Blame docs/operations/apps/mirrormanagement.md

0591d7
# CentOS Mirror managements SOP
0591d7
0591d7
Depending on the CentOS version, (8-stream, 7 or 9-stream), yum/dnf repositories on client machines are configured to either use `mirrorlist.centos.org` or `mirrors.centos.org`. 
0591d7
`mirrors.centos.org` is an alias to mirrors.fedoraproject.org and so is a MirrorManager instance hosted by Fedora infra team. Let's see which process to follow when we get a ticket  (see [Howto on the wiki](https://wiki.centos.org/HowTos/CreatePublicMirrors) ) to add/remove/modify a mirror entry in corresponding DB.
0591d7
0591d7
## CentOS Stream 9
0591d7
0591d7
When we get a new request for CentOS Stream 9 mirror, the process goes like this : 
0591d7
0591d7
  * ticket is reviewed by infra-and-releng team and tagged with `mirrormanager` label
0591d7
  * assignee should : 
0591d7
    * verify that mirror isn't located at GeoIP level from an [embargoed country](https://www.centos.org/legal)
0591d7
    * verify that provided URLs (http/https and - optional - rsync) are working
0591d7
    * follow the link to that mirror in mirrormanager (needs `sysadmin-web` FAS group membership)
0591d7
    * add the `CentOS` category and then add the URLs
794045
    * In `mirmon.rdu2.centos.org`, update the file `/etc/mirmon/stream-mirror.list` with the IPs to be add in ACL (one IP per line), like the following pattern:
794045
    ```
794045
    # <issue number> <HTTP url>
794045
    <IP>
794045
    <IP>
794045
    <IP>
794045
    ```
0591d7
    * update ticket with info and close
0591d7
0591d7
## CentOS Linux 7 and 8-stream
0591d7
0591d7
When we get a new request for CentOS Linux 7 or 8-stream, the process goes like this : 
0591d7
0591d7
  * ticket is reviewed by infra-and-releng team and tagged with `mirror-linux` label
0591d7
  * assignee should :
0591d7
    * verify that mirror isn't located at GeoIP level from an [embargoed country](https://www.centos.org/legal)
0591d7
    * verify that provided URLs (http/https and - optional - rsync) are working
0591d7
    * update ticket with info and close
0591d7
0591d7
0591d7
### Adding new mirror
0591d7
To help with these steps, there is a simple wrapper/helper script on the machine behind https://mirror-status.centos.org.
0591d7
It will run some pre-flights checks and output the SQL statements to copy/paste into mysql to add the new mirror in mirmon DB.
0591d7
0591d7
The process to launch, when one has a shell on the mirmon node, is `/var/lib/centos-mirrors/mirror-geo-check.py`
0591d7
Follow the steps and then copy/paste mysql statement into mysql (against mirmon database)
0591d7
b0916d
!!! note
b0916d
    attention that some fields in mysql db are primary key and wouldn't accept duplicate, so in case one "sponsor" would like to have multiple mirrors, just slightly modify the name (like empty space before) before adding to MySQL
0591d7
0591d7
### Updating existing mirror
b0916d
b0916d
Let's explore at a way to modify existing mirror in the database, and it will have to be done manually directly into mysql.
