Mirrors
Status of the contribs.org mirrors
To view the status of contribs.org mirrors, look at http://mirror.contribs.org/mirrors.
Accessing the contribs.org mirrors
To access the contribs.org download mirrors, always use the URL http://mirror.contribs.org. The current releases can be found at http://mirror.contribs.org/smeserver/releases/, the contribs section can be found at: http://mirror.contribs.org/smeserver/contribs/
Figures
Hard disk size
The amount of physical hard disk size taken up by the contribs.org data will be about 30Gb, the /release tree, which holds the iso images and the repositories, accounts for about 6Gb of said amount. The /contribs tree will account for a little over 1Gb of the total. The obsolete directory accounts for 16Gb, and the testing directory which include the next version SME8 is 7Gb big.
If you are short in space you can easily save 16Gb with --exclude=obsolete/ in the EXCLUDE="" tag in etc/ftpsync-smeserver.conf like this:
EXCLUDE="--exclude=obsolete/"
More information on the configuration file can be found at Mirrors#Configuration options.
Bandwith
Due to the small number of mirrors, the bandwidth routed to your servers will be in the order of 200Gb/month on average, which translates to about 80kB/s.
Requirements for mirrors
- Static IP address
- Dedicated user for syncing
- Allow SSH from internet to static IP (port doesn't matter)
How to become a mirror site?
If you or your company has some spare bandwidth and would like to be included in mirror.contribs.org, become a mirror by following these steps:
Preparing your system
- Create a storage location for mirror
mkdir -p {/path/to/your/data/store/} - Create a new user to perform sync. If you are running SME Server you can create the user through the server-manager panel.
- Go to the new user's directory. On SME server this will be: /home/e-smith/files/users/{user}/ cd {/path/to/user/dir/}
- Now it is time to download the ftpsync script and all files it requires: wget http://wiki.contribs.org/files/ftpsync.tgz
- Extract the tarball in users directory tar zxof ftpsync.tgz
- Change the ownership of the directories to the new user chown -R {user} bin etc log locks .ssh {/path/to/your/data/store/}
- Now we have installed and set things up as is required but we will need to update the configuration file to point to the storage location of the data (TO) in the config file (etc/ftpsync-smeserver.conf). Use your favorite text editor for it. TO="/path/to/your/data/store/"
- Only when you are setting your server up as a pull-mirror, set the RSYNC_HOST value in the config file (etc/ftpsync-smeserver.conf) to (this is the default setting - disable for push) :
RSYNC_HOST=mirror.canada.pialasse.com
This because of the recent unreliability of ibiblio.org (see:bugzilla:7360).
Testing your setup
- Now it is time to perform the initial sync (and test that script does what it needs to)
su - {user} -s /bin/bash ~/bin/ftpsync sync:archive:smeserver - Now check the logs to see if there are any errors. Since the initial sync will take a lot of time you can best do this in a second terminal window: cd ~/log cat rsync-ftpsync-smeserver.error.0
Configuring the web server
You will need to configure your web server to make the files available to the public.
For that you need to enable the FollowSymLinks option in the apache config file.
If your mirror is hosted on a SME Server 7.x (or higher version), in an ibay, you should issue the following commands after creating the ibay:
db accounts setprop {ibayname} FollowSymLinks enabled
signal-event ibay-modify {ibayname}
Keeping your mirror up-to-date
The ftpsync script allows for two sync methods: push or pull.
Why we prefer push
First some background on ssh. Ssh allows people to connect to accounts on different machines in a secure way. Not only are passwords never passed in the clear, once you connect to a machine you are basically guaranteed that future connections will be to the same machine. This prevents many man-in-the-middle attacks.
One capability ssh has is the ability for a user to take the public identity key for a user on another machine and add it to a file of authorized keys on your machine. By default, the user on the other machine (who has the private identity key associated with the public identity key given to you) then has login privileges to your account. It is possible, though, to add text to an authorized key restricting the type of access a person accessing your account using that key has.
So to protect the downstream mirror, the key provided by the upstream mirror has text added to it to limit it to only give the person accessing your account permission to do one thing — start the program on your machine that updates your mirror. Even if someone (an evil third party) was able to break the key, the most they could do is to start the mirror program on your machine. You do not even have to worry about multiple copies of the program being started as a lockfile is used.
