1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
#use wml::debian::template title="Setting up a push server"
#use wml::debian::toc
<p>Setting up a push server consists of two basic tasks: setting up rsync
access (for normal, <q>pull</q> mirroring) and setting up ssh trigger mechanism
(for <q>pushing</q> the pull mirroring).
</p>
<p><small>(For more information on what a push server is, please read
<a href="push_mirroring">the explanation of push mirroring</a>.)</small>
</p>
<toc-display />
<toc-add-entry name="rsync">Setting up rsync</toc-add-entry>
<p>Install <code>rsync</code>. If your site is running Debian, just install the
<a href="https://packages.debian.org/stable/rsync">rsync</a> package.
</p>
<p>Create <code>rsyncd.conf</code> file and put something similar to this
in it:
</p>
<pre>
uid = nobody
gid = nogroup
max connections = 50
socket options = SO_KEEPALIVE
[debian]
path = /srv/debian/mirror
comment = The Debian Archive (https://www.debian.org/mirror/size)
auth users = *
read only = true
secrets file = /etc/rsyncd/debian.secrets
</pre>
<p>Add an entry for each site you are pushing to in the
<code>/etc/rsyncd/debian.secrets</code> file:
</p>
<pre>
site1.example.com:a_password
site2.example.com:another_password
site3.example.net:password
</pre>
<p>You have now given the downstream mirrors access to the archive on your
machine. If you are willing to provide rsync access to everyone, skip
the <code>auth users</code> and <code>secrets file</code> setting in
<code>rsyncd.conf</code>. You don't need a secrets file then either.
</p>
<p>You will probably want to start the rsync daemon from inetd.
To enable the daemon, add the following to your
<code>/etc/inetd.conf</code> file:
</p>
<pre>
rsync stream tcp nowait root /usr/bin/rsync rsyncd --daemon
</pre>
<p>
(Remember to send inetd an HUP signal to tell it to reread its config file
after modifying the file.)
</p>
<toc-add-entry name="sshtrigger">Setting up ssh trigger mechanism</toc-add-entry>
<p>Create a new ssh key for the account that you use to mirror Debian using
<code>ssh-keygen</code>. If your account already has a key for other purposes,
you may want to create a new one and store it in a different file using
<code>ssh-keygen -f ~/.ssh/identity.mysite</code></p>
<p>
Your downstream mirrors will then need to add
</p>
<pre>
command="~/bin/ftpsync",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty <contents of your ~/.ssh/<key>.pub file>
</pre>
<p>
to their <code>~/.ssh/authorized_keys</code> file.
</p>
<p>You need to set up your mirroring process to contact your downstreams when your
mirror-run is finished.
The ftpsync suite contains the script <code>runmirrors</code> which is handling all
needed tasks for you. Simply change your ftpsync.conf to include the setting
<code>HUB=true</code>, copy the <code>runmirrors.conf.sample</code> to
<code>runmirrors.conf</code> and <code>runmirrors.mirror.sample</code> to
<code>runmirrors.mirror</code> and configure the config file to suit your system.
Then list all your downstream mirrors inside runmirrors.mirror and the ftpsync/runmirror
duo will do all the heavy lifting for you.
</p>
<p>The effect will be that your system will try to ssh to your downstream mirrors,
after your own mirror updated, so they can start their own updates. This assumes
you gave your downstream mirror operators the ssh key you told runmirrors to use
and that they added it to their own ~/.ssh/authorized_keys as described above.
</p>
<p>If you have any trouble with this, <a href="mailto:mirrors@debian.org">\
contact us</a>.
</p>
|
