[Sks-devel] Seeking peers for sks.hnet.se

[Hannes Östlund]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

I am looking for peers for a new SKS keyserver installation.

I am running SKS version 1.1.6, on sks.hnet.se.
This is a private machine.
The server is physically located in Stockholm, Sweden.

I have loaded a keydump from keys.niif.hu, dated 2018-06-25.
I see 5108759 keys loaded.

For operational issues, please contact me directly.

sks.hnet.se 11370 # Hannes Östlund  
0x5bdfab5979d3b6612b25ac1279e53f28aefb

Thank you,
- -Hannes Östlund
-BEGIN PGP SIGNATURE-

iQIzBAEBCAAdFiEEfDUHZqVPeU/AAu44vj4DBKO8rC8FAlsxafUACgkQvj4DBKO8
rC/Ttg//SgXAE+NtOqN0mBfa5jKIm7Oo/4nGxAUPHlFrstZn+AoG4gofQC4fEsL3
0bFooK7C2/ulFs52nmzKmNld6DisZxmcnWy/yj5h47C4vw4nG2KZIVLCcuNXXZ3L
1/EQxA7ybVdVkc3X1CwVlG4VH3fHxCPF/Wo+tS758KSMToJtVbeFBBElIpP8qmHu
/UGGcA+WH2xd4gVJoloslCTcNH1wgdGRjFcf3YD+8DZZC7EuYHGhOchWPoobd5Cz
pdiH71SDof/GBCids13PX+bV5P+QcUvbFaWzOxtVdd5Pw8Ko2dLuG2jDkceRmbJ8
8/mI7XaEQxCIESSxRf+uV1jNY54Sa8DTvzqdg9eP0bfAIsnLRrUROYFvtYAXPRg/
BrWShn95wuPJ2apgKINduwkq1PFPawK7HetUvUXuHBaR85htJDrRt0i+iwiQrKdw
Rh8cg9uzay8sjZOm9rRe6it8Hbdu5eJnBR5ygcKHkwM7xHOT6Dpa0c/W1T60xSs+
rGurOSGSwMwqzvcEEE61mueI4Cpn7H+M4DZ6mLEmwu9yKVeb0CntulXvgo91tlmW
ycmjA83gOvycj4gRo7VwTRZ8JXHRXntqvYOMdxdkI24WmbIMkOP0WFSkOcHMMPM7
Ry/JvJAzvTEfLqNsYMuxcDlYBpMh5kzNpcBEUFH7207aYv3R6OU=
=Bnh4
-END PGP SIGNATURE-
___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] SKS intermittently stalls with 100% CPU & rate-limiting

[Phil Pennock]

On 2018-06-25 at 13:08 +0200, Paul Fontela wrote:
> I have tried almost everything, from downloading a dump and starting the
> server sks again to reinstall system and everything else, the result is
> always the same, it works well for a while, sometimes an hour sometimes
> a little more and suddenly it it freezes the key server, reaching 80%
> RAM, which makes it unstable and inoperable.

That sounds like recon gone wild, normally a sign that you're peering
with someone who is very much behind on keys.  The recon system only
works if your peers are "mostly up-to-date".

This is why we introduced the template for introducing yourself to the
community, in the Peering wiki page, showing how many keys you have
loaded.  It cut down on people joining with 0 keys, expecting recon to
do all the work, and new peers complaining that their SKS was hanging.

Per  the lower bound of keys to be
included is:  5105570
You have: 5109664

Using  as a
starting point, and skipping your in-house 11380 peers, opening all the
others up in tabs and looking (I don't have this scripted) we see:

  5109604  keys.niif.hu
  5065412  keys.sbell.io
  5107576  sks.mbk-lab.ru
  5109585  pgp.neopost.com
  5108773  pgp.uni-mainz.de
  5109639  pgpkeys.urown.net
  4825075  pgp.key-server.io
sks.funkymonkey.org
  5084241  keyserver.iseclib.ru
  5109254  keyserver.swabian.net
  5109628  sks-cmh.semperen.com
keys-02.licoho.de
  5109629  keyserver.dobrev.eu
  5109121  sks.mirror.square-r00t.net
  5109629  keyserver.escomposlinux.org
  5108778  keyserver.lohn24-datenschutz.de

If your in-house peers are way behind, fix that.

Comment out all peers with fewer than 5_100_000 keys.  Restart sks and
sks-recon.

The 284,000 key difference is pretty severe.  Since that peer isn't
getting updates, they're probably hanging on peering and causing even
more problems for you.

Disable peering _at least_ with those three hosts.


Whenever SKS isn't performing right, the _first_ step after looking for
errors in logs should always be a Peering Hygiene Audit.  Find the peers
who are sufficiently behind that their keeping the peering up is
anti-social and likely causing _you_ problems, comment out the peering
entries, restart (for a completely clean slate) and then reach out to
those peers to ask "Hey, what's up?".

Regards,
-Phil

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] SKS intermittently stalls with 100% CPU & rate-limiting

[Gabor Kiss]

> I have tried almost everything, from downloading a dump and starting the
> server sks again to reinstall system and everything else, the result is
> always the same, it works well for a while, sometimes an hour sometimes
> a little more and suddenly it it freezes the key server, reaching 80%
> RAM, which makes it unstable and inoperable.

Eeerrr... A few years ago I had a similar problem.
See thread at 
http://lists.nongnu.org/archive/html/sks-devel/2015-03/msg4.html

Regards

Gabor

___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel

Re: [Sks-devel] SKS intermittently stalls with 100% CPU & rate-limiting

[Paul Fontela]

Hello everyone,
without the intention of sticking your finger in the wound 
 
I have spent almost 10 days investigating the problem that I see related
in different threads of the list [Sks-devel], the falls of the sks
servers for abuse of requests.

I have tried almost everything, from downloading a dump and starting the
server sks again to reinstall system and everything else, the result is
always the same, it works well for a while, sometimes an hour sometimes
a little more and suddenly it it freezes the key server, reaching 80%
RAM, which makes it unstable and inoperable.

Of the three servers that I have, only 2 of them are surviving with
difficulty to this strange problem that has appeared "suddenly", I
wonder the following:

Is there any way to solve this problem?

Checking the logs of Nginx and SKS I have seen that there are some types
that consult without rest for a long time.

Is it possible to block mercenaries who do not want to spend a few
dollars to set up their own key server?

What happens to those huge keys that clog servers?

Is it possible to limit or block queries with scripts and limit them
only to the web interface?

Seen the seen, I'm going to stop one of the servers, the smallest of
them and that is hosted in the site that has been working best until
now, it is a small virtual machine with little RAM (1Gb) and it is that
server that most Problems is causing me, I think it is not worth having
a server running 24 hours if only it fulfills its mission 30 minutes a
day and that makes me be aware of it to restart services every time it
hangs.

I will keep the other servers until I see that they start giving me
promises too, if this happens, I will have to make a difficult decision.

What I do not want to do is have machines consuming electricity,
bandwidth and resources so that they are not fulfilling their mission.

Greetings to all and a lot of encouragement.
Paul Fontela

-- 

Paul Fontela
keyserver.ispfontela.es 11370   # Paul Fontela  
0x31743FFC33E746C5
a.0.na.ispfontela.es11370   # Paul Fontela Gmail  
0x3D7FCDA03AAD46F1
 


___
Sks-devel mailing list
Sks-devel@nongnu.org
https://lists.nongnu.org/mailman/listinfo/sks-devel