Setting up a push server
Setting up a push server consists of two basic tasks: setting up rsync
access (for normal,
pull mirroring) and setting up ssh trigger mechanism
pushing the pull mirroring).
(For more information on what a push server is, please read the explanation of push mirroring.)
rsync. If your site is running Debian, just install the
rsyncd.conf file and put something similar to this
uid = nobody gid = nogroup max connections = 50 socket options = SO_KEEPALIVE [debian] path = /srv/debian/mirror comment = The Debian Archive (https://www.debian.org/mirror/size) auth users = * read only = true secrets file = /etc/rsyncd/debian.secrets
Add an entry for each site you are pushing to in the
site1.example.com:a_password site2.example.com:another_password site3.example.net:password
You have now given the downstream mirrors access to the archive on your
machine. If you are willing to provide rsync acess to everyone, skip
auth users and
secrets file setting in
rsyncd.conf. You don't need a secrets file then either.
You will probably want to start the rsync daemon from inetd.
To enable the daemon, add the following to your
rsync stream tcp nowait root /usr/bin/rsync rsyncd --daemon
(Remember to send inetd an HUP signal to tell it to reread its config file after modifying the file.)
Create a new ssh key for the account that you use to mirror Debian using
ssh-keygen. If your account already has a key for other purposes,
you may want to create a new one and store it in a different file using
ssh-keygen -f ~/.ssh/identity.mysite
command="~/bin/ftpsync",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty <contents of your ~/.ssh/<key>.pub file>to their
You need to set up your mirroring process to contact your downstreams when your
mirror-run is finished.
The ftpsync suite contains the script
runmirrors which is handling all
needed tasks for you. Simply change your ftpsync.conf to include the setting
HUB=true, copy the
runmirrors.mirror and configure the config file to suit your system.
Then list all your downstream mirrors inside runmirrors.mirror and the ftpsync/runmirror
duo will do all the heavy lifting for you.
The effect will be that your system will try to ssh to your downstream mirrors, after your own mirror updated, so they can start their own updates. This assumes you gave your downstream mirror operators the ssh key you told runmirrors to use and that they added it to their own ~/.ssh/authorized_keys as described above.
If you have any trouble with this, contact us.