summaryrefslogtreecommitdiff
path: root/etc/ftpsync.conf.sample
blob: 7b8c81c926d6c7a110c3f5e4e8a7b68cfb8cd866 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
########################################################################
########################################################################
## This is a sample configuration file for the ftpsync mirror script. ##
## Most of the values are commented out and just shown here for       ##
## completeness, together with their default value.                   ##
########################################################################
########################################################################

## Mirrorname. This is used for things like the trace file name and should always
## be the full hostname of the mirror.
#MIRRORNAME=`hostname -f`

## Destination of the mirrored files. Should be an empty directory.
## CAREFUL, this directory will contain the mirror. Everything else
## that might have happened to be in there WILL BE GONE after the mirror sync!
#TO="/srv/mirrors/debian/"

## The upstream name of the rsync share.
##
## You can find out what share names your upstream mirror supports by running
## rsync YOURUPSTREAMSERVER::
## (You might have to export RSYNC_USER/RSYNC_PASSWORD for this to work)
#RSYNC_PATH="debian"

## The host we mirror from
#RSYNC_HOST=some.mirror.debian.org

## In case we need a user to access the rsync share at our upstream host
#RSYNC_USER=

## If we need a user we also need a password
#RSYNC_PASSWORD=

## Set to "true" to tunnel your rsync through stunnel.
##
## ftpsync will then use rsync's -e option to wrap the connection
## with bin/rsync-ssl-tunnel which sets up an stunnel to connect to
## RSYNC_SSL_PORT on the remote site.  (This requires server
##  support, obviously.)
##
## ftpsync can use either socat or stunnel4 to set up the encrypted
## tunnel.
##  o Note that stunnel will not verify the peer certificate's name
##    (It will check that it's a valid certificate signed by a CA, but not
##    if it is actually for the host you want to connect to.)
##  o socat will verify the peer certificate name only starting with version
##    1.7.3 (Debian 9.0).
## To test if things work, you can run
##  RSYNC_SSL_PORT=1873 RSYNC_SSL_CAPATH=/etc/ssl/certs RSYNC_SSL_METHOD=socat rsync -e 'bin/rsync-ssl-tunnel' <server>::
#RSYNC_SSL=false
#RSYNC_SSL_PORT=1873
#RSYNC_SSL_CAPATH=/etc/ssl/certs
#RSYNC_SSL_METHOD=socat

## In which directory should logfiles end up
## Note that BASEDIR defaults to $HOME, but can be set before calling the
## ftpsync script to any value you want (for example using pam_env)
#LOGDIR="${BASEDIR}/log"

## Name of our own logfile.
## Note that ${NAME} is set by the ftpsync script depending on the way it
## is called. See README for a description of the multi-archive capability
## and better always include ${NAME} in this path.
#LOG="${LOGDIR}/${NAME}.log"

## The script can send logs (or error messages) to a mail address.
## If this is unset it will default to the local root user unless it is run
## on a .debian.org machine where it will default to the mirroradm people.
#MAILTO="root"

## If you do want a mail about every single sync, set this to false
## Everything else will only send mails if a mirror sync fails
#ERRORSONLY="true"

## If you want the logs to also include output of rsync, set this to true.
## Careful, the logs can get pretty big, especially if it is the first mirror
## run
#FULLLOGS="false"

## If you do want to exclude files from the mirror run, put --exclude statements here.
## See rsync(1) for the exact syntax, these are passed to rsync as written here.
## DO NOT TRY TO EXCLUDE ARCHITECTURES OR SUITES WITH THIS, IT WILL NOT WORK!
#EXCLUDE=""

## If you do want to exclude an architecture, this is for you.
## Use as space seperated list.
## Possible values are:
## alpha amd64 arm arm64 armel armhf hppa hurd-i386 i386 ia64 kfreebsd-amd64
## kfreebsd-i386 m68k mipsel mips powerpc ppc64el s390 s390x sh sparc source
## eg. ARCH_EXCLUDE="alpha arm arm64 armel mipsel mips s390 sparc"
## An unset value will mirror all architectures (default!)
## Notice: source shall not be excluded on an official mirror
#ARCH_EXCLUDE=""

## Do we have leaf mirror to signal we are done and they should sync?
## If so set it to true and make sure you configure runmirrors.mirrors
## and runmirrors.conf for your need.
#HUB=false

## We do create three logfiles for every run. To save space we rotate them, this
## defines how many we keep
#LOGROTATE=14

