Hi all you mirror people out there,
today I'd like to present a small poll to you, a questionnaire if you like.
a) Which mirror does *NOT* want to carry the DVD isos? b) Who of you pull with machines where the IP address is different from the host from where you offer the mirror? Which IP address pulls for which mirror if your addresses differ?
Please only answer if you do *NOT* want to carry the DVD isos or when you have different IPs for pulling and offering.
We're doing a bit ressource planning at the moment :)
Thanks,
Ralph
On 03/25/2010 02:42 PM, Ralph Angenendt wrote:
Hi all you mirror people out there,
today I'd like to present a small poll to you, a questionnaire if you like.
a) Which mirror does *NOT* want to carry the DVD isos?
N/A
b) Who of you pull with machines where the IP address is different from the host from where you offer the mirror? Which IP address pulls for which mirror if your addresses differ?
I do, the IP that the system uses to pull from upstream is not the same as the IP that is providing the mirroring.
Please only answer if you do *NOT* want to carry the DVD isos or when you have different IPs for pulling and offering.
We're doing a bit ressource planning at the moment :)
If this is a vote for using user / pass access to the rsync modules I'd vote for that as being a good thing vs. doing the static IP based system that most people use now.
- John 'Warthog9' Hawley
Am 25.03.10 23:38, schrieb J.H.:
On 03/25/2010 02:42 PM, Ralph Angenendt wrote:
Please only answer if you do *NOT* want to carry the DVD isos or when you have different IPs for pulling and offering.
We're doing a bit ressource planning at the moment :)
If this is a vote for using user / pass access to the rsync modules I'd vote for that as being a good thing vs. doing the static IP based system that most people use now.
See? I didn't even think that far. On the other hand that needs mirror admins to change their config - I was trying to look if we could use our database to generate the access lists automatically.
Ralph
On 03/25/2010 04:08 PM, Ralph Angenendt wrote:
Am 25.03.10 23:38, schrieb J.H.:
On 03/25/2010 02:42 PM, Ralph Angenendt wrote:
Please only answer if you do *NOT* want to carry the DVD isos or when you have different IPs for pulling and offering.
We're doing a bit ressource planning at the moment :)
If this is a vote for using user / pass access to the rsync modules I'd vote for that as being a good thing vs. doing the static IP based system that most people use now.
See? I didn't even think that far. On the other hand that needs mirror admins to change their config - I was trying to look if we could use our database to generate the access lists automatically.
Could always support both during a long term transition. New mirrors / mirrors that want it get user/pass, old mirrors can continue to use IP based ACLs. Just my thoughts though, and it's always a pain when a mirror has to change IPs to have to update that, if they each had a user/pass changing IPs doesn't matter. Also easier to code since rsync allows user/pass combinations to live in a separate file than the rsync config.
- John 'Warthog9' Hawley
Hi all you mirror people out there,
Hello!
today I'd like to present a small poll to you, a questionnaire if you
like.
b) Who of you pull with machines where the IP address is different from the host from where you offer the mirror? Which IP address pulls for which mirror if your addresses differ?
We pull from 202.158.214.12 (bne-a-vms1.retain.aarnet.edu.au) and we serve files from 202.158.214.106 or 2001:388:30bc:cafe::beef over ipv6 (mirror.aarnet.edu.au)
Regards, Alex
----- Original Message ----- From: "Ralph Angenendt" ralph.angenendt@gmail.com To: centos-mirror@centos.org Sent: Thursday, 25 March, 2010 14:42:25 GMT -08:00 US/Canada Pacific Subject: [CentOS-mirror] POLL: DVDs and access lists ...
Hi all you mirror people out there,
today I'd like to present a small poll to you, a questionnaire if you like.
a) Which mirror does *NOT* want to carry the DVD isos?
A. I'm not officially listed yet, we're still finalizing details but we plan on carrying everything
b) Who of you pull with machines where the IP address is different from the host from where you offer the mirror? Which IP address pulls for which mirror if your addresses differ?
Please only answer if you do *NOT* want to carry the DVD isos or when you have different IPs for pulling and offering.
A. We're planning on load balancing the frontend and backend so yes, we pull/offer from different IPs
We're doing a bit ressource planning at the moment :)
A. Look forward to the outcome
-- James A. Peltier Systems Analyst (FASNet), VIVARIUM Technical Director Simon Fraser University - Burnaby Campus Phone : 778-782-6573 Fax : 778-782-3045 E-Mail : jpeltier@sfu.ca Website : http://www.fas.sfu.ca | http://vivarium.cs.sfu.ca MSN : subatomic_spam@hotmail.com
Does your OS has a man 8 lart? http://www.xinu.nl/unix/humour/asr-manpages/lart.html
the mirror at http://centos.fis.uniroma2.it ftp://cis.uniroma2.it/LinuxF/CentOS: a) wants top carry DVD isos b) is serviced by a TruCluster so it pulls from one of 160.80.22.30 160.80.22.31 160.80.22.32 160.80.22.33 but offers from any of such IP addresses
Silio ( dangelo@gno.uniRoma2.it )
On Thu, 25 Mar 2010, Ralph Angenendt wrote:
Hi all you mirror people out there,
today I'd like to present a small poll to you, a questionnaire if you like.
a) Which mirror does *NOT* want to carry the DVD isos? b) Who of you pull with machines where the IP address is different from the host from where you offer the mirror? Which IP address pulls for which mirror if your addresses differ?
Please only answer if you do *NOT* want to carry the DVD isos or when you have different IPs for pulling and offering.
We're doing a bit ressource planning at the moment :)
Thanks,
Ralph _______________________________________________ CentOS-mirror mailing list CentOS-mirror@centos.org http://lists.centos.org/mailman/listinfo/centos-mirror
Hi,
On Thu, 25 Mar 2010, Ralph Angenendt wrote:
Hi all you mirror people out there,
today I'd like to present a small poll to you, a questionnaire if you like.
a) Which mirror does *NOT* want to carry the DVD isos?
We DO want to carry the DVD-Isos :-)
b) Who of you pull with machines where the IP address is different from the host from where you offer the mirror? Which IP address pulls for which mirror if your addresses differ?
Our pulling host is btr0xq.rz.uni-bayreuth.de (132.180.7.30, aka: rsync.uni-bayreuth.de), this host is also serving rsync-access, it is pulling from eu-msync.centos.org (except the DVD-Isos, which are rsynced from centos.bio.lmu.de) our mirror offering http and ftp access is btr0x2.rz.uni-bayreuth.de (132.180.15.2, aka: ftp.uni-bayreuth.de)
Tom Rueger Tel. +49 921 55 3142 Computer Center Fax +49 921 55 843142 Universitaet Bayreuth Mail Tom.Rueger@uni-bayreuth.de 95440 Bayreuth / Germany
--On torsdag, mars 25, 2010 22.42.25 +0100 Ralph Angenendt ralph.angenendt@gmail.com wrote:
Hi all you mirror people out there,
today I'd like to present a small poll to you, a questionnaire if you like.
a) Which mirror does *NOT* want to carry the DVD isos? b) Who of you pull with machines where the IP address is different from the host from where you offer the mirror? Which IP address pulls for which mirror if your addresses differ?
Please only answer if you do *NOT* want to carry the DVD isos or when you have different IPs for pulling and offering.
We're doing a bit ressource planning at the moment :)
Thanks,
Ralph
Hi Ralph!
b) applies to ftp.sunet.se (and its aliases). We usually ask for source sites to open the entire subnet, 194.71.11.0/24, as it is exlusively used for the archive and hosts within our controll. But a user/pass modell would obviously work just fine too:-)
Regards, Emil
Due to lazyness on my part, centos.eecs.wsu.edu pulls from a different IP than it (primarily) serves from. The system is dual-homed, and rsync's typically origionate from repos.eecs.wsu.edu (its first hostname/IP). I can fix this if its an issue.
On the other hand, I generally don't pull from the main CentOS servers...I'll pull from some nearby I2 mirrors with much greater speed.
--Jim
On Fri, Mar 26, 2010 at 5:46 AM, Emil archive@ftp.sunet.se wrote:
--On torsdag, mars 25, 2010 22.42.25 +0100 Ralph Angenendt ralph.angenendt@gmail.com wrote:
Hi all you mirror people out there,
today I'd like to present a small poll to you, a questionnaire if you like.
a) Which mirror does *NOT* want to carry the DVD isos? b) Who of you pull with machines where the IP address is different from the host from where you offer the mirror? Which IP address pulls for which mirror if your addresses differ?
Please only answer if you do *NOT* want to carry the DVD isos or when you have different IPs for pulling and offering.
We're doing a bit ressource planning at the moment :)
Thanks,
Ralph
Hi Ralph!
b) applies to ftp.sunet.se (and its aliases). We usually ask for source sites to open the entire subnet, 194.71.11.0/24, as it is exlusively used for the archive and hosts within our controll. But a user/pass modell would obviously work just fine too:-)
Regards, Emil
CentOS-mirror mailing list CentOS-mirror@centos.org http://lists.centos.org/mailman/listinfo/centos-mirror
A: n/a (We do want to carry DVDs) B: The mirror is on 66.219.26.123, while the main IP for the machine, and thus, the one rsync uses, is 66.219.26.122.
On a side note.. can we get .122 added to the dvd acl? :)
-- Douglas A. Kuntz | Manager Complex Applications & Systems Netriplex, LLC P: 828-650-8528 | C: 828-280-1395 | W: Netriplex.com
On Thu, Mar 25, 2010 at 5:42 PM, Ralph Angenendt ralph.angenendt@gmail.comwrote:
Hi all you mirror people out there,
today I'd like to present a small poll to you, a questionnaire if you like.
a) Which mirror does *NOT* want to carry the DVD isos? b) Who of you pull with machines where the IP address is different from the host from where you offer the mirror? Which IP address pulls for which mirror if your addresses differ?
Please only answer if you do *NOT* want to carry the DVD isos or when you have different IPs for pulling and offering.
We're doing a bit ressource planning at the moment :)
Thanks,
Ralph _______________________________________________ CentOS-mirror mailing list CentOS-mirror@centos.org http://lists.centos.org/mailman/listinfo/centos-mirror
a) Which mirror does *NOT* want to carry the DVD isos?
We would like to have the DVDs.
b) Who of you pull with machines where the IP address is different from the host from where you offer the mirror? Which IP address pulls for which mirror if your addresses differ?
We currently pull from 66.154.136.1, and publish from 66.154.136.54 which I forgot to mention in my new mirror email...
-Jonathan
Jonathan Thurman Senior Communications Engineer Northwest Regional ESD
On 26/03/10 8:42 AM, "Ralph Angenendt" ralph.angenendt@gmail.com wrote:
a) Which mirror does *NOT* want to carry the DVD isos?
We do, albeit not officially.
We manually grab the DVD ISOs from another mirror that has them (thanks AARnet) when a new release is available.
b) Who of you pull with machines where the IP address is different from the host from where you offer the mirror? Which IP address pulls for which mirror if your addresses differ?
Yes.
The IP address that our machine pulls from is 117.55.229.1. The IP address of our mirror is 117.55.229.2.
While in the current setup we can easily change the rsync command to pull using 117.55.229.2 (it's the same machine), we're looking at putting the mirrors in a HA configuration behind a pair of load balancers.
In this case the mirror IP would be a VIP on the load balancer, and the machine pulling the content would be on a different IP.
-Shaun
On 25/03/10 21:42, Ralph Angenendt wrote:
Hi all you mirror people out there,
today I'd like to present a small poll to you, a questionnaire if you like.
a) Which mirror does *NOT* want to carry the DVD isos?
Doesn't matter to us. We can carry DVDs.
b) Who of you pull with machines where the IP address is different from the host from where you offer the mirror? Which IP address pulls for which mirror if your addresses differ?
89.36.197.2 pulls, 89.36.197.8 serves.
Please only answer if you do *NOT* want to carry the DVD isos or when you have different IPs for pulling and offering.
We're doing a bit ressource planning at the moment :)
Good luck with that :-)
Thanks,
Ralph _______________________________________________ CentOS-mirror mailing list CentOS-mirror@centos.org http://lists.centos.org/mailman/listinfo/centos-mirror
Lucian
Well, we (ftp.usf.edu) pull via IPv6 when we can, but offer services via IPv4 if that counts. (And we do and want to continue to carry the DVDs.)
-- Toivo Voll University of South Florida Information Technology Communications
-----Original Message----- From: centos-mirror-bounces@centos.org [mailto:centos-mirror-bounces@centos.org] On Behalf Of Ralph Angenendt Sent: Thursday, March 25, 2010 5:42 PM To: centos-mirror@centos.org Subject: [CentOS-mirror] POLL: DVDs and access lists ...
Hi all you mirror people out there,
today I'd like to present a small poll to you, a questionnaire if you like.
a) Which mirror does *NOT* want to carry the DVD isos? b) Who of you pull with machines where the IP address is different from the host from where you offer the mirror? Which IP address pulls for which mirror if your addresses differ?
Please only answer if you do *NOT* want to carry the DVD isos or when you have different IPs for pulling and offering.
We're doing a bit ressource planning at the moment :)
Thanks,
Ralph _______________________________________________ CentOS-mirror mailing list CentOS-mirror@centos.org http://lists.centos.org/mailman/listinfo/centos-mirror
On Thu, Mar 25, 2010 at 10:42 PM, Ralph Angenendt ralph.angenendt@gmail.com wrote:
Hi all you mirror people out there,
today I'd like to present a small poll to you, a questionnaire if you like.
a) Which mirror does *NOT* want to carry the DVD isos?
Only one mirror does not want to but would - not bad, that was what I wanted to hear ...
b) Who of you pull with machines where the IP address is different from the host from where you offer the mirror? Which IP address pulls for which mirror if your addresses differ?
Those weren't that many either.
In your opinion, would you rather go with password based acls or with ip based acls?
If there's not that many mirrors which don't pull from the IP they are serving from, the ip based acls can be calculated "on the fly" with one more field in the database for machines which have a different puller.
Password based ACLs on the other hand could break older, non-maintained, but working setups - but they are easier to implement and less error prone.
Opinions?
Ralph
On Thu, 8 Apr 2010, Ralph Angenendt wrote:
a) Which mirror does *NOT* want to carry the DVD isos?
Only one mirror does not want to but would - not bad, that was what I wanted to hear ...
A poll asking to hear only negative responses may be way off because some people just didn't read it, so not responding doesn't really mean anything.
That said, I'd like the DVD isos for our mirror.
Password based ACLs on the other hand could break older, non-maintained, but working setups - but they are easier to implement and less error prone.
Also easier to leak (hey, what's your mirror's centos rsync passwd? We want access too.) and abuse.
---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
Yes, I missed the "poll" entirely....
We already carry the DVD ISO's however so maybe we just didn't pay attention ;) Definitely IP based though makes much more sense to me....
Cheers,
Paul
-----Original Message----- From: centos-mirror-bounces@centos.org [mailto:centos-mirror-bounces@centos.org] On Behalf Of Jon Lewis Sent: Thursday, April 08, 2010 8:46 AM To: Mailing list for CentOS mirrors. Subject: Re: [CentOS-mirror] POLL: DVDs and access lists ...
On Thu, 8 Apr 2010, Ralph Angenendt wrote:
a) Which mirror does *NOT* want to carry the DVD isos?
Only one mirror does not want to but would - not bad, that was what I wanted to hear ...
A poll asking to hear only negative responses may be way off because some people just didn't read it, so not responding doesn't really mean anything.
That said, I'd like the DVD isos for our mirror.
Password based ACLs on the other hand could break older, non-maintained, but working setups - but they are easier to implement and less error prone.
Also easier to leak (hey, what's your mirror's centos rsync passwd? We want access too.) and abuse.
---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ _______________________________________________ CentOS-mirror mailing list CentOS-mirror@centos.org http://lists.centos.org/mailman/listinfo/centos-mirror
In your opinion, would you rather go with password based acls or with ip based acls?
If there's not that many mirrors which don't pull from the IP they are serving from, the ip based acls can be calculated "on the fly" with one more field in the database for machines which have a different puller.
Password based ACLs on the other hand could break older, non-maintained, but working setups - but they are easier to implement and less error prone.
Opinions?
Ralph _______________________________________________ CentOS-mirror mailing list CentOS-mirror@centos.org http://lists.centos.org/mailman/listinfo/centos-mirror
We would prefer password based, just for the case when the mirror machine needs to change address for some reason (like keeping two instances in sync while migrating to new hardware).
But to be honest it does not matter that much to me, and as Jon mentioned already it caries the higher risk of leakage.
One could of course use both (with individual passwords), at least for a while, if someone feels strongly for one or the other way...
Regards, Emil
a) Which mirror does *NOT* want to carry the DVD isos?
Only one mirror does not want to but would - not bad, that was what I wanted to hear ...
I would think it would be more straight forward for mirror admins to exclude the DVDs from their pull if needed than to have a second rsync config to pull DVDs separately. Only concern I'd have is potential for lost mirrors due to uninformed admins dealing with blowback from sudden traffic and storage increases.
b) Who of you pull with machines where the IP address is different from the host from where you offer the mirror? Which IP address pulls for which mirror if your addresses differ?
Those weren't that many either.
In your opinion, would you rather go with password based acls or with ip based acls?
Also, agree with Jon that password could lead to leaks and abuse (and drift, and confusion and admin headaches for CentOS, etc..) I'd rather go with IP based acls, but I pull and serve from the same IP. ;)
Matt Ruzicka Sr. Systems Engineer mruzicka@cisp.com www.cisp.com www.yocolo.com
I'd be more for IP based acls.
On Thu, Apr 8, 2010 at 7:23 AM, Ralph Angenendt ralph.angenendt@gmail.com wrote:
On Thu, Mar 25, 2010 at 10:42 PM, Ralph Angenendt ralph.angenendt@gmail.com wrote:
Hi all you mirror people out there,
today I'd like to present a small poll to you, a questionnaire if you like.
a) Which mirror does *NOT* want to carry the DVD isos?
Only one mirror does not want to but would - not bad, that was what I wanted to hear ...
b) Who of you pull with machines where the IP address is different from the host from where you offer the mirror? Which IP address pulls for which mirror if your addresses differ?
Those weren't that many either.
In your opinion, would you rather go with password based acls or with ip based acls?
If there's not that many mirrors which don't pull from the IP they are serving from, the ip based acls can be calculated "on the fly" with one more field in the database for machines which have a different puller.
Password based ACLs on the other hand could break older, non-maintained, but working setups - but they are easier to implement and less error prone.
Opinions?
Ralph _______________________________________________ CentOS-mirror mailing list CentOS-mirror@centos.org http://lists.centos.org/mailman/listinfo/centos-mirror
Same here.
-----Original Message----- From: centos-mirror-bounces@centos.org [mailto:centos-mirror-bounces@centos.org] On Behalf Of Bob Bownes Sent: donderdag, 08 april, 2010 16:58 To: Mailing list for CentOS mirrors. Subject: Re: [CentOS-mirror] POLL: DVDs and access lists ...
I'd be more for IP based acls.
On Thu, Apr 8, 2010 at 7:23 AM, Ralph Angenendt ralph.angenendt@gmail.com wrote:
On Thu, Mar 25, 2010 at 10:42 PM, Ralph Angenendt ralph.angenendt@gmail.com wrote:
Hi all you mirror people out there,
today I'd like to present a small poll to you, a questionnaire if you like.
a) Which mirror does *NOT* want to carry the DVD isos?
Only one mirror does not want to but would - not bad, that was what I wanted to hear ...
b) Who of you pull with machines where the IP address is different from the host from where you offer the mirror? Which IP address pulls for which mirror if your addresses differ?
Those weren't that many either.
In your opinion, would you rather go with password based acls or with ip based acls?
If there's not that many mirrors which don't pull from the IP they are serving from, the ip based acls can be calculated "on the fly" with one more field in the database for machines which have a different puller.
Password based ACLs on the other hand could break older, non-maintained, but working setups - but they are easier to implement and less error prone.
Opinions?
Ralph _______________________________________________ CentOS-mirror mailing list CentOS-mirror@centos.org http://lists.centos.org/mailman/listinfo/centos-mirror
_______________________________________________ CentOS-mirror mailing list CentOS-mirror@centos.org http://lists.centos.org/mailman/listinfo/centos-mirror
On 04/08/2010 07:23 AM, Ralph Angenendt wrote:
On Thu, Mar 25, 2010 at 10:42 PM, Ralph Angenendt ralph.angenendt@gmail.com wrote:
Hi all you mirror people out there,
today I'd like to present a small poll to you, a questionnaire if you like.
a) Which mirror does *NOT* want to carry the DVD isos?
Only one mirror does not want to but would - not bad, that was what I wanted to hear ...
b) Who of you pull with machines where the IP address is different from the host from where you offer the mirror? Which IP address pulls for which mirror if your addresses differ?
Those weren't that many either.
In your opinion, would you rather go with password based acls or with ip based acls?
If there's not that many mirrors which don't pull from the IP they are serving from, the ip based acls can be calculated "on the fly" with one more field in the database for machines which have a different puller.
Password based ACLs on the other hand could break older, non-maintained, but working setups - but they are easier to implement and less error prone.
We would prefer IP-based ACLs.
Opinions?
Ralph _______________________________________________ CentOS-mirror mailing list CentOS-mirror@centos.org http://lists.centos.org/mailman/listinfo/centos-mirror
In your opinion, would you rather go with password based acls or with ip based acls?
Opinions?
As a mirror that pulls from a different IP than content is served from, I would prefer password based ACLs. I believe this would allow more flexibility, and less ongoing management for the CentOS team. While abuse is possible, I would hope we are all professional enough not to leak our authentication information. Initial abuse could result in a warning and password change, with continued abuse removing the offending mirror sites privileges.
-Jonathan
Jonathan Thurman Senior Communications Engineer Northwest Regional ESD
On 2010-04-08 06:23, Ralph Angenendt wrote:
On Thu, Mar 25, 2010 at 10:42 PM, Ralph Angenendt ralph.angenendt@gmail.com wrote:
Hi all you mirror people out there,
today I'd like to present a small poll to you, a questionnaire if you like.
a) Which mirror does *NOT* want to carry the DVD isos?
Only one mirror does not want to but would - not bad, that was what I wanted to hear ...
b) Who of you pull with machines where the IP address is different from the host from where you offer the mirror? Which IP address pulls for which mirror if your addresses differ?
Those weren't that many either.
I didn't bother responding to the earlier poll, since the defaults were appropriate for us. (I.e. we carry the DVD isos, and have one IP address.)
In your opinion, would you rather go with password based acls or with ip based acls?
We would prefer to stick with IP-based ACL's, as this would require no change at our end.
If there's not that many mirrors which don't pull from the IP they are serving from, the ip based acls can be calculated "on the fly" with one more field in the database for machines which have a different puller.
Password based ACLs on the other hand could break older, non-maintained, but working setups - but they are easier to implement and less error prone.
Or also older, maintained and working setups where the owners are either too busy to make changes or don't want to fix what ain't broke! :)
But seriously, if you do decide to implement password-based ACL's (as some seem to prefer), could this be done as an optional alternative to IP-based, for those where IP-based isn't practical? That way, the silent majority could just stick with the status quo, while those that want something different have that option.
On Thu, Apr 8, 2010 at 5:41 PM, Gilbert E. Detillieux gedetil@cs.umanitoba.ca wrote:
But seriously, if you do decide to implement password-based ACL's (as some seem to prefer), could this be done as an optional alternative to IP-based, for those where IP-based isn't practical? That way, the silent majority could just stick with the status quo, while those that want something different have that option.
Yeah, I guess that needs some thinking over. Maybe pw based acls for the new mirrors and those who want them ... As said, for most mirrors we should be able to calculate the ips from the database of mirrors we have.
Regarding abuse: Well, what do you really gain from knowing the password? It's more or less a traffic protection for the internal mirror network, if dvd goes to everyone.
Keep on discussing if you want to :)
Cheers,
Ralph
-
Alex Dodson -
Bob Bownes -
Douglas Kuntz -
Emil -
Gilbert E. Detillieux -
J.H. -
James A. Peltier -
Jess Cannata -
Jim Kusznir -
Jon Lewis -
Jonathan Thurman -
LeaseWeb Mailinglists -
lucian@chml.ro -
Matt Ruzicka -
Paul Stewart -
Ralph Angenendt -
Shaun Ewing -
Silio d' Angelo -
Tom.Rueger@uni-bayreuth.de -
Voll, Toivo