Setting up a push server consists of two basic tasks: setting up rsync
access (for normal, pull
mirroring) and setting up ssh trigger mechanism
(for pushing
the pull mirroring).
(For more information on what a push server is, please read the explanation of push mirroring.)
Install rsync 2.1.1 or greater. If your site is running
Debian, just install the latest
rsync package.
Create rsyncd.conf file and put something similar to this
in it:
uid = nobody gid = nogroup max connections = 25 socket options = SO_KEEPALIVE [debian] path = /srv/debian/mirror comment = The Debian Archive (~250 GB) auth users = authorized_account1,authorized_account2,authorized_accountN read only = true secrets file = /etc/rsyncd/debian.secrets
Add an entry for each site you are pushing to in the
/etc/rsyncd/debian.secrets file:
authorized_account1:a_password authorized_account2:another_password authorized_accountN:password
You have now given the downstream mirrors access to the archive on your machine.
You will probably want to start the rsync daemon from inetd. To do this,
you have to add rsync service in /etc/services file (if it
isn't already there), like this:
rsync 873/tcp
To enable the daemon from inetd, add the following to your
/etc/inetd.conf file:
rsync stream tcp nowait root /usr/bin/rsync rsyncd --daemon
(Remember to send inetd an HUP signal to tell it to reread its config file after modifying the file.)
Create a new ssh key for the account that you use to mirror Debian. Make sure you don't overwrite your original ssh key by using the -f option, for example:
ssh-keygen -f ~/.ssh/identity.mysite
Make sure that the new public key (~/.ssh/identity.mysite.pub) contains this at the beginning, with IPADDRESS being the IP of your upstream mirror:
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="~/bin/ftpsync,,from="IPADDRESS" &"
You need to set up a script that will contact the downstream mirrors.
Create a file called signal, containing this:
#!/bin/sh # This script is called to signal the remote host that it is time to # mirror the archive. echo Signalling $1 ssh -o"BatchMode yes" -o"user $2" "$1" -i $HOME/.ssh/identity.mysite sleep 1
This script will login to a remote host using the special ssh key you
created above, provided that each downstream mirror operator adds that
key to their own ~/.ssh/authorized_keys (also replacing ftpsync
with
whatever their command to start the mirroring is called).
The script itself will not do anything useful remotely, the single command
will be run as specified by the key setting.
To actually signal the mirrors, you need to run ./signal
<site> <username> after your own rsyncing is done.
Thus, as soon as your site is finished mirroring from your upstream site,
you will start pushing to those downstream from you.
You can place these commands either at the end of your
ftpsync.conf, or if it's more convenient for you, in a new
script, and then run that script from anonftpsync, for example:
#!/bin/sh # This script is called by websync to signal the downstream mirrors. ./signal some.other.site archvsync ./signal and.another.site othersiteaccount
If you have any trouble with this, contact us.