mirrormanager has a query that lets the mirrors, and eventually, the
master mirrors, get the Access Control List directly from the
database. The current query is poor in several ways: it's very slow
as it uses python object walks, which results in hundreds of database
hits instead of only one. It doesn't let the user specify they want
to limit by hosts on Internet2, or only public hosts.
Patch below fixes these. The URL will work as:
The arguments on the end are optional.
The mirrors are starting to use this query to populate their own rsync
ACLs. It's not critical that it go in before F9 launch, but I think
it's quite low-risk. I've tested it locally and it works as expected.
Err... no patch was attached but the feature sounds good. If it's
really low risk it sounds like a win to put it in.