On the upstream end, rsync can be configured to restrict who can mirror a given area by username and password. These are totally separate from /etc/passwd so a push server doesn't have to worry about giving others access to their machine. As it is set up, the username and password are passed in the clear. This shouldn't be a problem though, as the worst that can happen is that a third party gains the ability to mirror the SME Server packages from that site.
(source: Debian: Push mirroring)
How push works
Below is a short description of the push process:
- Master mirror updates timestamp file
- Master initiates ssh into tier 1 mirrors to start stage 1 sync (wait)
- Tier 1 mirrors rsync everything but repodata from designated targets (no delete)
- Tier 1 mirrors initiate ssh into tier 2 mirrors to start stage 1 sync (wait)
- Repeat prior to steps for each tier under 2
- Master initiates ssh into tier 1 mirrors to start stage 2 sync
- Tier 1 mirrors rsync everything from designated targets (with delete)
- Tier 1 mirrors initiate ssh into tier 2 mirrors to start state 2 sync
- Repeat prior to steps for each tier under 2
- Master mirror checks freshness of mirrors and generates mirrorlists
Configuring for push
The push system uses private public key pairs for communication, for this you will need to execute some additional configuration steps:
- First and foremost you will need SSH to be configured and running on your server. If you are using SME Server for your mirror you will have to enable remote access on your server through the server-manager.
- You will also need to enable bash as the shell for this user.
If you are running SME Server you can do that like this: db accounts setprop {user} Shell /bin/bash signal-event user-modify {user} - You will also have to append the keys to the authorized_keys file of the user su - {user} -s /bin/bash cat .ssh/pushmirror-*.pub >> .ssh/authorized_keys
Configuring for pull
Configuring for a pull based mirror is easy. Just schedule a cron job to run every 2 hours that does the exact same sync command you do to get the mirror in the first place, you can add a comment like in the example below:
1 */2 * * * {user} ~/bin/ftpsync sync:archive:smeserver
Advertising your mirror
After your mirror is synced and working properly the last thing you need to do is let us know by filing a bug report on bugs.contribs.org under the website category or by following this link . Please include the following in the bug report:
- name of site
- primary contact name/email
- location/country
- bandwidth available to mirror
- URL to site (for freshness checks and yum)
- hostname to connect to (for ssh)
- port to connect to (for ssh)
- username to connect with (for ssh)
Configuration options
The ftpsync configuration file can be found in ~/etc/ftpsync-smeserver.conf. The ftpsync configuration file has a number of options you can configure. You might have already seen some of them when you had to adjust the storage location in the configuration process. The configuration file is well documented but we will discuss some of the features here.
Configure your mirror as hub
this is intented to do on an already synced mirror in push mode.
setting up rsync as server
as root.
open /etc/xinetd.d/rsync and remove the disabled line
vim /etc/xinetd.d/rsync
create a rsyncd.conf file
vim /etc/rsyncd.conf
then add this
# rsync.conf
uid = {USEROWNING THE MIRROR FILES}
gid = {GROUP OWNING THE MIRROR FILES}
use chroot = yes
max connections = 5
timeout = 300
read only = true
strict modes = true
transfer logging = true
dont compress = *.gz *.tgz *.zip *.z *.rpm *.deb *.iso *.bz2 *.tbz
[smeserver]
path = /home/e-smith/files/ibays/{IBAY}/html
comment = SME Server Mirror
hosts allow = {YOUR CLIENT IP}
install xinetd
yum install xinetd
configure as services
ln -s /etc/rc.d/init.d/e-smith-service /etc/rc7.d/S91xinetd config set xinetd service status enabled config set rsyncd service TCPPort 873 access public status enabled signal-event remoteaccess-update service xinetd start
configure hosts.allow
mkdir -p /etc/e-smith/templates-custom/etc/hosts.allow/ echo "rsync: ALL" > /etc/e-smith/templates-custom/etc/hosts.allow/rsync signal-event remoteaccess-update
you can browse your server like this
rsync --list-only rsync://YourIP
you can download from your server like this
rsync -avz YourIP::smeserver YourLocalFolder
create a rsa file
as user responsible of ftpsync.
