On Fri, Apr 15, 2016 at 02:01:34PM +0000, Nick Bebout wrote:
diff --git a/roles/rsyncd/files/rsyncd.conf.download-ibiblio b/roles/rsyncd/files/rsyncd.conf.download-ibiblio index 15375aa..478bf48 100644 --- a/roles/rsyncd/files/rsyncd.conf.download-ibiblio +++ b/roles/rsyncd/files/rsyncd.conf.download-ibiblio @@ -68,7 +68,7 @@ refuse options = checksum list = no uid = 263 gid = 263
hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 152.19.134.145 152.19.134.195 mirrors.mit.edu solar-one.mit.edu 10.64.10.11 mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com mirror01.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mi
rror.kernel.org 129.7.128.189 129.7.128.190 129.101.198.59 frisal.switch.ch 208.96.144.70 208.96.144.16
hosts allow = jobbot1.ibiblio.org 200.17.202.1/28 zeus1.kernel.org zeus2.kernel.org zeus3.kernel.org zeus4.kernel.org 149.20.20.132 204.152.191.36 199.6.1.170 130.239.17.3 sinclair.wpi.edu bonaparte.hrz.tu-chemnitz.de josephine.hrz.tu-chemnitz.de mirror.speedpartner.de rsyncer.ftp.heanet.ie archive.linux.duke.edu lists.us.dell.com auslistsprd01.us.dell.com auslistsdr01.us.dell.com 198.129.224.34 mirror.hiwaay.net sagres.c3sl.ufpr.br mail.fedoraunity.org scrye.com odysseus.fi.muni.cz odysseus.linux.cz rhlx01.hs-esslingen.de ftp.nrc.ca zaphod.gtlib.gatech.edu 128.171.104.148 129.21.171.98 torrent01.fedoraproject.org torrent02.fedoraproject.org sunsite.mff.cuni.cz sunsite.ms.mff.cuni.cz ultra.linux.cz ftp.cz.kernel.org 202.158.214.12 speculum.rbc.ru 71.19.151.18 152.19.134.145 152.19.134.195 mirrors.mit.edu solar-one.mit.edu 10.64.10.11 mirrors.xmission.com 182.255.111.7 2001:388:1:4066:225:90ff:fec7:777e mirror.prgmr.com tiz-korg-mirror.kernel.org sfo-korg-mirror.kernel.org 129
.7.128.189 129.7.128.190 129.101.198.59 frisal.switch.ch 208.96.144.70 208.96.144.16
These diffs of the rsync ACLs are not very useful. For me it is almost impossible to see if and what has changed. It also seems we have to maintain the ACL in 4 or 5 different files. Can the rsync ACL not be handled in a more ansible way? I don't know much about ansible but wouldn't it be possible to maintain the ACL one time with something like this:
- name rsync acl template: some template with a loop statement over items with_items: - ip1 - ip2 - host1 - host2
That would make the diffs readable any maybe we could maintain the rsync ACL in only one place. Before trying to implement it I wanted to see if there are some better ideas/ways to implement this 'correctly'.
Adrian
On Fri, 15 Apr 2016 18:46:02 +0200 Adrian Reber adrian@lisas.de wrote:
These diffs of the rsync ACLs are not very useful. For me it is almost impossible to see if and what has changed. It also seems we have to maintain the ACL in 4 or 5 different files. Can the rsync ACL not be handled in a more ansible way? I don't know much about ansible but wouldn't it be possible to maintain the ACL one time with something like this:
- name rsync acl template: some template with a loop statement over items with_items:
- ip1
- ip2
- host1
- host2
That would make the diffs readable any maybe we could maintain the rsync ACL in only one place. Before trying to implement it I wanted to see if there are some better ideas/ways to implement this 'correctly'.
Yeah, I am all for this change. We should be able to use ansible variables and a template and make it much more readable. Additionally we can then easily see who added a line when.
If someone wants to come up with a patch and test it out, please do and we can look at it as a freeze break.
kevin
On Tue, Apr 19, 2016 at 10:55:12AM -0600, Kevin Fenzi wrote:
On Fri, 15 Apr 2016 18:46:02 +0200 Adrian Reber adrian@lisas.de wrote:
These diffs of the rsync ACLs are not very useful. For me it is almost impossible to see if and what has changed. It also seems we have to maintain the ACL in 4 or 5 different files. Can the rsync ACL not be handled in a more ansible way? I don't know much about ansible but wouldn't it be possible to maintain the ACL one time with something like this:
- name rsync acl template: some template with a loop statement over items with_items:
- ip1
- ip2
- host1
- host2
That would make the diffs readable any maybe we could maintain the rsync ACL in only one place. Before trying to implement it I wanted to see if there are some better ideas/ways to implement this 'correctly'.
Yeah, I am all for this change. We should be able to use ansible variables and a template and make it much more readable. Additionally we can then easily see who added a line when.
If someone wants to come up with a patch and test it out, please do and we can look at it as a freeze break.
I can try to come up with a patch. Which location would be the most suited to hold the ACL content. Should this be in yml file or rather under group_vars or host_vars (or some other place)?
Adrian
infrastructure@lists.fedoraproject.org