[Users] Re: [Devel] vzpkg
Robert Nelson
robertn at the-nelsons.org
Sat Aug 30 15:14:06 EDT 2008
Kir Kolyshkin wrote:
> Robert Nelson wrote:
>>>> For the yum-cache, I mount the /vz/template version of the cache
>>>> into the VE. I do the same for the apt/archives on Debian.
>>>
>>> If you do it read-only, how do you handle the case yum/apt wants to
>>> write something to it?
>>>
>>> If you do it read-write, how can you make sure that an evil
>>> container root will not put some home-baked Trojaned packages into
>>> that area?
>>>
>>
>> Currently I mount it rw, but only while a vzpkg* command is running.
>> If the VE manages their own packages they don't get to share the
>> cache. There is still a window while the vzpkg command is running
>> but I don't know how to specify different access to a directory for
>> the HN versus the VE. Is there a way?
>>
>> Long term, the best solution is probably implementing something like
>> Debian's apt-cacher for rpms and then running apt-cacher and
>> "rpm-cacher" on the HN.
> I guess we can run a caching proxy on the host system, so the first
> time any VE will need a package it will be downloaded and cached on
> the host system; any subsequent requests will be served from cache.
> The only problem is yum metadata which can become inconsistent; need
> to test it extensively.
>
Agreed.
Are you familiar with apt-cacher? It understands the apt meta data and
handles it specially. That is why I mentioned it as a model for
handling the yum cache.
More information about the Users
mailing list