How to setup a drpmsync server

Jump to: navigation, search

This document describes how to configure and run a drpmsync server for the Factory Distribution.

Install drpmsync

The drpmsync client and server can be found within the "deltarpm" package. Current recommended sources and packages can be found in the directory.

Compile drpmsync

needs to be written ...

Fetch the Factory distribution

Sync Factory via drpmsync

The drpmsync client does usually not store the delta files which it does apply to the updated rpms. We need to store them for the drpmsync server, which does directly use them for its clients. A configuration file could look like this

  log: /tmp/drpmsync.log
  generate_deltas: true
  keep_deltas: true
  keep_uncombined: true
  always_get_rpm: false

and maybe get stored as /etc/drpmsync.conf. User who want to avoid CPU and IO load on the system should disabled the generate_deltas option. Enabling the always_get_rpm option leads into higher network traffic again, but avoids CPU and IO load by applying the delta rpms.

Please have a look to the drpmsync man page for detailed informations about the options.

The download can be invoked with

  drpmsync -c /etc/drpmsync.conf /srv/Factory

to store the tree below the /srv/Factory directory.

使用 rsync 同步车间镜像

It is also possible to fetch the tree via classic rsync protocoll, however there is no good reason to do this ;) You can find the possible rsync resources in the Mirror Infrastructure document.

Configure and run a drpmsync server

Create a server configuration file

A configuration file could get stored as /etc/drpmsyncd.conf an may look like this:

  serverlog: /var/log/drpmsync/drpmsyncd.log
  serveruser: drpmsyncd
  allow: *
  tree: /Factory /srv/Factory

This configuration will run a public server serving the content from /srv/Factory directory. The server needs to be started by calling

  drpmsync -s /etc/drpmsyncd.conf

Please look into the drpmsync man page for detailed informations about the configuration file.

Security Aspects

drpmsync is written with security aspects in mind. However, it is written in perl and the source did not receive a security audit yet. So we recommend to run it only with a dedicated user id. The above example does run it as "drpmsyncd" user. You can also forbid to open new network connections (it does only need to get connected from the clients). You can do this via the Linux iptables firewall by adding this rule:

  iptables -A OUTPUT -m owner --match state --state NEW --uid-owner drpmsyncd -d 0/0 -j DROP