On 2020-03-09 18:41:11, Matthias Kruk wrote:
> Dear onefang,
> thank you for apt-panopticon, and especially for running it frequently on
> all mirrors. It has already proven to be very useful to me, and I like the
> near-realtime reporting. I'm trying to establish a habit of checking the
> report somewhat regularly so I can tell in a timely manner if something is
> wrong with my mirror.
Good to hear. I encourage all mirror operators to get into that habit.
> The reason I'm replying here is that there were actually a bunch of
> warnings that were displayed for my mirror, which I have finally all
> fixed.
Excellent. The only remaining issue on your mirror is the weekly updated
statistic, which will take a week to get to 100%. I've noticed it is
already climbing, so that's a good sign.
Note that it's expected to see regular Updated warnings, since we all
update on a regular schedule, so between pkgmaster getting updated and the
regularly scheduled run of each mirrors update, we will see that warning.
I'm seeing that warning for most of us right now.
Your mirror is listed as updating every 3 hours, I'd like to see us all
updating every 30 minutes. Would it be OK if you changed to 30 minutes?
Then let me know so I can change your listing, which apt-panopticon uses
to determine the difference between an Update warning and an error.
> The better part of the warnings were about the debian redirect for
> partial mirrors, and in particular the way it is set up with lighttpd. I
> checked the list and noticed there is at least one more mirror suffering
> from the same issue, so I'd like to share how to solve it here:
> The redirects in my mirror's lighttpd configuration (and probably in the
> other lighttpd-based mirrors as well, since my configuration was used for
> the lighttpd example) are set up like this:
> url.redirect = (
> "^/merged/pool/DEVUAN/(.*)" => "/devuan/pool/$1",
> "^/merged/pool/DEBIAN/(.*)" =>
> "[1]https://deb.debian.org/debian/pool/$1",
> "^/merged/pool/DEBIAN-SECURITY/(.*)" =>
> "[2]https://deb.debian.org/debian-security/pool/$1"
> )
> The script, in its URL sanitation check sends a request with multiple
> slashes, which I couldn't reproduce on my side at first, since my client
> was smart/sneaky enough to remove superfluous slashes before issuing the
> request to the server. Using the same command as your script, I realized
> that lighttpd chokes on the multiple slashes because it performs
> redirection *before* sanitizing the URLs. I'm not sure why lighttpd would
> do it in this order, since that means the regexes will have to account for
> all sorts of perfectly valid garbage (like
> "/.//.///.////./foo//.///../index.html"). Anyways, I changed the redirects
> to
> url.redirect = (
> "^[/]+merged[/]+pool[/]+DEVUAN[/]+(.*)" => "/devuan/pool/$1",
> "^[/]+merged[/]+pool[/]+DEBIAN[/]+(.*)" =>
> "[3]https://deb.debian.org/debian/pool/$1",
> "^[/]+merged[/]+pool[/]+DEBIAN-SECURITY[/]+(.*)" =>
> "[4]https://deb.debian.org/debian-security/pool/$1"
> )
> which means that it now works for your test cases, but it would still
> choke on funky requests like the one mentioned above which is why I
> consider this more of a workaround than a solution. I'm trying to see if
> theres an easy way around it, otherwise I might be willing to give nginx a
> try instead. In the meanwhile, other lighttpd-based mirrors (at a glimpse,
> at least [5]mirror.devuan.de seems affected) might want to adopt the same
> redirects.
It would be very helpful if you could stick with lighttpd and try to come
up with a proper fix. I run Apache on my mirror, so I can't help figure
out the proper lighttpd configuration. Then I can update the mirror
walkthrough document for the benefit of other lighttpd users.
mirror.devuan.de has other issues, the big one being that it was actually
offline for some time. It seems to be online now, but still giving
errors, mostly HTTPS errors. Maybe they will take note of your
workaround and that will help?
> The other issue that I've had with my mirror was that it ran out of disk
> space - it was originally only 40GB which I upgraded to 100GB a couple of
> months ago. I just upgraded to 200GB today and I'm hoping that should
> suffice for now. Is there any indication for an upper limit on the disk
> usage? I think debian is hosting five distributions at a time
> (oldoldstable, oldstable, stable, testing, unstable) and we're at four
> (oldstable thru unstable) at the moment, so my guess would be at least a
> 25% increase? The reason I'm asking is because I'm considering to add more
> storage and upgrade to a complete mirror, without the debian redirect.
