Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#16441 - {mirror} Request for mirror access / inclusion

Attached to Project: Arch Linux
Opened by John 'Warthog9' Hawley (warthog9) - Saturday, 03 October 2009, 02:37 GMT
Last edited by Roman Kyrylych (Romashka) - Tuesday, 06 October 2009, 08:51 GMT
Task Type Feature Request
Category Web Sites
Status Closed
Assigned To Aaron Griffin (phrakture)
Roman Kyrylych (Romashka)
Dan McGee (toofishes)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No

Details

This, while seemingly a simple request is going to be a bit complicated. Specifically we have gotten enough interest / requests that kernel.org is now interested in becoming a mirror for Archlinux. I've done an initial sync from outside of the official mirroring system but would like to switch over to the official rsync as soon as possible.

While I said this would be a seemingly simple request, the kernel.org infrastructure has a tendency to cause some confusion and head scratching in how to handle it from a mirror perspective.

mirror domain:
Primary:
mirrors.kernel.org <-- This is our primary interface, we have a tendency to
prefer using this as it will engage geodns and route a
user to a machine, or a round robin of machines that is theoretically closest to them

GeoDNS Overrides:
mirrors.us.kernel.org <-- Round Robin of machines in North America
mirrors.eu.kernel.org <-- Round Robin of machines in Europe
mirrors.se.eu.kernel.org <-- Mirror machines in Sweden
mirrors.nl.eu.kernel.org <-- Mirror machines in Amsterdam

Geographical Location of the mirror:
See Above, we are 'complicated'

Supported access methods:
http: http://mirrors.kernel.org/archlinux/
ftp: ftp://mirrors.kernel.org/archlinux/
rsync: rsync://mirrors.kernel.org/archlinux/

IP:
I would actually *GREATLY* appreciate being issued a username/password combo for rsync as opposed to doing this on an IP basis. This makes life for everyone easier, particularly since I have a whole slew of machines to manage, a number of ip spaces and the looming need to change at least one of them within the next year.

Administrative contact e-mail:
ftpadmin@kernel.org

Administrative irc channel: Linuxnet #korg

I personally can be found on most of the normal irc networks as warthog9.

We sync once an hour, from all four machines. We have a total outgoing bandwidth of 4gbps (worldwide) currently (this will be changing within the next year I believe). We are also quite happy and capable of acting as a "tier 1" style mirror, and allowing protected 3rd party access to the archive, and we have a general goal of mirroring all of a distributions available content, both current and archive (http://archive.kernel.org for examples). General inclusion will eventually get you set up on http://boot.kernel.org as well as the normal mirroring.
This task depends upon

Closed by  Roman Kyrylych (Romashka)
Tuesday, 06 October 2009, 08:51 GMT
Reason for closing:  Implemented
Comment by eliott (cactus) - Saturday, 03 October 2009, 21:05 GMT
Oooh. Sounds awesome.
Thanks kernel.org!
Comment by Roman Kyrylych (Romashka) - Saturday, 03 October 2009, 21:21 GMT
Please also add a link to the mirror and info about Arch Linux to http://mirrors.kernel.org/archlinux/
Comment by John 'Warthog9' Hawley (warthog9) - Sunday, 04 October 2009, 01:08 GMT
Roman: I'm reluctant to add the information to mirrors.kernel.org until I've got this setup as a proper official mirror. I also don't have the rsync modules quite setup either, those won't take long but I'm again waiting for the official status.

eliott: glad I could be of service :-)
Comment by Thomas Bächler (brain0) - Sunday, 04 October 2009, 11:52 GMT
Considering the advantages we had if we were on the kernel.org mirrors, I say we do what we need to do to get this set up.
Comment by Aaron Griffin (phrakture) - Monday, 05 October 2009, 21:58 GMT
Yes, this is definitely a good thing, and we will gladly take you up on the offer to be a tier 1 mirror.

So, I'll get this setup sometime today, I believe.

Regarding the password based access, do you happen to know a way to selectively turn this on? It's going to be a big hassle for all our mirrors if we have to switch to a username/password system. What is wrong with ip-based whitelisting? Note that I'm asking because I'm curious. I'm not an admin-y type :)
Comment by Aaron Griffin (phrakture) - Monday, 05 October 2009, 22:32 GMT
Ok, looks like we can shut off the host based whitelist on a per-module basis.

I added an "ftp_auth" module that accepts user/password authentication. John, I will email you the info and get the rest of this setup in our DB in a sec.
Comment by Aaron Griffin (phrakture) - Monday, 05 October 2009, 22:43 GMT
@Dan: I added this to the mirror list under the "Any" country so that it sorts first.

Added to the DB, all should be good now
Comment by John 'Warthog9' Hawley (warthog9) - Monday, 05 October 2009, 23:13 GMT
The advantage of using a username/password combo is two fold

1) The usernames & passwords can live in a separate file from the primary rsync configuration which makes it a lot easier to automate the creation and management of those

2) It means that a mirror can shift IPs, change machines (add, subtract, change hardware), change names, etc without having to get the upstream admins involved.

In the end it gives the mirror a bit more flexibility, and should generally save the upstream a little bit of a headache. And with kernel.org having, currently, 4 different incoming IPs we can easily collapse ourselves down to looking like a single entity vs. 4 separate entities.

For mirrors of kernel.org content (like the t2 mirrors or the mirrors of www.kernel.org/pub) we use a username/password combo just to make things simple for us and as you found out the hosts / auth users are on a per module basis so it's reasonably simple to support both mechanisms (just use a different module for each authentication type)
Comment by John 'Warthog9' Hawley (warthog9) - Monday, 05 October 2009, 23:19 GMT
Also to note I've got rsync setup and working now as well:

rsync://mirrors.kernel.org/archlinux/
Comment by Thomas Bächler (brain0) - Monday, 05 October 2009, 23:33 GMT
The ftp_auth module has: exclude = /archive/ /other/ /sources/

Is this really what we want? I think we should at least include other.
Comment by John 'Warthog9' Hawley (warthog9) - Monday, 05 October 2009, 23:36 GMT
I know from my perspective I'd love to be able to get at all of the content. I'm fine with breaking things up, like putting the archive content only on archive.kernel.org but I'm willing, happy and actively seeking to mirror all of the content that I can from a distribution.
Comment by Thomas Bächler (brain0) - Monday, 05 October 2009, 23:39 GMT
There seems to be a "kitchensink_auth" module as well, which includes everything. Syncing /archive/ will probably take forever though due to our small bandwidth.
Comment by John 'Warthog9' Hawley (warthog9) - Monday, 05 October 2009, 23:48 GMT
There is the upside that once I have the content, you gain a lot of bandwidth :-)
Comment by John 'Warthog9' Hawley (warthog9) - Tuesday, 06 October 2009, 00:28 GMT
Ok I'm flipped over to using the official rsync now. It's running a resync on two of the machines, and the other two are syncing up archive. I'm going to add a note / link on mirrors.kernel.org now. I believe you guys are now officially mirrored by kernel.org :-)
Comment by John 'Warthog9' Hawley (warthog9) - Tuesday, 06 October 2009, 00:57 GMT
As a side note, let us know if there is ever anything we can help with, you've got our contact information and all of that. I don't know if you guys have a mailing list for the mirrors to stay informed or what not but is there a good place to sign up so that we can monitor what's going on?
Comment by Thomas Bächler (brain0) - Tuesday, 06 October 2009, 07:32 GMT
There is no such list right now, there might be one in the future though.

Loading...