## Our own lockfile (only one sync should run at any time)
#LOCK="${TO}/Archive-Update-in-Progress-${MIRRORNAME}"

# Timeout for the lockfile, in case we have bash older than v4 (and no /proc)
# LOCKTIMEOUT=${LOCKTIMEOUT:-3600}

## The following file is used to make sure we will end up with a correctly
## synced mirror even if we get multiple pushes in a short timeframe
#UPDATEREQUIRED="${TO}/Archive-Update-Required-${MIRRORNAME}"

## Number of seconds to sleep before retrying to sync whenever upstream
## is found to be updating while our update is running
#UIPSLEEP=1200

## Number of times the update operation will be retried when upstream
## is found to be updating while our update is running.
## Note that these are retries, so: 1st attempt + retries = total attempts
#UIPRETRIES=3

## The trace file is used by a mirror check tool to see when we last
## had a successful mirror sync. Make sure that it always ends up in
## project/trace and always shows the full hostname.
## This is *relative* to ${TO}
#TRACE="project/trace/${MIRRORNAME}"

## The trace file can have different format/contents. Here you can select
## what it will be.
## Possible values are
## "full"  - all information
## "terse" - partial, ftpsync version and local hostname
## "date"  - basic, timestamp only (date -u)
## "touch" - just touch the file in existance
## "none"  - no tracefile at all
##
## Default and required value for Debian mirrors is full.
#EXTENDEDTRACE="full"

## The local hostname to be written to the trace file.
#TRACEHOST="$(hostname -f)"

## We sync our mirror using rsync (everything else would be insane), so
## we need a few options set.
## The rsync program
#RSYNC=rsync

## Extra rsync options as defined by the local admin.
## There is no default by ftpsync.
##
## Please note that these options are added to EVERY rsync call.
## Also note that these are added at the beginning of the rsync call, as
## the very first set of options.
## Please ensure you do not add a conflict with the usual rsync options as
## shown below.
# RSYNC_EXTRA=""

## limit I/O bandwidth. Value is KBytes per second, unset or 0 means unlimited
#RSYNC_BW=""

## BE VERY CAREFUL WHEN YOU CHANGE THE RSYNC_OPTIONS! BETTER DON'T!
## BE VERY CAREFUL WHEN YOU CHANGE THE RSYNC_OPTIONS! BETTER DON'T!
## BE VERY CAREFUL WHEN YOU CHANGE THE RSYNC_OPTIONS! BETTER DON'T!
## BE VERY CAREFUL WHEN YOU CHANGE THE RSYNC_OPTIONS! BETTER DON'T!

## Files that must *never* be deleted by rsync. These are files handled
## internally by ftpsync and will be created, updated, and deleted when
## appropriate.
#RSYNC_FILTER="--filter=protect_Archive-Update-in-Progress-${MIRRORNAME} --filter=protect_${TRACE} --filter=protect_Archive-Update-Required-${MIRRORNAME}"

## Default rsync options every rsync invocation sees.
#RSYNC_OPTIONS="-prltvHSB8192 --timeout 3600 --stats ${RSYNC_FILTER}"

## Options the first pass gets. We do not want the Packages/Source indices
## here, and we also do not want to delete any files yet.
#RSYNC_OPTIONS1="--exclude=Packages* --exclude=Sources* --exclude=Release* --exclude=InRelease --exclude=i18n/* --exclude=ls-lR*"

## Options the second pass gets. Now we want the Packages/Source indices too
## and we also want to delete files. We also want to delete files that are
## excluded.
#RSYNC_OPTIONS2="--max-delete=40000 --delay-updates --delete --delete-excluded"

## You may establish the connection via a web proxy by setting the environment
## variable RSYNC_PROXY to a hostname:port pair pointing to your web proxy.  Note
## that your web proxy's configuration must support proxy connections to port 873.
# RSYNC_PROXY=


## The following three options are used in case we want to "callback" the host
## we got pushed from.
#CALLBACKUSER="archvsync"
#CALLBACKHOST="none"
#CALLBACKKEY="none"


## Hook scripts can be run at various places during the sync.
## Leave them blank if you don't want any
## Hook1: After lock is acquired, before first rsync
## Hook2: After first rsync, if successful
## Hook3: After second rsync, if successful
## Hook4: Right before leaf mirror triggering
## Hook5: After leaf mirror trigger, only if we have slave mirrors (HUB=true)
##
## Note that Hook3 and Hook4 are likely to be called directly after each other.
## Difference is: Hook3 is called *every* time the second rsync was successful,
## but even if the mirroring needs to re-run thanks to a second push.
## Hook4 is only effective if we are done with mirroring.
#HOOK1=
#HOOK2=
#HOOK3=
#HOOK4=
#HOOK5=