> Could you shed some light on the storage situation on
> [6]pkgmaster.devuan.org, maybe some storage recommendations for a partial
> and a full mirror? I realize there are several factors this depends upon,
> so a conservative guess would be fine. :-)
pkgmaster.devuan.org currently has 21.3 GB. Devuan is on the verge of
releasing Beowulf as the new stable, which would make Jessie
oldoldstable, I don't know the plans regarding that but I would guess we
will actually make Jessie oldoldstable. On the other hand that would not
be a major increases in disk usage, as that would just be a new symlink,
all the files for Jessie, ASCII, Beowulf, Ceres would remain. The new
Chimaera release would see some growth though, and will eventually become
a fully fledged release, so should grow to about the same size as the
others.
The mirror walkthrough says 50 GB for a package mirror, it's being very
conservative and allowing for big growth. It also says about 2 TB for a
full Debian mirror. I don't have one handy that I can check the size of.
https://www.debian.org/mirror/size is updated daily, and that says 3 TB.
The size of my package mirror is also 21.3 GB, plus an extra 50 GB for
the ISO mirror.
> Thank you!
> Best regards,
> Matthias
> 2020年3月7日(土) 0:40 onefang <[7]onefang_devuan@???>:
>
> Alas life got in the way and has delayed all my projects. So I'm
> sending
> this email much later than I had planned.
>
> apt-panopticon is basically ready for an alpha release.
>
> With the blessing of the other Devuan devs (at least no one complained
> at
> the time, or since) Evilham and I have decided to use the results of
> apt-panopticon to decide which mirror servers are on the DNS-RR and
> which
> are not. [8]https://pkgmaster.devuan.org/mirror_list.txt will be
> updated
> for things like "certificate expired, so they no longer support HTTPS",
> "have been doing nothing but timeouts for sometime, so mark as offline",
> etc. The DNS-RR will be modified to reflect serious issues.
>
> Evilham wants me to go one step further, and automate things. His idea
> was to run apt-panopticon once a minute, and report the results to a
> backend that will automatically add or remove mirror servers to DNS-RR
> depending on yet to be discussed pass conditions. On the fastest server
> it is currently running on the average run time is slightly less than
> one
> minute, so I think maybe doing this every five minutes. The goal is
> that
> when someone uses the DNS-RR, they get as perfect an experience as we
> can
> manage.
>
> Pass conditions are likely to be something like - passes all tests with
> no warnings (except HTTPS that DNS-RR can't handle anyway), 100% up
> time,
> 100% updated. Very few currently meet those conditions.
>
> Apt-panopticon is running on two different servers now, plus my desktop,
> and I'm awaiting a friend to get IPv6 for her server before I run it
> there. Mostly coz running it on an actual mirror server means that
> particular mirror gets disk speed tested instead of network speed, which
> is not fair on the other mirrors.
>
> So on my own mirror it runs every ten minutes, and shows ludicrous speed
> for itself -
>
> [9]https://sledjhamr.org/apt-panopticon/results/Report-web.html
>
> On a small server that rrq kindly let me use, it runs once an hour,
> mostly coz it's a single core VM, running it more often will bog down
> his
> server -
>
> [10]https://borta.devuan.dev/apt-panopticon/results/Report-web.html
>
> Could all mirror admins PLEASE PLEASE PLEASE actually monitor one of
> those, and actually correct any issues for your server, or at least talk
> to me about it if you think the script is wrong. I'm kinda disappointed
> that there has been almost no positive changes since I started telling
> you all about this. There is way too many warnings and errors. If you
> hover your mouse over the column titles, a short explanation of what is
> being tested, and why will pop up. Remember, this is now the official
> indication of how healthy our mirror system is.
>
> --
> A big old stinking pile of genius that no one wants
> coz there are too many silver coated monkeys in the world.
> _______________________________________________
> devuan-mirrors mailing list
> [11]devuan-mirrors@???
> [12]https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/devuan-mirrors
>
> References
>
> Visible links
> 1. https://deb.debian.org/debian/pool/$1
> 2. https://deb.debian.org/debian-security/pool/$1
> 3. https://deb.debian.org/debian/pool/$1
> 4. https://deb.debian.org/debian-security/pool/$1
> 5. http://mirror.devuan.de/
> 6. http://pkgmaster.devuan.org/
> 7. mailto:onefang_devuan@sledjhamr.org
> 8. https://pkgmaster.devuan.org/mirror_list.txt
> 9. https://sledjhamr.org/apt-panopticon/results/Report-web.html
> 10. https://borta.devuan.dev/apt-panopticon/results/Report-web.html
> 11. mailto:devuan-mirrors@lists.dyne.org
> 12. https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/devuan-mirrors
> _______________________________________________
> devuan-mirrors mailing list
> devuan-mirrors@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/devuan-mirrors
--
A big old stinking pile of genius that no one wants
coz there are too many silver coated monkeys in the world.
::
Re: [devuan-mirrors] [devuan-dev] I…
