DSS as openSuSE repository
Hi,
I've been setting up our DSS as a repository shadow for our numerous openSuSE systems and have run across a few difficulties (and a single solution) I'd like to share:
General setup is a 350 GB logical volume on the DSS, made available as a NAS resource ("SuSErepos", via FTP, NFS, HTTP).
Part I - keeping in sync:
I've enabled NFS for the "SuSErepos" share and mounted it from one of our servers. There I run an rsync cron job to sync with the SuSE main repository.
Question: Can I do this from the NAS itself, freeing the server from this job? Browsing the docs I got the feeling there should be a way, but couldn't find the exact configuration setting. I'd have to run a job similar to "rsync -rlpt rsync.opensuse.org:pensuse-full /share/SuSErepos --delete-after -hi --stats".
Part II - fetching the content
I had a look at three ways to access our local repository: NFS, FTP and HTTP. I only got NFS to work so far, and only incorporating a work-around.
FTP: While at first everthing seemed to go smoothly, it soon turned out that the DSS transfers at least the repomd.xml* file with newlines converted to CRLF. I couldn't make either YaST to use ASCII mode nor DSS to stop converting the files - if anyone has a pointer, I'd be grateful. The problem is that the repomd.xml gets modified, thus the GPG signature verification fails... no automatic updates no moreIt took me some time to figure this out as both versions (on DSS, checked via NFS, and locally transfered by YOU via FTP) look identical via "cat".
HTTP: Only gave that a few minutes to check: Access is via HTTPS only, with the bogus DSS-signed certificate (our security policies wouldn't allow to import the DSS CA key on the servers) that wouldn't verify under normal conditions (I wish the feature to bring in your own certificate into the DSS web server had a higher priority). Also, I couldn't simply access the files via URL - there was some sort of intermediate index.something file that was used to access the files - I figured out YOU would barf at me for that and didn't even give it a try
NFS: The only half-way reasonable protocol left - and which wouldn't work for our DMZ servers (FTP would have been fine). But... there is this slight inconvenience with the DSS NFS server... you cannot simply mount "dss:/share/SuSErepos/updates/11.0 /somelocalmp" and access the files under /somelocalmp. DSS always gives you the content of /share/SuSErepos, regardless of which subdirs are named in the mount. So I've had to set up various shares for each OS level and distribution dir (update, share, oss, nonoss, sources) - PITA. But at least it works for our internal servers.
To make a long story short:
- It works for our internal servers using NFS and a lot of manual setup on the DSS.
- How do I stop the DSS from changing file contents for FTP transfers?
- (Where) Can I schedule rsync jobs on the DSS?
- Hopefully DSS will support NFS mounts for sub-directories soon.
- Please give us an option to use our own SSL certificates on the DSS.
With regards,
Jens
Reply With Quote
Originally Posted by jmo
