Open Stack

Hi Fabrice,

The design of Swift has always assumed that the backend services are
running on a secured, private network.  If this is not going to be the
case, or you would like to provide more security on that network, a
lot more work needs to be done than just rsync.  That said,  I don't
think it  would be too difficult to add rsync options in the
replication configuration.  It isn't something that is on our current
timeline, but we would gladly accept such a patch.

--
Chuck

On Wed, Oct 12, 2011 at 6:07 AM, Fabrice Bacchella
<fbacchella at spamcop.net> wrote:
> swift uses rsync for some synchronization tasks. But for what I can see, it mades a very raw usage of it :
> In db_replicator.py :
>    def _rsync_file(self, db_file, remote_file, whole_file=True):
>        ...
>        popen_args = ['rsync', '--quiet', '--no-motd',
>                      '--timeout=%s' % int(math.ceil(self.node_timeout)),
>                      '--contimeout=%s' % int(math.ceil(self.conn_timeout))]
>        ...
>
> In replicator.py:
>    def rsync(self, node, job, suffixes):
>        ...
>        args = [
>            'rsync',
>            '--recursive',
>            '--whole-file',
>            '--human-readable',
>            '--xattrs',
>            '--itemize-changes',
>            '--ignore-existing',
>            '--timeout=%s' % self.rsync_io_timeout,
>            '--contimeout=%s' % self.rsync_io_timeout,
>        ]
>
>
> Nothing can be changed like the rsync binary, the port used, ...
>
> Worst, there is no security at all, so one has to rely on networks isolation to protect data.
>
> Is there any plan to improve that, by providing optionnal arguments in the conf for example ? Or at lease some not to difficult way to use some other methods ?
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>