We recently added IPv6 Support to our server and requested that you add our IPv6 to the database for Rsync. The was accomplished on Mar 22.
We has been having trouble updating our mirror since this time. It worked for a period of time and now it stopped. I understand there may be some propagation time for our IPv6 to reach all of your servers. After three days, I feel this should be complete.
Here is what happens:
[rsync@ray06 ~]$ ./centos-mirror
running as: rsync
Sat Mar 25 10:56:28 CDT 2017
Rsyncing with: /bin/nice /usr/bin/rsync -azHv --delete --delay-updates us-msync.centos.org::CentOS /var/www/vhosts/raystedman.net/anon_ftp/pub/centos
msync.CentOS.org rsync service (centosv) ---------------------------------------
This service is intended for the sole use of the CentOS worldwide mirror network to synchronize mirrors.
Unless you are running or intending to run a listed public CentOS mirror use a mirror listed at http://centos.org/download/mirrors
If you intend to populate a mirror for public use please read the notes at http://wiki.centos.org/HowTos/CreatePublicMirrors
If you do use this service then it is implied that you are providing a mirror for public use and giving us authority to publicise such mirror.
@ERROR: Unknown module 'CentOS' rsync error: error starting client-server protocol (code 5) at main.c(1516) [Receiver=3.0.9] Sat Mar 25 10:56:29 CDT 2017
1490457389 1490349601 The mirror age is: 107788
Please notice the ERROR towards the bottom. We have not make any other changes but to start using IPv6. Please check our authorizations for:
IPv4: 173.193.171.186, 173.193.191.120 IPv6: 2607:f0d0:1103:120::2
Thank you, Greg
25.3.2017, 18.10, Greg Sims kirjoitti:
We recently added IPv6 Support to our server and requested that you add our IPv6 to the database for Rsync. The was accomplished on Mar 22.
We has been having trouble updating our mirror since this time. It worked for a period of time and now it stopped. I understand there may be some propagation time for our IPv6 to reach all of your servers. After three days, I feel this should be complete.
[snip] Please notice the ERROR towards the bottom. We have not make any other changes but to start using IPv6. Please check our authorizations for:
IPv4: 173.193.171.186, 173.193.191.120 IPv6: 2607:f0d0:1103:120::2
The current system we're using is faster -- any changes done to the master ACL should propagate to all msync nodes in half an hour max.
The error is indeed related to ACL. One source of problems might be the 2nd IPv4 address you mentioned here, 173.193.191.120. As that was not mentioned in your previous email, my assumption was that this address was no longer in use, so I dropped it. This may have been an incorrect assumption, my apologies for that. In addition, if my memory serves me correctly, the previous entry was actually 173.193.191.0/24, ie. it allowed the entire subnet.
In any case, I have now re-added 173.193.191.120, in case that helps. All the three IP addresses you mentioned are now allowed. You can also play with rsync's -4 and -6 options to make rsync prefer IPv4 or IPv6, respectively.
One common problem is that on servers with multiple addresses, the IP address that gets used might not always be what people expect. For that, I usually recommend people to try "curl ip.miuku.net", "curl ipv4.miuku.net", "curl ipv6.miuku.net", which shows the local IP address, unless proxies are involved.
At this stage I'm fairly certain that those three IP addresses should be allowed to rsync. If you continue having problems, the most probable reason is that the msync.c.o see some other IP address than those listed, for one reason or another. If you can dig a bit more, that would be much appreciated.
Thank you Anssi for your helpful reply. If you do not mind, let's place all the subnet we have on the server into the ACL This will prevent reconfiguration on our side from having an impact on the mirror. Here are the subnets:
- 2607:f0d0:1103:120::/64 - 173.193.191.120/30 - 173.193.171.184/29
We will not need to work on the ACL for another five years with this configuration. I am sorry that I did not supply this information initially -- my apologies.
I will also use --ipv6 as you suggest.
Thank you again Anssi! Greg
On Sat, Mar 25, 2017 at 11:09 AM, Anssi Johansson avij@centosproject.org wrote:
25.3.2017, 18.10, Greg Sims kirjoitti:
We recently added IPv6 Support to our server and requested that you add our IPv6 to the database for Rsync. The was accomplished on Mar 22.
We has been having trouble updating our mirror since this time. It worked for a period of time and now it stopped. I understand there may be some propagation time for our IPv6 to reach all of your servers. After three days, I feel this should be complete.
[snip] Please notice the ERROR towards the bottom. We have not make any other changes but to start using IPv6. Please check our authorizations for:
IPv4: 173.193.171.186, 173.193.191.120 IPv6: 2607:f0d0:1103:120::2
The current system we're using is faster -- any changes done to the master ACL should propagate to all msync nodes in half an hour max.
The error is indeed related to ACL. One source of problems might be the 2nd IPv4 address you mentioned here, 173.193.191.120. As that was not mentioned in your previous email, my assumption was that this address was no longer in use, so I dropped it. This may have been an incorrect assumption, my apologies for that. In addition, if my memory serves me correctly, the previous entry was actually 173.193.191.0/24, ie. it allowed the entire subnet.
In any case, I have now re-added 173.193.191.120, in case that helps. All the three IP addresses you mentioned are now allowed. You can also play with rsync's -4 and -6 options to make rsync prefer IPv4 or IPv6, respectively.
One common problem is that on servers with multiple addresses, the IP address that gets used might not always be what people expect. For that, I usually recommend people to try "curl ip.miuku.net", "curl ipv4.miuku.net", "curl ipv6.miuku.net", which shows the local IP address, unless proxies are involved.
At this stage I'm fairly certain that those three IP addresses should be allowed to rsync. If you continue having problems, the most probable reason is that the msync.c.o see some other IP address than those listed, for one reason or another. If you can dig a bit more, that would be much appreciated. _______________________________________________ CentOS-mirror mailing list CentOS-mirror@centos.org https://lists.centos.org/mailman/listinfo/centos-mirror
25.3.2017, 20.52, Greg Sims kirjoitti:
Thank you Anssi for your helpful reply. If you do not mind, let's place all the subnet we have on the server into the ACL This will prevent reconfiguration on our side from having an impact on the mirror. Here are the subnets:
- 2607:f0d0:1103:120::/64
- 173.193.191.120/30
- 173.193.171.184/29
We will not need to work on the ACL for another five years with this configuration. I am sorry that I did not supply this information initially -- my apologies.
OK, I have now expanded the IP address ranges as specified. This change should now be live on all msync nodes.
-
Anssi Johansson -
Greg Sims