---

Fedora mirrors

Fedora is fortunate to have over 200 volunteer mirror sites globally, which helps distribute the Fedora software to end users. We greatly appreciate our mirror sites and their system administrators.

Communicating

• Mailing lists: mirror-list and mirror-list-d (discussion)

• IRC: #fedora-admin on FreeNode

• Administrative changes: send email to mirror-admin@fedoraproject.org,ftp+fedora@redhat.com

How can someone become a public mirror?

Becoming an official public mirror is easy, and getting easier. All we request is that your site have sufficient bandwidth and disk space to handle the load. Each Fedora release can consume upwards of 200GB of disk space, and downloaders can consume as much bandwidth as you've got. Mirror sites have at least a 100Mbit/sec* connection to the Internet, many have Gigabit or larger pipes. As of the Fedora 8 release, the total space consumed on the master server, thus what a mirror could consume, is 1.1TB and growing. A 1-2TB volume would be most appropriate for a long-term mirror. This content is hardlinked; if you can't hardlink (e.g. you're on AFS), you'll need much more disk space. Actual space consumed is noted at http://download.fedora.redhat.com/pub/DIRECTORY_SIZES.txt.

* 100Mbit/sec is the rule for countries with adequate mirror coverage already. We can make exceptions for new mirrors in countries that have few mirrors. Connections to Internet2, National Lambda Rail, GEANET2, RedIRIS, or other such high speed research and educational networks are always appreciated.

How can someone make a private mirror?

Private mirrors are mirrors that reside entirely within an organization (company, school, etc.) and can only be accessed by members of that organization. They exist to speed up distributing Fedora within an organization, where local bandwidth costs are far less than going across the Internet.

Private mirrors behave similarly to public mirrors, with a few exceptions:

• Private mirrors are never listed in the MirrorManager publiclist pages.

• Private mirrors cannot pull from the master Fedora download servers. They must pull from another listed public mirror.

• Private mirrors should include IP netblocks in their MirrorManager configuration. This allows your network-local users to be automatically redirected to your mirror.

• Private mirrors are not crawled by the MirrorManager web crawler. As a corollary:

• Private mirrors must run report_mirror to inform the MirrorManager database of their content. If you don't run report_mirror, your clients will not be automatically redirected.

MirrorManager: the Fedora Mirror Management system

The MirrorManager software keeps track of all the mirrors without requiring a lot of manual text file editing.

Signing up

Fedora Account System

• You must have an account in the Fedora Account System. (More info also at Infrastructure/AccountSystem.) You are not required to sign the Contributors License Agreement to merely mirror Fedora content, but you must do so if you wish to contribute to other aspects of Fedora.

• You must send an email to mirror-admin@fedoraproject.org,ftp+fedora@redhat.com stating you would like to become a mirror, your IP address, your location (country), and your outbound bandwidth available for the mirror.

• You must add yourself to Infrastructure/Mirroring/Pending to track the ACL change request.

• You must subscribe to mirror-list and mirror-list-d (discussion) to be notified of new releases. Please send the note above to mirror-admin@fedoraproject.org before subscribing, so we know who you are and can approve your subscription. Private mirrors need only introduce themselves so they may be approved onto the mailing list. The other details (IP, country, bandwidth) don't matter for private mirrors.

Registering in MirrorManager

• Log into mirrormanager using your FAS account.

• Create a new Site.
• create a new Host, and sign up that host for the Categories of content you'll carry, any other site administrators you want, your site's IP addresses used for our Access Control List, and the other details listed there if applicable to you.

• Please run report_mirror after each rsync run.

• You may list your site's IP address ranges (Netblocks). Clients coming from an IP address within your netblock will be automatically redirected to your mirror for any content you carry.

Mirroring

The only sane way to do mirroring is to use rsync. Note the options -H (hardlinks), --delay-updates, --numeric-ids and --delete-after are required to ensure your mirror content stays valid even during a new rsync run, until all the new data is available.

• rsync -vaH --exclude-from=${EXCLUDES} --numeric-ids --delete --delete-after --delay-updates \ rsync://download.fedora.redhat.com/fedora-enchilada ${LOCAL_DIR}
• You may exclude any content you desire, such as architectures, using an EXCLUDES file.

• Please pull from one of the Tier 1 mirrors if you can. See Infrastructure/Mirroring/Tiering. Instead of using one of the Tier 1 servers, you may wish to pull from another fast mirror that's closer to you.

• You should sync shortly after 0800 UTC (when rawhide is pushed), 1400 UTC (when bitflips occur), and another 3-5 times per day (updates are manually released).

Running report_mirror

The new Fedora Mirror Management System includes a tool, report_mirror which can upload to the mirror database that you completed a run and what content you've got. This makes generating the yum mirrorlists and all other pages much much simpler. Please run report_mirror after every rsync job completes.

• report_mirror files. You need both report_mirror and report_mirror.conf, and must edit report_mirror.conf to include the content you're carrying and the path to that content on your disk.

Available content

The available content modules by rsync, and their point in the directory tree are:

• Fedora 7 and future

• Fedora Secondary Architectures

Secondary architectures content is not hosted on the master mirror servers, but instead on a different machine, secondary.fedoraproject.org. Should you wish to mirror that content, please do so at a directory such as /pub/fedora-secondary. Do not put this content into the same directory structure as the other Fedora content.. The MirrorManager Category for this content is 'Fedora Secondary Arches'.

