On 05/19/2010 06:08 PM, Jonathan Thurman wrote:
I don't think that the msync pool should be wide open for anyone to
access. Those that are hosting public mirrors of content should have a pool that they can sync to that is restricted, or at least have priority over unknown users. Otherwise it could be more difficult for the public mirror system to stay up to date.
Yeah, thats the main thing - being able to get the rsync tree's out to the public mirrors asap, while still having enough resources within .centos.org.
So here is a question for you - as a mirror admin, would you host an rsync target that msync.c.o could push into ? It could be ether based on a user/pass acl or a key. And we would give you a list of ip's that will push to your machine.
I personally would consider push, but there are some major concerns that would have to be addressed.
Our environment doesn't lend itself to this as our mirror is really a load balanced cluster with a node that is designated for syncing. Of course with a little work, the push traffic could be sent to that node.
The major issue with Push is control. When I am pulling updates, I set the times that the pull happens. I can schedule the updates during known low-bandwidth times of the day. I can also specifically exclude things that I don't want to host (I don't, but I could).
I also see this as more work for the msync maintainers.
I do like the idea of key based syncing. I use keys frequently for automation, and find it easier and more secure than maintaining lists of IPs. So msync.centos.org creates a single account for the public mirrors to sync with, and each public mirror provides a key. Just append all of the keys to the authorized_keys file and sync that between the msync servers. When a mirror is added/removed, update the file once and have it sync automatically. No more IP ACLs to worry about, because no one really cares what IP I sync from.
-Jonathan