From Fedora Project Wiki
(→‎Tier 1 Mirrors: Separate organization and comments, note which mirrors offer the buffet module)
Line 46: Line 46:
{| border="1"
{| border="1"
|-
|-
| Server || Comment || Contact for ACL
! Server || Organization || Comment || Contact for ACL
|-
|-
| archive.linux.duke.edu ||Internet2.  Uses ACL from MirrorManager database. || Drew Stinnett <drew.stinnett at duke.edu> (spacepope on IRC)  
| archive.linux.duke.edu || Duke University || fedora-enchilada and fedora-epel, Internet2, uses ACL from [https://admin.fedoraproject.org/mirrormanager MirrorManager database], IPv4, US East Coast || Drew Stinnett <drew.stinnett at duke.edu> (spacepope on IRC)  
|-
|-
| mirrors.kernel.org || IPv4, US West Coast || <ftpadmin at kernel.org>
| mirrors.kernel.org || Linux Kernel Organization || fedora-enchilada and fedora-epel, IPv4, US West Coast || ftpadmin at kernel.org
|-
|-
| wpi.edu || IPv6-connected or Internet2-connected mirrors only || Chuck Anderson <cra at wpi.edu>
| wpi.edu || Worcester Polytechnic Institute || IPv6-connected or Internet2-connected mirrors only, US East Coast || Chuck Anderson <cra at wpi.edu>
|-
|-
| rsync.hrz.tu-chemnitz.de || rsync.hrz.tu-chemnitz.de::fedora-enchilada/.  Uses ACL from [https://admin.fedoraproject.org/mirrormanager MirrorManager database] . || guenther.fischer at hrz.tu-chemnitz.de
| rsync.hrz.tu-chemnitz.de || Technische Universität Chemnitz || fedora-enchilada and fedora-epel, uses ACL from [https://admin.fedoraproject.org/mirrormanager MirrorManager database], IPv4, Germany || guenther.fischer at hrz.tu-chemnitz.de
|-
|-
| fedora-rsync.ftp.pub.2iij.net || rsync://fedora-rsync.ftp.pub.2iij.net/fedora-enchilada || mirror-contact at iij.ad.jp
| fedora-rsync.ftp.pub.2iij.net || Internet Initiative Japan || fedora-enchilada and fedora-epel, IPv4, Japan || mirror-contact at iij.ad.jp
|-
|-
| ftp.heanet.ie || IPv6 and Internet2 connectivity. ftp.heanet.ie::fedora-enchilada, ftp.heanet.ie::fedora-epel || mirrors at heanet.ie
| ftp.heanet.ie || HEAnet || fedora-buffet, fedora-enchilada, and fedora-epel, IPv6 and Internet2 connectivity, Ireland || mirrors at heanet.ie
|-
|-
| mirror.speedpartner.de || IPv4 and IPv6 || mirror at speedpartner.de
| mirror.speedpartner.de || SpeedPartner || IPv4 and IPv6, Germany || mirror at speedpartner.de
|-
|-
| fedora.c3sl.ufpr.br || South America || Carlos Carvalho carlos at fisica.ufpr.br
| fedora.c3sl.ufpr.br || Universidade Federal do Paraná || IPv4 and IPv6, South America || Carlos Carvalho <carlos at fisica.ufpr.br>
|-
|-
| ftp.linux.cz ||Czech Republic, Europe|| ftp-admin at fi.muni.cz
| ftp.linux.cz || CZLUG || IPv4 and IPv6, Czech Republic || ftp-admin at fi.muni.cz
|-
|-
| mirror.gtlib.gatech.edu || fedora-enchilada and fedora-epel || Neil Bright neil.bright at oit.gatech.edu
| mirror.gtlib.gatech.edu || Georgia Tech || fedora-enchilada and fedora-epel, IPv4 and IPv6, US East Coast || Neil Bright <neil.bright at oit.gatech.edu>
|-
|-
| mirrors.rit.edu || Rochester, NY, USA || mirrors@rit.edu
| mirrors.rit.edu || Rochester Institute of Technology || fedora-buffet, fedora-enchilada, and fedora-epel, IPv4 and IPv6, US East Coast || mirrors at rit.edu
|-
|-
| mirror.liquidtelecom.com || East Africa Datacenter, Nairobi, Kenya IPv4 and IPv6, fedora-enchilada, fedora-epel and fedora-buffet || anthony.somerset at liquidtelecom.com
| mirror.liquidtelecom.com || Liquid Telecom || fedora-buffet, fedora-enchilada, and fedora-epel, IPv4 and IPv6, East Africa Datacenter, Nairobi, Kenya || anthony.somerset at liquidtelecom.com
|}
|}


Revision as of 11:47, 5 October 2017

Tiering

Fedora mirror servers use Tiering, whereby a select few fast mirrors get read access to the master rsync servers, and all the other mirrors pull from those mirrors.

For our purposes, define:

  • master: The Fedora-owned servers dl.fedoraproject.org
  • Tier 1: The fast mirrors which pull from a master mirror.
  • Tier 2: The mirrors that pull from the Tier 1 servers.

