TWiki Mirror [was: Oregon mirror is not up to date]

Jeremy Huntwork jhuntwork at linuxfromscratch.org
Sat Jul 10 13:53:27 PDT 2004


On Saturday 10 July 2004 09:00 am, Jeremy Huntwork wrote:
> Later today, (hopefully) I can go through what I did, and write out
> what steps a mirror would need to take to get itself set up.

The mirror needs to have sshd, rsync and apache.  I'm still 
investigating about the perl modules...

Here are the steps I went through to set up the mirror:

1) Create a new user account on the mirror machine that will be used as 
the rsync user (this user would have to have read/write access to the 
directory where the web will be stored.)  We would need to have that 
same user account on belgarath to generate a key pair; we should 
probably create a user for this purpose and specify that mirrors create 
a user with the same name, eg, 'rsync'.  For my example, I used my 
belgarath logon, jhuntwork, so the new user on my mirror was jhuntwork.

2) On the mirror login as the new user and run: mkdir ~/.ssh
(make sure the permissions of directory .ssh is 700, if not:
chmod 700 .ssh)

3) On belgarath, logged in as the 'rsync' user, run 'ssh-keygen -t rsa'
It will ask you to enter a filename in which to save the key, I used the 
default: '/home/$user/.ssh/id_rsa'.  Make sure you leave the passphrase 
empty!  The result will be a keypair for $user at belgarath.  The public 
key file, in this case id_rsa.pub would need to be sent to the mirror.
(This step is done once by us on belgarath, and all mirrors use the same 
public key.)

4) Once the mirror has downloaded the public key file, it is copied as:
/home/$user/.ssh/authorized_keys

5) Then from belgarath, when our script calls:

rsync -e 'ssh -2 -l $user -i /home/$user/.ssh/id_rsa' -avzcpr '/home/
httpd/test.linuxfromscratch.org/' mirrorname:/full/path/to/web/

The site should be pushed without requiring an ssh password.
(If it still asks for a password, either the sshd_conf file is 
mis-configured or more likely, the directory permissions are wrong.)

Of course, at this point you would also need to have setup a Directory 
tag in httpd.conf.  Due to the current directory structure I would 
suggest our mirrors use VirtualHost like belgarath.  In fact, if it is 
possible, I would even go as far as to suggest using the same directory 
locations (due to the TWiki.cfg file) for everyone.

Plus, you shouldn't have any site-wide cgi-bin aliases or ScriptAlias 
(or twiki aliases for that matter).  If you're using VirtualHosts with 
individual ExecCGI flags for each cgi-bin directory on your server, 
everything should play nice.

If this method is adopted I can later write better instructions for the 
mirrors.

You can check out my mirror here:
http://tiger.jencon.net/twiki/bin/view/Main/WebHome

In the next day or two, dns should propogate and the real name, 
lfs.jenacon.net should be available.

-- 
Jeremy Huntwork
http://www.jenacon.net



More information about the website mailing list