ssh-keygen -qt rsa -b 1024 -C "contribs-push@{MY MIRROR}" -f ~/.ssh/contribs-push\@{MY MIRROR}.rsa
then to protect the key and limit it to one usage and only one IP. You need to change {MY MIRROR} and {MY HUB IP }
echo "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command=\"~/bin/ftpsync\",from=\"{MY HUB IP }\" "|cat - ~/.ssh/contribs-push\@{MY MIRROR}.rsa.pub > ~/.ssh/contribs-push.tmp && mv ~/.ssh/contribs-push.tmp ~/.ssh/contribs-push\@{MY MIRROR}.rsa.pub
finally protect your keys
chmod 0600 ~/.ssh/contribs-push\@{MY MIRROR}.rs*
never give your private key, only send your public (.pub) to the downstream mirror.
setting up ftpsync-smeserver.conf
as user responsible of ftpsync.
this step will allow your ftpsync to know that he need to trigger another server
edit ~/etc/ftpsync-smeserver.conf
vim ~/etc/ftpsync-smeserver.conf
under the line #HUB=false, insert
HUB=true
setting up runmirrors-smeserver.conf
as user responsible of ftpsync.
vim ~/etc/runmirrors-smeserver.conf
then comment out the following line and adapt it to the path of you private key
KEYFILE=.ssh/contribs-push\@{MY MIRROR}.rsa
setting up runmirrors-smeserver.mirror
as user responsible of ftpsync.
edit the file
vim ~/etc/runmirrors-smeserver.mirror
add the following at the end of the file
mhop {NAME FOR LOG PURPOSE} {YOUR CLIENT ADRESS} {YOUR CLIENT USER} -p {YOUR CLIENT SSH PORT}
Configure your mirror under another hub
follow : http://wiki.contribs.org/Mirrors#How_to_become_a_mirror_site.3F
except you will have to import your own public key (generated just above)
then you will have to tunes :
vim ~/etc/ftpsync-smeserver.conf
change RSYNC_HOST= to point to your hub mirror
RSYNC_HOST={HUB MIRROR ADRESSE}
tada! you are done!
Current SME Server contribs.org Mirror Tree
| koozali.org mirrors | mirror.canada.pialasse.com
Rsync, Push |
smeserver.bhs.mirrors.ovh.net
Rsync / 1GPs /pull %36h |
|
| distro.ibiblio.org
Rsync, Push |
ftp.iinet.net.au
mirror.internode.on.net ftp.icm.edu.pl | ||
| mirror.pialasse.com
Push |
|||
| sme-mirror.tw.co.nz
Pull |
|||
| sme-mirror.firewall-services.com
Pull |
|||
| ibsgaarden.dk
Push |
|||
| mirrors.rbx.opencare.nl
Push |
|||
| ftp.nluug.nl / ftp.vim.org
Pull |
|||
| ftp.icm.edu.pl
Pull |
|||
| mirrors.mab974.re
Pull |
|||
| www.mirrorservice.org
Rsync, Pull |
RSYNC access
- ibiblio : rsync://distro.ibiblio.org/smeserver/releases/ ( rsync -avv --stats distro.ibiblio.org::smeserver/releases . )
- mirror.canada.pialasse.com: rsync -avv mirror.canada.pialasse.com::smeserver/releases .
