> On 05/19/2010 06:08 PM, Jonathan Thurman wrote: > > I don't think that the msync pool should be wide open for anyone to > access. Those that are hosting public mirrors of content should have a > pool that they can sync to that is restricted, or at least have > priority over unknown users. Otherwise it could be more difficult for > the public mirror system to stay up to date. > > Yeah, thats the main thing - being able to get the rsync tree's out to > the public mirrors asap, while still having enough resources within > .centos.org. > > So here is a question for you - as a mirror admin, would you host an > rsync target that msync.c.o could push into ? It could be ether based > on a user/pass acl or a key. And we would give you a list of ip's that > will push to your machine. I personally would consider push, but there are some major concerns that would have to be addressed. Our environment doesn't lend itself to this as our mirror is really a load balanced cluster with a node that is designated for syncing. Of course with a little work, the push traffic could be sent to that node. The major issue with Push is control. When I am pulling updates, I set the times that the pull happens. I can schedule the updates during known low-bandwidth times of the day. I can also specifically exclude things that I don't want to host (I don't, but I could). I also see this as more work for the msync maintainers. I do like the idea of key based syncing. I use keys frequently for automation, and find it easier and more secure than maintaining lists of IPs. So msync.centos.org creates a single account for the public mirrors to sync with, and each public mirror provides a key. Just append all of the keys to the authorized_keys file and sync that between the msync servers. When a mirror is added/removed, update the file once and have it sync automatically. No more IP ACLs to worry about, because no one really cares what IP I sync from. -Jonathan