From Fedora Project Wiki
< Infrastructure | Mirroring
m (→Master Mirror rsync modules: Missing / and )) |
(Minor cleanups, add the note about Tier 2 mirrors) |
||
| Line 17: | Line 17: | ||
* Must have an active, available, responsive mirror administrator during the days content is staged. | * Must have an active, available, responsive mirror administrator during the days content is staged. | ||
* Must have at least 2 Internet2-connected Tier 1 mirrors. | * Must have at least 2 Internet2-connected Tier 1 mirrors. | ||
* Must have at least 1 Tier 1 mirror on each continent for which we have Tier 2 mirrors | * Must have at least 1 Tier 1 mirror on each continent for which we have Tier 2 mirrors. | ||
* Must serve private rsync (see below for configuration) | * Must serve private rsync (see below for configuration). | ||
== Master mirrors == | |||
* dl0[123].fedoraproject.org, in Phoenix, AZ, USA. | * dl0[123].fedoraproject.org, in Phoenix, AZ, USA. | ||
* dl0[45].fedoraproject.org, in Phoenix, AZ, USA - tier1 mirrors only. | * dl0[45].fedoraproject.org, in Phoenix, AZ, USA - tier1 mirrors only. | ||
| Line 26: | Line 27: | ||
** dl-tier1.fedoraproject.org is a DNS round-robin for dl0[45]. | ** dl-tier1.fedoraproject.org is a DNS round-robin for dl0[45]. | ||
== Master | == Master mirror rsync modules == | ||
The master mirrors provide two additional rsync modules which provide pre-bitflip content. Fedora tiered mirrors should use these modules to be able to get pre-bitflip content. | The master mirrors provide two additional rsync modules which provide pre-bitflip content. Fedora tiered mirrors should use these modules to be able to get pre-bitflip content. | ||
| Line 40: | Line 42: | ||
|} | |} | ||
== Tier 1 | == Tier 1 mirrors == | ||
Tier 1 mirrors pull from one of the master mirrors. | Tier 1 mirrors pull from one of the master mirrors. | ||
| Line 73: | Line 75: | ||
|} | |} | ||
== Tier 1 | == Tier 1 rsync configuration == | ||
Below is an example rsyncd.conf file for a Tier 1 mirror that provides private rsync access to select downstream Tier 2 mirrors. You may do this via either IP or DNS-based access control, or by a shared username/password which you give to your selected Tier 2 mirrors directly. | Below is an example rsyncd.conf file for a Tier 1 mirror that provides private rsync access to select downstream Tier 2 mirrors. You may do this via either IP or DNS-based access control, or by a shared username/password which you give to your selected Tier 2 mirrors directly. | ||
The key to this is that the Tier 1 mirror rsyncs content using a user account (e.g. ''mirror'' used below), and you serve content to Tier 2 mirrors using a private rsync module that runs as that same user account, while providing public non-authenticated rsync using the ''nobody'' account. In this way, Tier 2 mirrors may obtain content before the permissions are made world readable. | The key to this is that the Tier 1 mirror rsyncs content using a user account (e.g. ''mirror'' used below), and you serve content to Tier 2 mirrors using a private rsync module that runs as that same user account, while providing public non-authenticated rsync using the ''nobody'' account. In this way, Tier 2 mirrors may obtain content before the permissions are made world readable. | ||
<pre> | <pre> | ||
| Line 118: | Line 120: | ||
hosts allow = (IP or DNS address) ... | hosts allow = (IP or DNS address) ... | ||
</pre> | </pre> | ||
== Tier 2 mirrors == | |||
The number of mirrors is too large to list them here; you can find them in the [https://mirrors.fedoraproject.org/ MirrorManager]. | |||
[[Category:Infrastructure]] | [[Category:Infrastructure]] | ||
Revision as of 12:29, 5 October 2017
Tiering
Fedora mirror servers use Tiering, whereby a select few fast mirrors get read access to the master rsync servers, and all the other mirrors pull from those mirrors.
For our purposes, define:
- master: The Fedora-owned servers dl.fedoraproject.org
- Tier 1: The fast mirrors which pull from a master mirror.
- Tier 2: The mirrors that pull from the Tier 1 servers.
Properties of Tier 1 mirrors:
- Limit the number of Tier 1 mirrors, to ensure adequate bandwidth for these. Adjust number up or down depending on capability of the masters.
- Must carry everything under fedora-enchilada and fedora-epel. This allows Tier 2 mirrors to exclude what they wish, but get everything if they so wish. This means at least 1TB of disk space for the Fedora portion of this server.
- Must have a 1 Gigabit connection to the Internet, or faster.
- Must have an active, available, responsive mirror administrator during the days content is staged.
- Must have at least 2 Internet2-connected Tier 1 mirrors.
- Must have at least 1 Tier 1 mirror on each continent for which we have Tier 2 mirrors.
- Must serve private rsync (see below for configuration).