- mirrorservice.org : rsync//rsync.mirrorservice.org/sites/mirror.contribs.org/smeserver/releases/ (rsync -avv --stats rsync.mirrorservice.org::mirror.contribs.org/smeserver/releases/ . )
FTP access
Bugs
Please raise bugs under the SME-Contribs section in bugzilla and select the component or use this link
Below is an overview of the current issues for this contrib:
| ID | Product | Version | Status | Summary (1446 tasks) ⇒ |
|---|---|---|---|---|
| 12790 | SME Server 11.X | unspecified | RESOLVED | add and enable powertools repo as needed to get openldap-server |
| 12789 | SME Server 11.X | unspecified | CONFIRMED | AH01215: CGI::param called in list context can lead to vulnerabilities (pseudonyms) |
| 12788 | SME Server 11.X | unspecified | IN_PROGRESS | AH01215: CGI::param called in list context can lead to vulnerabilities (Persistent) |
| 12787 | SME Contribs | 11.0 | CONFIRMED | perl-CGI 'startform' and 'endform' are dropped in favor of 'start_form' and 'end_form' |
| 12786 | SME Contribs | 11.0 | CONFIRMED | perl-CGI 'startform' and 'endform' are dropped in favor of 'start_form' and 'end_form' |
| 12785 | SME Contribs | 11.0 | CONFIRMED | perl-CGI 'startform' and 'endform' are dropped in favor of 'start_form' and 'end_form' |
| 12784 | SME Contribs | 11.0 | CONFIRMED | perl-CGI 'startform' and 'endform' are dropped in favor of 'start_form' and 'end_form' |
| 12783 | SME Contribs | 11.0 | CONFIRMED | perl-CGI 'startform' and 'endform' are dropped in favor of 'start_form' and 'end_form' |
| 12782 | SME Contribs | 11.0 | CONFIRMED | perl-CGI 'startform' and 'endform' are dropped in favor of 'start_form' and 'end_form' |
| 12781 | SME Contribs | 11.0 | CONFIRMED | perl-CGI 'startform' and 'endform' are dropped in favor of 'start_form' and 'end_form' |
| 12780 | SME Contribs | 11.0 | CONFIRMED | perl-CGI 'startform' and 'endform' are dropped in favor of 'start_form' and 'end_form' |
| 12779 | SME Contribs | 11.0 | CONFIRMED | perl-CGI 'startform' and 'endform' are dropped in favor of 'start_form' and 'end_form' |
| 12778 | SME Contribs | 11.0 | CONFIRMED | perl-CGI 'startform' and 'endform' are dropped in favor of 'start_form' and 'end_form' |
| 12777 | SME Contribs | 11.0 | CONFIRMED | perl-CGI 'startform' and 'endform' are dropped in favor of 'start_form' and 'end_form' |
| 12776 | SME Contribs | 11.0 | CONFIRMED | perl-CGI 'startform' and 'endform' are dropped in favor of 'start_form' and 'end_form' |
| 12775 | SME Contribs | 11.0 | CONFIRMED | perl-CGI 'startform' and 'endform' are dropped in favor of 'start_form' and 'end_form' |
| 12774 | SME Contribs | 11.0 | CONFIRMED | perl-CGI 'startform' and 'endform' are dropped in favor of 'start_form' and 'end_form' |
| 12773 | SME Server 11.X | unspecified | VERIFIED | perl-CGI 'startform' and 'endform' are dropped in favor of 'start_form' and 'end_form' |
| 12772 | SME Server 11.X | unspecified | CONFIRMED | Move network functions from util.pm to util/network.pm |
| 12771 | SME Server 11.X | unspecified | VERIFIED | ldap logs to message |
| 12770 | SME Server 10.X | 10.1 | CONFIRMED | Changing forward address isn't reflected in .qmail file |
| 12769 | SME Server 11.X | unspecified | CONFIRMED | Changing forward address isn't reflected in .qmail file |
| 12768 | SME Server 11.X | unspecified | CONFIRMED | userdel: user is currently used by process |
| 12767 | Koozali SME server infrastructure | unspecified | RESOLVED | Readme Entries have wrong link to Bugzilla |
| 12766 | SME Contribs | 11.0 | UNCONFIRMED | change php version to contrib smeserver-wordpress |
| 12765 | SME Server 11.X | unspecified | VERIFIED | One can retrieve the list of users without being logged on the domain |
| 12764 | SME Server 10.X | 10.1 | IN_PROGRESS | One can retrieve the list of users without being logged on the domain |
| 12763 | SME Server 11.X | unspecified | CONFIRMED | Failed to delete /var/spool/mail/groupname |
| 12762 | SME Server 11.X | unspecified | CONFIRMED | No valid prefix found in any entries |
