Re: [Handle-info] how to mirror multiple sites with a single secondary handle server?

[Sean Reilly <sreilly@cnri.reston.va.us>]

Hi Eric,

Your idea is very well thought out and I think it will work.  The  
most important change is obviously the delete_all_handles_stmt  
because that is called when each of the "fetch" servers begin the  
mirroring process.  I would change delete_all_handles_stmt to a no-op  
and manually clear the database before starting.

You are right that it is not possible to configure or tune a mirror  
to pull updates from two separate primary sites.  This is because the  
mirror would have to trust that each of the primary sites didn't  
update or modify duplicate handles or prefixes.  For example, assume  
primary 1 is responsible for prefix xyz and has a handle xyz/abc.  If  
the administrator of primary 2 were to "home" xyz on primary 2 he  
could then create his own version of xyz/1 which could overwrite the  
xyz/1 from primary 1.  That administrator could also un-home xyz from  
primary 2 which would have the effect of un-homing it from the  
aggregate mirror.

You may have to worry about this case if you have two different and  
untrusted (by each other) parties with admin rights on primary 1 and  
primary 2.  If both primary servers have the same administrators then  
it shouldn't be an issue as long as they don't accidentally home or  
un-home prefixes on the wrong primary.

Thanks,
Sean

On Oct 15, 2007, at 12:21 PM, Eric Auer wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Hi all,
>
> we would like to mirror several sites with one
> single server. To be more exact, we would like
> to keep open ports in our firewall at a minimum.
>
> One idea on how to do this, please comment:
> We could install 3 servers to mirror 2 sites...
> One server would be set to "normal server with
> read only access". The other 2 would be set to
> "you are a mirror of prefix A" and "you are a
> mirror of prefix B". All 3 servers would share
> the same SQL database but only the "normal"
> server would be accessible from the outside.
>
> The global handle servers would list that one
> server as the "actual" mirror for both sites /
> prefixed. I assume that mirroring is a "pull"
> process so no connections from the outside to
> the 2 "fetch data" servers would be needed.
> All 3 would use the same public/private keys.
>
> The 2 mirrors would use "tuned" config.dct to
> hide the respective other prefixed from each
> other or at least avoid interference when they
> both write to the same database (which is then
> read by the 3rd, read-only server). This would
> affect delete_all_handles_stmt and maybe also
> scan_nas_stmt/scan_handles_stmt, anything else?
>
> I looked at ReplicationDaemon, at TxnCallback
> and at DumpHandlesResponse. It seems that having
> a secondary / mirror replicate more than one
> server is only supported without trickery if all
> primary servers are from the same site? Or is
> it possible to "tune" some config / site info
> file to tell a mirror to mirror 2 actual sites?
> txnsrcsv.bin maybe?
>
> Please let me know if you think this can work,
> and if you have further suggestions. It would
> be nice if we could avoid having to modify the
> source code or having to open many ports when
> we mirror many sites.
>
> Thanks :-)
>
> Eric
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.5 (GNU/Linux)
> Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
>
> iD8DBQFHE00o99dkROyhRRsRAnPlAJwLYXMB1SQ6DUcSk64gGoB3ZSDLUgCcDDwz
> 1nVxzu3TslQR8zAqgUZRug8=
> =IMG3
> -----END PGP SIGNATURE-----
>
>
> _______________________________________________
> Handle-Info mailing list
> Handle-Info@cnri.reston.va.us
> http://www.handle.net/mailman/listinfo/handle-info

Attachment: smime.p7s
Description: S/MIME cryptographic signature