Setting up a push server

Setting up a push server consists of two basic tasks: setting up rsync access (for normal, pull mirroring) and setting up ssh trigger mechanism (for pushing the pull mirroring).

(For more information on what a push server is, please read the explanation of push mirroring.)

Setting up rsync

Install rsync. If your site is running Debian, just install the rsync package.

Create rsyncd.conf file and put something similar to this in it:

uid = nobody
gid = nogroup
max connections = 50
socket options = SO_KEEPALIVE

[debian]
  path = /srv/debian/mirror
  comment = The Debian Archive (https://www.debian.org/mirror/size)
  auth users = *
  read only = true
  secrets file = /etc/rsyncd/debian.secrets

Add an entry for each site you are pushing to in the /etc/rsyncd/debian.secrets file:

site1.example.com:a_password
site2.example.com:another_password
site3.example.net:password

You have now given the downstream mirrors access to the archive on your machine. If you are willing to provide rsync acess to everyone, skip the auth users and secrets file setting in rsyncd.conf. You don't need a secrets file then either.

You will probably want to start the rsync daemon from inetd. To enable the daemon, add the following to your /etc/inetd.conf file:

rsync      stream      tcp         nowait      root /usr/bin/rsync rsyncd --daemon

(Remember to send inetd an HUP signal to tell it to reread its config file after modifying the file.)

Setting up ssh trigger mechanism

Create a new ssh key for the account that you use to mirror Debian using ssh-keygen. If your account already has a key for other purposes, you may want to create a new one and store it in a different file using ssh-keygen -f ~/.ssh/identity.mysite

Your downstream mirrors will then need to add
command="~/bin/ftpsync",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty <contents of your ~/.ssh/<key>.pub file>
to their ~/.ssh/authorized_keys file.

You need to set up your mirroring process to contact your downstreams when your mirror-run is finished. The ftpsync suite contains the script runmirrors which is handling all needed tasks for you. Simply change your ftpsync.conf to include the setting HUB=true, copy the runmirrors.conf.sample to runmirrors.conf and runmirrors.mirror.sample to runmirrors.mirror and configure the config file to suit your system. Then list all your downstream mirrors inside runmirrors.mirror and the ftpsync/runmirror duo will do all the heavy lifting for you.

The effect will be that your system will try to ssh to your downstream mirrors, after your own mirror updated, so they can start their own updates. This assumes you gave your downstream mirror operators the ssh key you told runmirrors to use and that they added it to their own ~/.ssh/authorized_keys as described above.

If you have any trouble with this, contact us.