• Fedora Core and Extras for FC6 and earlier (to be removed April 2008)

Please use the above paths as subpaths on your own mirror servers, omitting 'pub' if necessary. We recommend using fedora-enchilada plus fedora-epel if you can. This ensures you have the same directory structure as the master servers, which makes it far easier for users to find the content on your mirror.

DVDs, CDs, and the exploded trees

When a new release is available, it can be bandwidth-efficient to download only the ISOs first (say, the DVD ISOs), then explode those into the directory structure, then run a full normal rsync run. This lets you avoid downloading the same RPMs twice (both on ISOs and as plain RPMs). There's a tool somewhere to help do this.

Regular hardlink runs

While the Fedora release maintainers try to keep as little redundant packaging around as possible, there are some duplicate packages in the tree. For example, when a Fedora Test release comes out, the package set included there looks remarkably like that of the development tree from a few days before. By copying the development tree over into the new Test directory before starting your rsync run, and using rsync -H, you can avoid downloading all that content a second time.

In addition, it's good practice to run a tool like hardlink++ on your tree occasionally (say, weekly), to ensure as much of your tree as possible is hardlinked.

Pre-Release: Copying Development tree to new release directory

In the days leading up to a release, either test or final, the development (aka rawhide) tree will stop taking new packages, and will closely resemble what winds up in the new release. As a mirror, you can avoid downloading content that already is in your copy of the development tree that matches what's in the release tree by copying those packages using hardlinks, such as:

• cp -lr fedora/linux/development/i386 fedora/linux/test/6.91/Prime/ cp -lr fedora/linux/development/x86_64 fedora/linux/test/6.91/Prime/ cp -lr fedora/linux/development/source fedora/linux/test/6.91/

and then start the rsync process, which will clean up any changes and fix up the timestamps.

HTTPd Configuration

Keepalives

HTTP Keepalives should be enabled on your mirror server to speed up client downloads. By default, Fedora's Apache httpd package has keepalives disabled. They should be enabled, with a timeout of at least 2 seconds (the default of 15 seconds might be too high for a heavily loaded mirror server, but 2 seconds is sufficient and appropriate for yum).

 KeepAlive On
 KeepAliveTimeout 2
 MaxKeepAliveRequests 100

Other http servers such as lighttpd have keepalives enabled by default.

Redirecting ISO downloads to FTP

Apache 2.x and earlier can't distribute files larger than 2GB. This means DVD images won't work. (lighttpd doesn't have this limitation). Also, some people find FTP to be more efficient than HTTP for really large files like ISO images. These Rewrite lines will redirect all HTTP GET requests for *.iso files to a different FTP daemon. With this method, HEAD requests used by the MirrorManager crawler for *.iso files aren't rewritten, which gives better crawling results.

    RewriteCond     %{REQUEST_METHOD} GET
    RewriteRule     ^(.*\.iso)$ ftp://myserver/$1  [L,R=301]

Content Types

ISO and RPM files should be served using MIME Content-Type: application/octet-stream. In Apache, this can be done inside a VirtualHost or similar section:

    <VirtualHost *:80>
    AddType application/octet-stream .iso
    AddType application/octet-stream .rpm
    </VirtualHost>

Limiting Download Accelerators

Download accelerators will try to open the same file many times, and request chunks, hoping to download them in parallel. This can overload heavily loaded mirror servers, especially on release day. Here are some tricks to thwart such activities.

To limit connections to ISO dirs by some amount per IP:

      <IfModule mod_limitipconn.c>
        MaxConnPerIP 6
      </IfModule>

To block ranged requests as this is what download accelerators do indeed:

    RewriteEngine on
    RewriteCond %{HTTP:Range} [0-9]$
    RewriteRule \.iso$ / [F,L,R=403]

Pre-bitflip mirroring

Several days before each public release, the content will be staged to the master mirror servers, but with restricted permissions on the directories (generally mode 0750), specifically, not world readable.

Mirror servers should have several different user/group accounts on their server, for running the different public services. Typically you find:

• HTTP server runs as user apache, group apache
• FTP server runs as user ftp, group ftp
• RSYNC server runs as user rsync, group rsync
• a user account for downloading content from the masters (e.g. user mirror, group mirror).

The user account used to download content from the masters must be not be the same as the HTTP, FTP, or RSYNC server accounts. This guarantees that content downloaded with permissions 0750 will not be made available via your public servers yet.

On the morning of the public release, the permissions on the directories on the master servers will change to 0755 - world readable. This is called the bitflip. After each mirror server rsyncs one more time, they will pick up these new permissions (but won't have to download all the data again, so this is very fast), and start serving the content publicly.

Serving content to other mirrors

Tier 1 mirrors will necessarily need to share content to Tier 2 mirrors before the bitflip. This is done by running another instance of the rsync daemon, on a different port (e.g. 874), with an Access Control List to prevent public downloads, running as a user in the same group as downloaded the content (e.g. group mirror). This could be user mirror, group mirror, who has group read/execute permissions on the still-private content.

Recognition

This product includes GeoLite data created by MaxMind, available from http://www.maxmind.com/.

---

CategoryInfrastructure