[CentOS] cr repo and firewalling

Tue Jan 15 22:55:43 UTC 2013
Johnny Hughes <johnny at centos.org>

On 01/15/2013 02:58 PM, Markus Falb wrote:
> Hi,
> I find myself in a complicated situation and would like to ask the
> oracle (choke!) for help. I would like to install the packages from
> the continuous release repo and the yum config for this repo says
> baseurl=http://mirror.centos.org/centos/$releasever/cr/$basearch/
> well, I definitely do not want to allow worldwide outgoing http so I
> try to find the IPs
> # host mirror.centos.org
> mirror.centos.org has address
> but! wait...
> # host mirror.centos.org
> mirror.centos.org has address
> dns round robin is not very helpful for me doing firewall rules.
> How would you solve this yum and firewall thing?

mirror.centos.org is very dynamic ... not just round robin.

We add and remove machines from that name all the time and it picks a
location based on GeoIP of the requester.

As you can imagine, with millions of machines using that name to get
updates it needs to be more than one server ... and normally we have
somewhere between 25 and 40 servers that can answer as mirror.centos.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20130115/dc0badc2/attachment-0004.sig>