alt Hacker NewsThe Ubuntu DDoS got me to thinking: If we had a critical need to respin machines (like our data center caught fire), we would have been in for a real challenge. We run apt-cacher-ng, but it did nothing for us during the DDoS, and worse: Every few weeks or a month ac-ng will go out to lunch and we have to fix it.
So: ac-ng didn't reduce the impact of the DDoS, but it does lead to impact when there is no DDoS. Worst of both worlds.
So I'm working on an apt-cacher that goes to lengths to keep working as much as possible when the upstream is down. It will check the repo metadata and keeps a list of your "hot packages", and will download those before flipping the new metadata to be live, effectively a snapshot. It won't allow you to download a package you've never downloaded before in the case of a DDoS, but packages that you do download regularly (machine re-installs, apt updates), it will ensure are available in the repo.
I'm calling it apt-cacher-ultra. It is pretty early days, it'll probably be another week before it's ready for a beta. I'm running it in my dev cluster right now, successfully.