Date: Sat, 17 Jul 2010 09:00:07 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Lowell Gilbert <freebsd-current-local@be-well.ilk.org> Cc: freebsd-current@freebsd.org, Alex Kozlov <spam@rm-rf.kiev.ua>, Gabor Kovesdan <gabor@freebsd.org> Subject: Re: periodic script in base system to run csup Message-ID: <4C416307.9000001@infracaninophile.co.uk> In-Reply-To: <44k4ov6nax.fsf@lowell-desk.lan> References: <20100716143621.GA9281@ravenloft.kiev.ua> <44k4ov6nax.fsf@lowell-desk.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
On 17/07/2010 24:04:38, Lowell Gilbert wrote:
> Alex Kozlov <spam@rm-rf.kiev.ua> writes:
>
>> On Fri, Jul 16, 2010 at 04:27:39PM +0200, Gabor Kovesdan wrote:
>>> Em 2010.07.16. 16:23, Alex Kozlov escreveu:
>>>> On Fri, Jul 16, 2010 at 03:58:33PM +0200, Gabor Kovesdan wrote:
>>>>
>>>> Thousands pc simultaneously try to access cvsup servers?
>>>> Sound like a ddos to me.
>>> Yes, this was the only concern and that's why I started this discussion.
>> And because its periodic, We can't use portsnap solution (random delay
>> before csup start).
>
> It's not completely impossible; periodic could spin off a separate shell
> for it, with a random delay. It's not clear what the best way to deal
> with the output would be, although several approaches present themselves.
> It would be a lot more complicated than Gabor's approach, though.
Simply ensuring the csup periodic job is the last one to run
(/etc/periodic/daily/1000.csup ?) should give you the best of both
worlds. You can insert a random delay of up to an hour and still deal
with csup as a foreground job. All of the other periodic jobs will run
as normal (and should help with randomising the time distribution of the
csup runs too) -- you'll just have to wait a bit longer for the nightly
e-mail to be produced.
Even so, I think this is still likely to upset the cvsup servers: a
whole timezone worth of machines hitting a small number of servers
within one or two hours might be doable with portsnap / freebsd-update
but cvsup requires a lot more effort server-side.
Cheers
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matthew@infracaninophile.co.uk Kent, CT11 9PW
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkxBYw4ACgkQ8Mjk52CukIx/ZQCfWMuiyGsoD77lllg/aaF9dPaY
j6sAn30E/jk37O4y+gR2Fqmn0Th5kvf4
=P5QY
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C416307.9000001>