Bug#879916: Debian mirror debian.mirror.su.se: inconsistent view between backends - SRQ-1283517
> If you look at our monitoring result page for your mirror right now: > > https://mirror-master.debian.org/status/mirror-info/debian.mirror.su.se.html > > you'll notice that our script sees two different trace files from your > mirror, alternatingly. > > One from 2017-10-27 04:21:39 and one from 2017-10-27 04:21:40. > > If you load balance behind a single name, is there any way you can > ensure that all instances provide the same content? Yes, the service is load balanced between two hosts. I didn't thought that should be a problem. > > Alternatively, is there a way we can access the backends indivually for > our checks? We can go either way, which ever you prefer. 1. Set up a master-slave senario where we only sync upstream from one of our machines and only front machines that are up to date. 2. Allow http access directly to the machines without the load balancer. How do you normally handle this kind of issues? -- jocar
Bug#879916: Debian mirror debian.mirror.su.se: inconsistent view between backends - SRQ-1283517
Hi Johan On Mon, Oct 30, 2017 at 01:27:50PM +, Johan Wassberg wrote: > > If you load balance behind a single name, is there any way you can > > ensure that all instances provide the same content? > Yes, the service is load balanced between two hosts. I didn't thought > that should be a problem. It's no problem. We just flag that as irregularities as the contents are not the same, even if almost the same. > How do you normally handle this kind of issues? Each backend system gets it's own mirror name configured in ftpsync.conf. The backends can be reached directly. How they can be reached is not important; we have the following mechanisms in the wild: - The mirrors have public IP on their own and can be reached using it, - the load balancer exposes the systems directly by name, and - the load balancer exposes the systems by using different ports. We will add entries for each backend to our internal mirror list and make the public name an alias. We then check each system seperately, so we can asses the health of each one. For examples see: https://mirror-master.debian.org/status/mirror-status.html#&sort[results]=0-0&filter[results]=azure.com https://mirror-master.debian.org/status/mirror-status.html#&sort[results]=0-0&filter[results]=kernel.org Depending on the importance of the mirror we have a bunch of other things we use to make sure they are in sync, but this does not need to concern you. > 2. Allow http access directly to the machines without the load balancer. For now we would like to start with this one. You have to select names for both mirrors and ways to access them. Currently the backends are named mirror-prod-debian0[12].it.su.se and are published in DNS with public IP. So you could set MIRRORNAME in ftpsync.conf to that hostname and allow access to the IP from the outside. Regards, Bastian Debian mirror team -- Vulcans believe peace should not depend on force. -- Amanda, "Journey to Babel", stardate 3842.3
Bug#879916: Debian mirror debian.mirror.su.se: inconsistent view between backends - SRQ-1283517
> On 31 Oct 2017, at 12:17, Bastian Blank wrote: > > Hi Johan > > On Mon, Oct 30, 2017 at 01:27:50PM +, Johan Wassberg wrote: >>> If you load balance behind a single name, is there any way you can >>> ensure that all instances provide the same content? >> Yes, the service is load balanced between two hosts. I didn't thought >> that should be a problem. > > It's no problem. We just flag that as irregularities as the contents > are not the same, even if almost the same. > >> How do you normally handle this kind of issues? > > Each backend system gets it's own mirror name configured in > ftpsync.conf. The backends can be reached directly. How they can be > reached is not important; we have the following mechanisms in the wild: > - The mirrors have public IP on their own and can be reached using it, > - the load balancer exposes the systems directly by name, and > - the load balancer exposes the systems by using different ports. > > We will add entries for each backend to our internal mirror list and > make the public name an alias. We then check each system seperately, so > we can asses the health of each one. For examples see: > https://mirror-master.debian.org/status/mirror-status.html#&sort[results]=0-0&filter[results]=azure.com > https://mirror-master.debian.org/status/mirror-status.html#&sort[results]=0-0&filter[results]=kernel.org > > Depending on the importance of the mirror we have a bunch of other > things we use to make sure they are in sync, but this does not need to > concern you. > >> 2. Allow http access directly to the machines without the load balancer. > > For now we would like to start with this one. You have to select names > for both mirrors and ways to access them. Currently the backends are > named mirror-prod-debian0[12].it.su.se and are published in DNS with > public IP. So you could set MIRRORNAME in ftpsync.conf to that hostname > and allow access to the IP from the outside. Done. The two hosts that serves "debian.mirror.it.su.se" is now accessable from anywhere and the MIRRORNAME is set correctly. mirror-prod-debian01.it.su.se mirror-prod-debian02.it.su.se Please updated your internal tools. -- jocar