b0916d
b0916d
we have two tables that would need eventually to be updated : 
b0916d
b0916d
 * mirrors
b0916d
 * ipaddresses
b0916d
b0916d
Here are the schemas :
b0916d
b0916d
```
b0916d
MariaDB [mirmon]> describe mirrors;
b0916d
+---------------------+-------------------------------------------------------------------------+------+-----+---------+----------------+
b0916d
| Field               | Type                                                                    | Null | Key | Default | Extra          |
b0916d
+---------------------+-------------------------------------------------------------------------+------+-----+---------+----------------+
b0916d
| mirror_id           | mediumint(8) unsigned                                                   | NO   | PRI | NULL    | auto_increment |
b0916d
| name                | varchar(100)                                                            | NO   | UNI |         |                |
b0916d
| location-major      | varchar(20)                                                             | NO   |     |         |                |
b0916d
| locmajidx           | int(11)                                                                 | NO   |     | 0       |                |
b0916d
| location-minor      | varchar(20)                                                             | NO   | MUL |         |                |
b0916d
| http                | varchar(127)                                                            | NO   | MUL |         |                |
b0916d
| https               | varchar(127)                                                            | NO   | MUL |         |                |
b0916d
| ftp                 | varchar(127)                                                            | NO   |     |         |                |
b0916d
| rsync               | varchar(127)                                                            | NO   |     |         |                |
b0916d
| speed               | enum('T1','T2','T3')                                                    | NO   |     | T1      |                |
b0916d
| bandwidth           | varchar(10)                                                             | NO   |     |         |                |
b0916d
| status              | enum('Active','Disabled','Dead','Master','Gone')                        | NO   | MUL | Active  |                |
b0916d
| state               | enum('current','behind','out of date','not syncing','timeout','broken') | NO   |     | current |                |
b0916d
| Contact-name        | varchar(40)                                                             | NO   |     |         |                |
b0916d
| Contact-tel         | varchar(40)                                                             | NO   |     |         |                |
b0916d
| contact-email       | varchar(127)                                                            | NO   |     |         |                |
b0916d
| comments            | varchar(16384)                                                          | NO   |     |         |                |
b0916d
| access-ips-or-hosts | varchar(128)                                                            | NO   |     |         |                |
b0916d
| access-hosts        | varchar(128)                                                            | NO   |     |         |                |
b0916d
| Type                | enum('Direct','Indirect','Personal','Internal','Master','Slave')        | NO   | MUL | Direct  |                |
b0916d
| restructured        | enum('no','yes')                                                        | NO   |     | yes     |                |
b0916d
| centostext          | varchar(20)                                                             | NO   |     |         |                |
b0916d
| url                 | varchar(128)                                                            | NO   |     |         |                |
b0916d
| info_note           | varchar(40)                                                             | NO   |     |         |                |
b0916d
| notes_private       | varchar(16384)                                                          | NO   |     |         |                |
b0916d
| infoblock           | varchar(128)                                                            | NO   |     |         |                |
b0916d
| graphic_url         | varchar(128)                                                            | NO   |     |         |                |
b0916d
| centos_2            | enum('yes','no')                                                        | NO   |     | yes     |                |
b0916d
| centos_3            | enum('yes','no')                                                        | NO   |     | yes     |                |
b0916d
| centos_4            | enum('yes','no')                                                        | NO   |     | yes     |                |
b0916d
| centos_5            | enum('yes','no')                                                        | NO   |     | yes     |                |
b0916d
| centos_6            | enum('yes','no')                                                        | NO   |     | yes     |                |
b0916d
| centos_all          | enum('yes','no')                                                        | NO   |     | yes     |                |
b0916d
| arch_all            | enum('yes','no')                                                        | NO   |     | yes     |                |
b0916d
| arches              | varchar(64)                                                             | NO   |     |         |                |