Properties of Tier 1 mirrors:

  • Limit the number of Tier 1 mirrors, to ensure adequate bandwidth for these. Adjust number up or down depending on capability of the masters.
  • Must carry everything under fedora-enchilada and fedora-epel. This allows Tier 2 mirrors to exclude what they wish, but get everything if they so wish. This means at least 1TB of disk space for the Fedora portion of this server.
  • Must have a 1 Gigabit connection to the Internet, or faster.
  • Must have an active, available, responsive mirror administrator during the days content is staged.
  • Must have at least 2 Internet2-connected Tier 1 mirrors.
  • Must have at least 1 Tier 1 mirror on each continent for which we have Tier 2 mirrors
  • Must serve private rsync (see below for configuration)

Master Mirrors

  • dl0[123].fedoraproject.org, in Phoenix, AZ, USA.
  • dl0[45].fedoraproject.org, in Phoenix, AZ, USA - tier1 mirrors only.
    • dl.fedoraproject.org is a DNS round-robin to dl0[123].
    • dl-tier1.fedoraproject.org is a DNS round-robin for dl0[45].

Master Mirror rsync modules

The master mirrors provide two additional rsync modules which provide pre-bitflip content. Fedora tiered mirrors should use these modules to be able to get pre-bitflip content.

module name content
fedora-enchilada0 Everything under /pub/fedora/, including pre-bitflip content
fedora-buffet0 Everything under /pub/, including pre-bitflip content
fedora-epel0 Everything under /pub/epel, including pre-bitflip content (even though EPEL doesn't do bitflips

Tier 1 Mirrors

Tier 1 mirrors pull from one of the master mirrors.

Server Organization Comment Contact for ACL
archive.linux.duke.edu Duke University fedora-enchilada and fedora-epel, Internet2, uses ACL from MirrorManager database, IPv4, US East Coast Drew Stinnett <drew.stinnett at duke.edu> (spacepope on IRC)
mirrors.kernel.org Linux Kernel Organization fedora-enchilada and fedora-epel, IPv4, US West Coast ftpadmin at kernel.org
wpi.edu Worcester Polytechnic Institute IPv6-connected or Internet2-connected mirrors only, US East Coast Chuck Anderson <cra at wpi.edu>
rsync.hrz.tu-chemnitz.de Technische Universität Chemnitz fedora-enchilada and fedora-epel, uses ACL from MirrorManager database, IPv4, Germany guenther.fischer at hrz.tu-chemnitz.de
fedora-rsync.ftp.pub.2iij.net Internet Initiative Japan fedora-enchilada and fedora-epel, IPv4, Japan mirror-contact at iij.ad.jp
ftp.heanet.ie HEAnet fedora-buffet, fedora-enchilada, and fedora-epel, IPv6 and Internet2 connectivity, Ireland mirrors at heanet.ie
mirror.speedpartner.de SpeedPartner IPv4 and IPv6, Germany mirror at speedpartner.de
fedora.c3sl.ufpr.br Universidade Federal do Paraná IPv4 and IPv6, South America Carlos Carvalho <carlos at fisica.ufpr.br>
ftp.linux.cz CZLUG IPv4 and IPv6, Czech Republic ftp-admin at fi.muni.cz
mirror.gtlib.gatech.edu Georgia Tech fedora-enchilada and fedora-epel, IPv4 and IPv6, US East Coast Neil Bright <neil.bright at oit.gatech.edu>
mirrors.rit.edu Rochester Institute of Technology fedora-buffet, fedora-enchilada, and fedora-epel, IPv4 and IPv6, US East Coast mirrors at rit.edu
mirror.liquidtelecom.com Liquid Telecom fedora-buffet, fedora-enchilada, and fedora-epel, IPv4 and IPv6, East Africa Datacenter, Nairobi, Kenya anthony.somerset at liquidtelecom.com

Tier 1 Rsync configuration

Below is an example rsyncd.conf file for a Tier 1 mirror that provides private rsync access to select downstream Tier 2 mirrors. You may do this via either IP or DNS-based access control, or by a shared username/password which you give to your selected Tier 2 mirrors directly.

The key to this is that the Tier 1 mirror rsyncs content using a user account (e.g. mirror used below), and you serve content to Tier 2 mirrors using a private rsync module that runs as that same user account, while providing public non-authenticated rsync using the nobody account. In this way, Tier 2 mirrors may obtain content before the permissions are made world readable. 


use chroot = yes
uid = nobody
gid = nobody
dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.bz2 *.iso *.ogg *.ogv *.tbz
exclude = .snapshot/ .~tmp~/ /.private/ /.private/** **/.nfs*
ignore nonreadable = yes
list = true
read only = yes
refuse options = checksum

[ fedora-enchilada ]
        comment = Fedora - The whole enchilada
        path = /srv/pub/fedora

[ fedora-epel ]
        comment = Extra Packages for Enterprise Linux
        path = /srv/pub/epel

##
## The following are not seen and are limited by IP.
##

[fedora-enchilada0]
       comment = Fedora Enchilada for Tier0|1 Mirrors
       path = /srv/pub/fedora/
       list = no
       uid = mirror
       gid = mirror
       hosts allow = (IP or DNS address) ...

[fedora-epel0]
       comment = Fedora EPEL for Tier0|1 Mirrors
       path = /srv/pub/epel/
       list = no
       uid = mirror
       gid = mirror
       hosts allow = (IP or DNS address) ...
Retrieved from "https://fedoraproject.org/w/index.php?title=Infrastructure/Mirroring/Tiering&oldid=502805"