| 12761 | SME Server 10.X | 10.1 | CONFIRMED | Failed to delete /var/spool/mail/groupname |
| 12760 | SME Server 11.X | unspecified | RESOLVED | Failed to modify (ldap) group description/email |
| 12759 | SME Server 11.X | unspecified | RESOLVED | Cannot load private key "/etc/ssh/ssh_host_key": invalid format; and comment of host keys not updated |
| 12758 | SME Server 11.X | unspecified | CONFIRMED | After install a "signal-event smanager-refresh" is needed before SM2 comes up. |
| 12757 | SME Server 11.X | unspecified | CONFIRMED | Arrange that all language translations are installed with smeserver-manager |
| 12756 | SME Server 11.X | unspecified | CONFIRMED | Loaded Server manager 2 shows "Sme server 2 - initial" on browser tab |
| 12755 | SME Server 11.X | unspecified | CONFIRMED | Setting deltarpm parameter in SM2 dnf/yum config results on warning on dnf call |
| 12753 | SME Server 11.X | unspecified | VERIFIED | Include release number in Version of SM2 in footer. |
| 12752 | SME Server 11.X | unspecified | CONFIRMED | NFR Server-manager - Add DHCP Wake On LAN links in hostnames panel |
| 12751 | SME Server 11.X | unspecified | CONFIRMED | Add email link to action column in user accounts panel |
| 12750 | SME Server 11.X | unspecified | RESOLVED | Add EmailSettings options for uqpsmtpd, sqpsmtpd and qpsmtpd |
| 12749 | SME Contribs | 11.0 | CONFIRMED | Account name argument missing at S95ldap-update-simple line 38 |
| 12748 | SME Server 11.X | unspecified | RESOLVED | SM2 - After hitting the "save" button on a panel, then need some feedback to show it is working on the change. |
| 12747 | SME Server 11.X | unspecified | CONFIRMED | SM2 - After adding a remote network network, then changing FTP settings, save gives error on empty network fields |
| 12746 | SME Server 11.X | unspecified | CONFIRMED | SM2 does not seem to take the passwordStrength db property into allowance when checking passwords for users |
| 12745 | SME Server 11.X | unspecified | CONFIRMED | Reconfigure message stays despite post-upgrade. |
| 12744 | SME Server 11.X | unspecified | IN_PROGRESS | Setting webmail permissions in email panel is not correctly reflected in email front panel |
| 12743 | SME Server 11.X | unspecified | CONFIRMED | Webmail parameter "Save" on email panel gives "not updated" |
| 12742 | SME Server 11.X | unspecified | RESOLVED | Webmail parameter "Save" on email panel gives "not updated" |
| 12741 | SME Server 11.X | unspecified | RESOLVED | qpsmtpd rejects email passed on from an SME10 mailserver specified in the MailServer property of the domain DB |
| 12740 | SME Server 11.X | unspecified | VERIFIED | motd is displayed twice |
| 12739 | SME Server 11.X | unspecified | CONFIRMED | replace qmail with postfix |
| 12738 | SME Server 11.X | unspecified | CONFIRMED | update roundcube.identities.email field in mysql whenever domain is changed |
| 12737 | SME Server 11.X | unspecified | RESOLVED | Migrate from qmail to postfix |
| 12736 | SME Contribs | 11.0 | RESOLVED | first build for sme11 |
| 12735 | SME Server 11.X | unspecified | RESOLVED | merge dovecot-extras to dovecot |
| 12734 | SME Server 11.X | unspecified | CONFIRMED | MariaDB config setting table_definition_cache |
| 12731 | SME Contribs | 11.0 | CONFIRMED | Install fails - -needs "httpd-filesystem" |
| 12729 | SME Server 11.X | unspecified | RESOLVED | allow ibay setting of number of workers |
| 12728 | SME Server 11.X | unspecified | CONFIRMED | Warning for signal-event post-upgrade; signal-event reboot scrolls off screen. |
| 12727 | SME Server 11.X | unspecified | RESOLVED | Software Install panel: Submit button for subservient panels centered. |
| 12726 | SME Server 11.X | unspecified | CONFIRMED | Software Installer panel not waiting for dnf to finish and displaying log to that point. |
| 12725 | SME Server 11.X | unspecified | CONFIRMED | Top message when reconfigure required not set to be translateable. |
| 12724 | SME Server 11.X | unspecified | RESOLVED | Background update using dnf does not update software in SM2 software installer panel |