b0916d
| dvd-iso             | enum('no','yes')                                                        | NO   |     | no      |                |
b0916d
| dvd_3               | enum('no','yes')                                                        | NO   |     | no      |                |
b0916d
| dvd_4               | enum('no','yes')                                                        | NO   |     | no      |                |
b0916d
| dvd_5               | enum('no','yes')                                                        | NO   |     | no      |                |
b0916d
| dvd_6               | enum('no','yes')                                                        | NO   |     | yes     |                |
b0916d
| dvd-iso-host        | enum('no','yes')                                                        | NO   |     | yes     |                |
b0916d
| rsync-dvd-host      | varchar(127)                                                            | NO   |     |         |                |
b0916d
| cc                  | char(2)                                                                 | NO   | MUL |         |                |
b0916d
| continent           | enum('us','eu','af','oc','ap','sa')                                     | NO   | MUL | us      |                |
b0916d
| centos_code         | char(2)                                                                 | NO   | MUL |         |                |
b0916d
| priority            | int(11)                                                                 | NO   |     | 0       |                |
b0916d
| use_in_mirrorlists  | enum('yes','no')                                                        | NO   |     | yes     |                |
b0916d
| use_https_for_isos  | enum('yes','no')                                                        | NO   |     | yes     |                |
b0916d
| altarch             | enum('no','yes')                                                        | NO   | MUL | no      |                |
b0916d
| altarch_http        | varchar(127)                                                            | NO   |     |         |                |
b0916d
| altarch_https       | varchar(127)                                                            | NO   |     |         |                |
b0916d
| altarch_ftp         | varchar(127)                                                            | NO   |     |         |                |
b0916d
| altarch_rsync       | varchar(127)                                                            | NO   |     |         |                |
b0916d
+---------------------+-------------------------------------------------------------------------+------+-----+---------+----------------+
b0916d
53 rows in set (0.00 sec)
b0916d
b0916d
MariaDB [mirmon]> describe ipaddresses;
b0916d
+-----------+-----------------------+------+-----+---------+----------------+
b0916d
| Field     | Type                  | Null | Key | Default | Extra          |
b0916d
+-----------+-----------------------+------+-----+---------+----------------+
b0916d
| ip_id     | mediumint(8) unsigned | NO   | PRI | NULL    | auto_increment |
b0916d
| mirror_id | mediumint(8) unsigned | YES  | MUL | NULL    |                |
b0916d
| ip        | varchar(43)           | NO   | MUL | NULL    |                |
b0916d
| expires   | date                  | YES  |     | NULL    |                |
b0916d
| asn       | int(10) unsigned      | YES  | MUL | NULL    |                |
b0916d
+-----------+-----------------------+------+-----+---------+----------------+
b0916d
5 rows in set (0.00 sec)
b0916d
b0916d
```
b0916d
b0916d
If a mirror would like to have its name or url changed, the relevant fields would be either name, url, http, https, rsync , etc ...
b0916d
If they ask for a new ip address to be removed or added or modified in the ACL (rsync isn't widely opened, but rather restricted to ip addresses in the DB), it should be updated in the ipaddresses table.
b0916d
b0916d
The "link" between mirrors and ipaddresses is `mirror_id` : 
b0916d
b0916d
```
b0916d
MariaDB [mirmon]> select mirror_id from mirrors where http like '%my.mirror.com%';
b0916d
+-----------+
b0916d
| mirror_id |
b0916d
+-----------+
b0916d
|       445 |
b0916d
+-----------+
b0916d
1 row in set (0.00 sec)
b0916d
b0916d
MariaDB [mirmon]> select * from ipaddresses where mirror_id='445';
b0916d
+-------+-----------+--------------------+---------+------+
b0916d
| ip_id | mirror_id | ip                 | expires | asn  |
b0916d
+-------+-----------+--------------------+---------+------+
b0916d
|   311 |       445 | 192.168.1.0/24     | NULL    | NULL |
b0916d
|  1780 |       445 | 192.168.2.0/24     | NULL    | NULL |
b0916d
|  1781 |       445 | 2620:10d::         | NULL    | NULL |
b0916d
+-------+-----------+--------------------+---------+------+
b0916d
3 rows in set (0.00 sec)
b0916d
b0916d
```
b0916d
b0916d
!!! note
b0916d
    if we have a ticket about a mirror not able to sync anymore, but that we have its ip address in DB, we should always first check that status isn't `Gone` or `Disabled` as that would explain why they can't rsync from us anymore : The ACL is using only active mirrors
b0916d
b0916d
```
b0916d
select mirror_id,state,status from mirrors where http like '%my.mirror.com%';
b0916d
+-----------+---------+--------+
b0916d
| mirror_id | state   | status |
b0916d
+-----------+---------+--------+
b0916d
|        74 | current | Active |
b0916d
+-----------+---------+--------+
b0916d
1 row in set (0.00 sec)
b0916d
b0916d
```
b0916d
b0916d
From that point, it's a matter or updating directly with some `insert` or `update` sql statements where needed