On Wed, 19 May 2010, Karanbir Singh wrote:
On 05/19/2010 06:08 PM, Jonathan Thurman wrote:
I don't think that the msync pool should be wide open for anyone to access. Those that are hosting public mirrors of content should have a pool that they can sync to that is restricted, or at least have priority over unknown users. Otherwise it could be more difficult for the public mirror system to stay up to date.
Yeah, thats the main thing - being able to get the rsync tree's out to the public mirrors asap, while still having enough resources within .centos.org.
So here is a question for you - as a mirror admin, would you host an rsync target that msync.c.o could push into ? It could be ither based on a user/pass acl or a key. And we would give you a list of ip's that will push to your machine.
I think closing the msync machines (tier 0, in Fedora-speak) to the general public (at least for rsync) is probably a good idea. It would allow more bandwidth and connections to be used by public tier-1s. People wanting to create a new tier-1 can get their initial sync from another tier-1.
I have reservations about requiring push mirroring. The main advantage I see with push is that an rsync is only started when there is new content. It would reduce the load on the tier-0s when there is no new data.
I see two downsides, however. First, I can't coordinate when my server syncs from different projects. Currently, I know that (for example) CentOS and Fedora won't try to update at the same time, because I control when those syncs start. I lose that with push.
The second concern is the security aspect. To allow push, I have to open ssh to machines outside my network and outside my control. I don't know how happy my security folks will be with that.
I think it would be better to make push mirroring an option, rather than a requirement.
DR