| 12723 | SME Server 11.X | unspecified | RESOLVED | It restarts yum rather than dnf in update event script for smeserver-updates-update |
| 12722 | SME Server 11.X | unspecified | RESOLVED | can't restore |
| 12720 | SME Server 11.X | unspecified | RESOLVED | filter utf8/iso to ascii in field accepting only ascii [smeserver-ldap] |
| 12719 | SME Server 11.X | unspecified | RESOLVED | create esmith::util:ldap wrapper around Net::LDAP |
| 12718 | SME Server 11.X | unspecified | RESOLVED | Error clicking on software manager |
| 12717 | SME Server 11.X | unspecified | RESOLVED | apply patch 2024-08-08 from sme10 |
| 12716 | SME Server 11.X | unspecified | CONFIRMED | alert after EOL if upstream release is not up to date |
| 12715 | SME Server 10.X | 10.1 | VERIFIED | wrong url for vault sclo |
| 12714 | SME Server 11.X | unspecified | RESOLVED | Turkish menu missing from SM2 menu - does exist in SM1 |
| 12713 | SME Server 11.X | unspecified | CONFIRMED | Update smeserver-manager.locale with po files (for weblate import) and also fix up a few lex files |
| 12707 | SME Server 11.X | unspecified | CONFIRMED | Japanese, Norwegian and Hebrew navigation files have incorrect language codes |
| 12706 | SME Server 11.X | unspecified | RESOLVED | Add flag indication of locale in header for SM2 |
| 12705 | SME Server 11.X | unspecified | CONFIRMED | Japanese and Romanian translations only partial - headings, but not a lot more. |
| 12704 | SME Server 11.X | unspecified | CONFIRMED | Hebrew translation only has "Date and Time" panel translated. |
| 12703 | SME Server 11.X | unspecified | CONFIRMED | Greek user panel has tag showing. |
| 12702 | SME Server 11.X | unspecified | CONFIRMED | some translations missing Menu item translation |
| 12701 | SME Server 11.X | unspecified | CONFIRMED | Some translated panels are scrambled good example is Hostnames panel |
| 12700 | SME Server 11.X | unspecified | CONFIRMED | No way of programming in the translation for a contrib menu item title to be translated |
| 12699 | SME Server 11.X | unspecified | CONFIRMED | SM2 Re-configure and Reboot not translated |
| 12698 | SME Contribs | 10.0 | CONFIRMED | Spelling error in table header (see attached picture) |
| 12696 | SME Server 11.X | unspecified | CONFIRMED | Uncaught File 'Roboto-Regular.ttf' not found in virtual file system |
| 12695 | SME Server 11.X | unspecified | CONFIRMED | cache issue |
| 12694 | SME Server 11.X | unspecified | IN_PROGRESS | should not allow non ascii characters in ldap |
| 12693 | SME Server 11.X | unspecified | RESOLVED | prestart script logs to messages |
| 12692 | SME Server 11.X | unspecified | CONFIRMED | use same wording for user action script |
| 12691 | SME Server 11.X | unspecified | RESOLVED | new log does not fill after log rotate smeserver-radiusd |
| 12690 | SME Server 11.X | unspecified | RESOLVED | new log does not fill after log rotate smeserver-openssh |
| 12689 | SME Server 11.X | unspecified | RESOLVED | new log does not fill after log rotate smeserver-spamassassin |
| 12688 | SME Server 11.X | unspecified | RESOLVED | new log does not fill after log rotate smeserver-base |
| 12687 | SME Server 11.X | unspecified | RESOLVED | convert CPU usage to Net::LDAP [smeserver-samba] |
| 12686 | SME Server 11.X | unspecified | RESOLVED | convert CPU usage to Net::LDAP [smeserver-ibay] |
| 12685 | SME Contribs | 10.0 | VERIFIED | Install fails when attempting occ cmd at cli and no browser access |
| 12680 | SME Server 11.X | unspecified | CONFIRMED | Align "submit" button on the left consistently on initial panel for each function |
| 12679 | SME Server 11.X | unspecified | VERIFIED | Add mojolicious logo to footer |
| 12678 | SME Server 11.X | unspecified | CONFIRMED | rework pppoe for kernel space rather than use rspace |
| 12677 | SME Server 11.X | unspecified | CONFIRMED | add support for external VLAN |
| 12676 | SME Contribs | 10.0 | RESOLVED | when using pppoe 2nd instance of ddclient running as root |
- Report truncated - count greater than max allowed 101 > 100
