the mirrors' admins, the main obstacle would be to set up a user account handling. Some projects already have a system for that, so a MirrorBrain setup could be connected to it. Where such a framework doesn't exist yet, MirrorBrain would need its own system, and I was wondering how to best implement that. I think the three options would be 1) a simple self-contained system, 2) using OpenID, so existing Google/Yahoo/AOL/whatever accounts could be used. I would prefer the latter, but it is technically challenging enough for me to implement that it is not a matter of a few hours. 

> I mirror for a few different distros, and ubuntu's mirror manager is
> quite poor as well.  I have an account, but can't get to it.  When I
> fail a test of some sort, I get a not-very-useful e-mail, and no way
> to get more info on what happened.  I usually end up just "waiting it
> out".  It would be nice if I get an e-mail allerting me to something
> being wrong, and then allowing me to log in and see.

Sending out an (informative) email when something goes wrong is indeed a good idea.

> I also like being able to specify some IP ranges I'm authoritative
> for.  As my mirror is on a university campus, I'd love to be able to
> enter my campus' IP ranges, and that way ensure that all my campus
> gets my mirror.  So far, none of the OSes I mirror for (I don't mirror
> Fedora presently) allows me to do that.

Regarding this, I would like to question the need for such manual configuration. 
centos.eecs.wsu.edu is your mirror, right? Without any configuration, MirrorBrain would send you all requests from clients out of 134.121.0.0/16 (if there isn't any mirror in the same network of course). If a client is not in that particular network, but within AS10430, it would still get sent to your mirror -- if there is no other mirror in that autonomous system. Would there be a second mirror in your autonomous system? That's the question. If not, everything would happen automatically anyway. No need to juggle lists of network prefixes. (And no need to make such configuration accessible, which could result in a security issue after all, if not handled carefully.)

So far, I didn't encounter a case where clients are outside the network prefix of a mirror, but within the same AS, and there is a second mirror in that AS -- so there was no need to add a way to specify network prefixes at all.

However, if you see the need, it would be easy to implement. (In the same way, one could define other autonomous systems to be handled by a mirror.)

> MirrorBrain sounds like it has a lot of the functionality, but only
> available to the distro managers.  They're busy people; I'd rather not
> bother them if I can handle stuff myself.
> 
> --Jim

Thanks again for your feedback,
Peter