Hi Fabrice, The design of Swift has always assumed that the backend services are running on a secured, private network. If this is not going to be the case, or you would like to provide more security on that network, a lot more work needs to be done than just rsync. That said, I don't think it would be too difficult to add rsync options in the replication configuration. It isn't something that is on our current timeline, but we would gladly accept such a patch.
-- Chuck On Wed, Oct 12, 2011 at 6:07 AM, Fabrice Bacchella <[email protected]> wrote: > swift uses rsync for some synchronization tasks. But for what I can see, it > mades a very raw usage of it : > In db_replicator.py : > def _rsync_file(self, db_file, remote_file, whole_file=True): > ... > popen_args = ['rsync', '--quiet', '--no-motd', > '--timeout=%s' % int(math.ceil(self.node_timeout)), > '--contimeout=%s' % int(math.ceil(self.conn_timeout))] > ... > > In replicator.py: > def rsync(self, node, job, suffixes): > ... > args = [ > 'rsync', > '--recursive', > '--whole-file', > '--human-readable', > '--xattrs', > '--itemize-changes', > '--ignore-existing', > '--timeout=%s' % self.rsync_io_timeout, > '--contimeout=%s' % self.rsync_io_timeout, > ] > > > Nothing can be changed like the rsync binary, the port used, ... > > Worst, there is no security at all, so one has to rely on networks isolation > to protect data. > > Is there any plan to improve that, by providing optionnal arguments in the > conf for example ? Or at lease some not to difficult way to use some other > methods ? > > _______________________________________________ > Mailing list: https://launchpad.net/~openstack > Post to : [email protected] > Unsubscribe : https://launchpad.net/~openstack > More help : https://help.launchpad.net/ListHelp > _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : [email protected] Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
