How to setup a drpmsync server
This document describes how to configure and run a drpmsync server for the Factory Distribution.
Install drpmsync
The drpmsync client and server can be found within the "deltarpm" package. Current recommended sources and packages can be found in the http://download.opensuse.org/tools/drpmsync/ directory.
Compile drpmsync
needs to be written ...
Fetch the Factory distribution
Sync Factory via drpmsync
The drpmsync client does usually not store the delta files which it does apply to the updated rpms. We need to store them for the drpmsync server, which does directly use them for its clients. A configuration file could look like this
source: drpmsync.opensuse.org:8888/Factory log: /tmp/drpmsync.log generate_deltas: true keep_deltas: true keep_uncombined: true always_get_rpm: false
and maybe get stored as /etc/drpmsync.conf. User who want to avoid CPU and IO load on the system should disabled the generate_deltas option. Enabling the always_get_rpm option leads into higher network traffic again, but avoids CPU and IO load by applying the delta rpms.
Please have a look to the drpmsync man page for detailed informations about the options.
The download can be invoked with
drpmsync -c /etc/drpmsync.conf /srv/Factory
to store the tree below the /srv/Factory directory.
使用 rsync 同步车间镜像
It is also possible to fetch the tree via classic rsync protocoll, however there is no good reason to do this ;) You can find the possible rsync resources in the Mirror Infrastructure document.
Configure and run a drpmsync server
Create a server configuration file
A configuration file could get stored as /etc/drpmsyncd.conf an may look like this:
servername: myserver.mydomain.org:8888 serverlog: /var/log/drpmsync/drpmsyncd.log serveruser: drpmsyncd allow: * tree: /Factory /srv/Factory
This configuration will run a public server serving the content from /srv/Factory directory. The server needs to be started by calling
drpmsync -s /etc/drpmsyncd.conf
Please look into the drpmsync man page for detailed informations about the configuration file.
Security Aspects
drpmsync is written with security aspects in mind. However, it is written in perl and the source did not receive a security audit yet. So we recommend to run it only with a dedicated user id. The above example does run it as "drpmsyncd" user. You can also forbid to open new network connections (it does only need to get connected from the clients). You can do this via the Linux iptables firewall by adding this rule:
iptables -A OUTPUT -m owner --match state --state NEW --uid-owner drpmsyncd -d 0/0 -j DROP