[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Possibly moving Debian services to a CDN

On Fri, Feb 07, 2014 at 02:08:26PM +0100, Lucas Nussbaum wrote:
> On 30/01/14 at 13:53 +0100, Tollef Fog Heen wrote:
> > ]] Tollef Fog Heen
> > 
> > Hi all,
> > 
> > >  - the various bits and bobs that are currently hosted on
> > >  static.debian.org
> > 
> > I thought it's time for a small update about this.  As of about an hour
> > ago, planet and metadata.ftp-master are now served from the Fastly CDN, and
> > it all seems to be working quite smoothly.
> > 
> > We've uncovered some bits we want to make work better, such as adding and
> > removing backend servers automatically when they become unavailable or are
> > added to the static DNS RR, purging content from the caches when it's
> > updated and possibly some other minor bits.
> > 
> > This does sadly mean we don't currently have IPv6 for those two services,
> > something that's being worked on by Fastly.
> > 
> > As for the privacy concerns raised in the thread, I've had quite a lot of
> > discussions with Fastly about how they operate wrt privacy. They don't
> > store request-related logs (only billing information), so there are no
> > URLs, cookie, client IPs or similar being stored.  Varnish has an ephemeral
> > log which they go through a couple of times a minute where some of that
> > information is present, but it never leaves the host (unless we enable
> > logging to an endpoint we control).  I'm quite content with how they're
> > handling the privacy concerns.
> > 
> > In the interest of full disclosure I should also mention that I'm starting
> > to work for Fastly in a few days time.  I don't believe that has influenced
> > my views or judgements here.
> Hi Tollef,
> Thanks a lot for this status update. I'm very much in favor of exploring ways
> to make the Debian infrastructure easier to manage, and using a CDN sounds
> like a great way to do so. It's great that things worked out with Fastly (any
> plans for a more public announcement?).
> However, in [1], I raised one main non-technical concern that is not
> mentioned in your mail: I fear that, by moving to CDNs without ensuring that
> there are a sufficient number of CDN providers willing and able to support
> Debian, we could end up in a lock-in situation with a specific CDN provider
> (after all, there are not so many of them, and even a smaller number could be
> able to deal with our technical requirements).
> [1] https://lists.debian.org/debian-project/2013/10/msg00074.html
> Of course, as long as we have the infrastructure to go back to the old way of
> doing things, it is not a big problem. So I'm not worried at the moment. But
> one of the end goals of using CDN is to reduce the number of Debian PoP (have
> Debian machines in a fewer number of datacenters, to make them easier to
> manage). Once we do that, it will be very hard to go back.
> Have you been trying to reach out to other CDN providers about supporting
> Debian? I know of discussions with Amazon CloudFront, but I remember some
> technical blockers?  Could the DPL be of some help to you in that process?

I am in active discussion with another CDN provider and I should restart the
CloudFront conversation.  There are technical considerations with Fastly, also,
that Tollef will work through.

We've always been of the opinion that we need two CDN providers.  We're just
as concerned about vendor lock-in as anyone.

Thank you for the offer of DPL help.  I'll loop you in.


Luca Filipozzi

Attachment: signature.asc
Description: Digital signature

Reply to: