[CentOS-mirror] Average mirror traffic

Fri Sep 25 18:28:07 UTC 2009
David Richardson <david.richardson at utah.edu>

On Fri, 25 Sep 2009, Marten Lehmann wrote:

> Hello,
>
> I am currently rsyncing the CentOS tree to one of our server. We are
> managing a few dozends of CentOS servers, so it surely will speed up
> updates and lead to less wasted bandwidth if we don't update from common
> public repositories any longer, but use an internal server instead, that
> only syncs once with the master server.
>
> Now I'm in doubt wether I should make our own mirror public or not.
>
> The first and main issue are the bandwidth costs. Can you give an
> estimate on how much traffic a typical European/German mirror generates
> per month?
>
> The second issue is, that some kiddies might try to attack and hack our
> mirror to inject changed packages. Do you have statistics on this? Which
> FTP daemon do you recommend for a hardened anonymous-FTP only service?
>
> Btw.: What do I have to change in the yum config on each server to use
> one specific repository server and not the mirrorlist system? Do I just
> have comment the mirrorlist line and uncomment the baseurl?


Since I'm not a German or European mirror, I don't have an answer to your 
bandwidth question.

As to the issue of being attacked, remember that the packages are signed, 
so if someone were to compromise your mirror, the changed package would 
not be signed and would give an error. (If your mirror is compromised, 
your other clients are still safe.)

vsftpd has a good reputation, and is the package provided by Red Hat and 
CentOS (disclaimer: I don't provide FTP service, just http and rsync).

To make your machines go straight to your mirror, yes, 1) comment out the 
mirrorlist, 2) uncomment the baseurl, and 3) change the baseurl to point 
to your mirror.

DR

-- 
David Richardson <david.richardson at utah.edu>
"There are two kinds of statistics: the
kind you look up and the kind you make up."
-- Archie Goodwin, Death of a Doxy