Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 930192 - rsync1.za.gentoo.org only permitted to sync to master over ipv6
Summary: rsync1.za.gentoo.org only permitted to sync to master over ipv6
Status: RESOLVED FIXED
Alias: None
Product: Mirrors
Classification: Unclassified
Component: Server Problem (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Mirror Admins
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-04-18 09:45 UTC by Jaco Kroon
Modified: 2024-04-18 21:35 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jaco Kroon 2024-04-18 09:45:04 UTC 
Hi,

jkroon@plastiekpoot ~ $ host rsync1.za.gentoo.org
rsync1.za.gentoo.org has address 154.73.32.1
rsync1.za.gentoo.org has address 154.73.32.2
rsync1.za.gentoo.org has IPv6 address 2c0f:f720::1
rsync1.za.gentoo.org has IPv6 address 2c0f:f720::2


Only the ipv6 addresses in these pairs are permitted to sync from rsync://masterportage.gentoo.org/gentoo-portage

We would like to request that the IPv4 addresses please be permitted as well,.  We had a case recently where our IPv6 advertisements over IPT failed where IPv4 was still functional, and would have assisted with keeping the two nodes up to date if IPv4 was permitted.

Normally this is not a problem.

Kind regards,
Jaco
Comment 1 Jaco Kroon 2024-04-18 14:47:37 UTC 
So after updates to lockrun we now get sporadic reports on failure, looking into the generated alerts it turns out that sometimes emerge --sync will try upstream v6 and sometimes v4, and thus ends up failing about half the time.
Comment 2 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2024-04-18 15:51:26 UTC 
Those v4 addresses are different than the ones on file.
Specifically, we had the source addresses permitted as: 154.73.32.11 & 
154.73.32.12

I've added .1 & .2 now, should be live in less than 90 minutes.
Comment 3 Jaco Kroon 2024-04-18 18:08:41 UTC 
Hi Robin,

I believe .11 and .12 (wherever they came from) were typos.  .11 at least isn't currently allocated, and I'd honestly need to check where .12 route to but I suspect they were delegated to one of our customers as a loopback address for their routers facing us.  Highly doubt there will be malice but I believe like me you like to keep records and configurations accurate.

Thanks for the quick response on this.

Kind regards,
Jaco
Comment 4 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2024-04-18 18:26:39 UTC 
(In reply to Jaco Kroon from comment #3)
> Hi Robin,
> 
> I believe .11 and .12 (wherever they came from) were typos.  .11 at least
> isn't currently allocated, and I'd honestly need to check where .12 route to
> but I suspect they were delegated to one of our customers as a loopback
> address for their routers facing us.  Highly doubt there will be malice but
> I believe like me you like to keep records and configurations accurate.
> 
> Thanks for the quick response on this.
> 
> Kind regards,
> Jaco


Is it working from your side now? If so I'll update that .11 & .12 and close the ticket
Comment 5 Jaco Kroon 2024-04-18 18:31:59 UTC 
rsync -4 rsync://masterportage.gentoo.org/gentoo-portage

Gives me a directory listing from both nodes so I believe that's fine.