Some notes from creating

On the master rsync host (e.g. add the new site netblocks to /usr/local/etc/rsync/rsyncd.conf and restart rsyncd.

On the jail host:

zfs create -o mountpoint=/ftp zroot/ftp
rsync -aH rsync:// /ftp/    (Choose a local fast relatively complete mirror)
rsync -aH --partial --delete rsync:// /ftp/
mkdir -p /j/jails/ftp0/home/ftp/pub/FreeBSD
echo "/ftp /j/jails/ftp0/home/ftp/pub/FreeBSD nullfs ro 0 0" > /etc/fstab.ftp0
cd /j/jails/ftp0/home/ftp/pub/; for i in favicon.ico .message index.html; do fetch$i; done

... and update .message and index.html as appropriate.

The initial sync from a potentially untrusted local mirror is fine, as the second rsync will fix up any differences when run against the master. The second rsync should be pretty quick as there is very little data to actually transfer, but it is worth timing it to establish how long a full sync takes (as we timelimit the syncs run from cron).

The datastore is mounted readonly into the jail, all updates to the datastore are done by the host. On the host, copy /root/ from one of the other mirrors, and set up a cron job to mirror hourly.

Install packages ftp/vsftpd and www/nginx. Copy /usr/local/etc/nginx/nginx.conf and /usr/local/etc/vsftpd.conf from another host, and update as appropriate.

vsftpd is run from inetd, so add it to jail /etc/inetd.conf:

ftp     stream  tcp     nowait/100/20/20        root    /usr/local/libexec/vsftpd       vsftpd
ftp     stream  tcp6    nowait/100/20/20        root    /usr/local/libexec/vsftpd       vsftpd

Jail rc.conf additions:


Teams/clusteradm/ftp-mirror (last edited 2014-11-25T21:42:12+0000 by GavinAtkinson)