Master mirrors
- dl0[123].fedoraproject.org, in Phoenix, AZ, USA.
- dl0[45].fedoraproject.org, in Phoenix, AZ, USA - tier1 mirrors only.
- dl.fedoraproject.org is a DNS round-robin to dl0[123].
- dl-tier1.fedoraproject.org is a DNS round-robin for dl0[45].
Master mirror rsync modules
The master mirrors provide two additional rsync modules which provide pre-bitflip content. Fedora tiered mirrors should use these modules to be able to get pre-bitflip content.
| Module name | Content |
|---|---|
| fedora-buffet0 | Everything under /pub/, including pre-bitflip content |
| fedora-enchilada0 | Everything under /pub/fedora/, including pre-bitflip content |
| fedora-epel0 | Everything under /pub/epel/, including pre-bitflip content (even though EPEL doesn't do bitflips) |
Tier 1 mirrors
Tier 1 mirrors pull from one of the master mirrors.
| Server | Organization | Comment | Contact for ACL |
|---|---|---|---|
| archive.linux.duke.edu | Duke University | fedora-enchilada and fedora-epel, Internet2, uses ACL from MirrorManager database, IPv4, US East Coast | Drew Stinnett <drew.stinnett at duke.edu> (spacepope on IRC) |
| mirrors.kernel.org | Linux Kernel Organization | fedora-enchilada and fedora-epel, IPv4, US West Coast | ftpadmin at kernel.org |
| wpi.edu | Worcester Polytechnic Institute | IPv6-connected or Internet2-connected mirrors only, US East Coast | Chuck Anderson <cra at wpi.edu> |
| rsync.hrz.tu-chemnitz.de | Technische Universität Chemnitz | fedora-enchilada and fedora-epel, uses ACL from MirrorManager database, IPv4, Germany | guenther.fischer at hrz.tu-chemnitz.de |
| fedora-rsync.ftp.pub.2iij.net | Internet Initiative Japan | fedora-enchilada and fedora-epel, IPv4, Japan | mirror-contact at iij.ad.jp |
| ftp.heanet.ie | HEAnet | fedora-buffet, fedora-enchilada, and fedora-epel, IPv6 and Internet2 connectivity, Ireland | mirrors at heanet.ie |
| mirror.speedpartner.de | SpeedPartner | IPv4 and IPv6, Germany | mirror at speedpartner.de |
| fedora.c3sl.ufpr.br | Universidade Federal do Paraná | IPv4 and IPv6, South America | Carlos Carvalho <carlos at fisica.ufpr.br> |
| ftp.linux.cz | CZLUG | IPv4 and IPv6, Czech Republic | ftp-admin at fi.muni.cz |
| mirror.gtlib.gatech.edu | Georgia Tech | fedora-enchilada and fedora-epel, IPv4 and IPv6, US East Coast | Neil Bright <neil.bright at oit.gatech.edu> |
| mirrors.rit.edu | Rochester Institute of Technology | fedora-buffet, fedora-enchilada, and fedora-epel, IPv4 and IPv6, US East Coast | mirrors at rit.edu |
| mirror.liquidtelecom.com | Liquid Telecom | fedora-buffet, fedora-enchilada, and fedora-epel, IPv4 and IPv6, East Africa Datacenter, Nairobi, Kenya | anthony.somerset at liquidtelecom.com |
Tier 1 rsync configuration
Below is an example rsyncd.conf file for a Tier 1 mirror that provides private rsync access to select downstream Tier 2 mirrors. You may do this via either IP or DNS-based access control, or by a shared username/password which you give to your selected Tier 2 mirrors directly.
The key to this is that the Tier 1 mirror rsyncs content using a user account (e.g. mirror used below), and you serve content to Tier 2 mirrors using a private rsync module that runs as that same user account, while providing public non-authenticated rsync using the nobody account. In this way, Tier 2 mirrors may obtain content before the permissions are made world readable.
use chroot = yes
uid = nobody
gid = nobody
dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.bz2 *.iso *.ogg *.ogv *.tbz
exclude = .snapshot/ .~tmp~/ /.private/ /.private/** **/.nfs*
ignore nonreadable = yes
list = true
read only = yes
refuse options = checksum
[ fedora-enchilada ]
comment = Fedora - The whole enchilada
path = /srv/pub/fedora
[ fedora-epel ]
comment = Extra Packages for Enterprise Linux
path = /srv/pub/epel
##
## The following are not seen and are limited by IP.
##
[fedora-enchilada0]
comment = Fedora Enchilada for Tier0|1 Mirrors
path = /srv/pub/fedora/
list = no
uid = mirror
gid = mirror
hosts allow = (IP or DNS address) ...
[fedora-epel0]
comment = Fedora EPEL for Tier0|1 Mirrors
path = /srv/pub/epel/
list = no
uid = mirror
gid = mirror
hosts allow = (IP or DNS address) ...
Tier 2 mirrors
The number of mirrors is too large to list them here; you can find them in the MirrorManager.