openstack team mailing list archive
-
openstack team
-
Mailing list archive
-
Message #04745
Re: swift and rsync
Hi Fabrice,
The design of Swift has always assumed that the backend services are
running on a secured, private network. If this is not going to be the
case, or you would like to provide more security on that network, a
lot more work needs to be done than just rsync. That said, I don't
think it would be too difficult to add rsync options in the
replication configuration. It isn't something that is on our current
timeline, but we would gladly accept such a patch.
--
Chuck
On Wed, Oct 12, 2011 at 6:07 AM, Fabrice Bacchella
<fbacchella@xxxxxxxxxxx> wrote:
> swift uses rsync for some synchronization tasks. But for what I can see, it mades a very raw usage of it :
> In db_replicator.py :
> def _rsync_file(self, db_file, remote_file, whole_file=True):
> ...
> popen_args = ['rsync', '--quiet', '--no-motd',
> '--timeout=%s' % int(math.ceil(self.node_timeout)),
> '--contimeout=%s' % int(math.ceil(self.conn_timeout))]
> ...
>
> In replicator.py:
> def rsync(self, node, job, suffixes):
> ...
> args = [
> 'rsync',
> '--recursive',
> '--whole-file',
> '--human-readable',
> '--xattrs',
> '--itemize-changes',
> '--ignore-existing',
> '--timeout=%s' % self.rsync_io_timeout,
> '--contimeout=%s' % self.rsync_io_timeout,
> ]
>
>
> Nothing can be changed like the rsync binary, the port used, ...
>
> Worst, there is no security at all, so one has to rely on networks isolation to protect data.
>
> Is there any plan to improve that, by providing optionnal arguments in the conf for example ? Or at lease some not to difficult way to use some other methods ?
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
>
References
