Re: [Sks-devel] Debian asks package and default paths
> "HV" == Hendrik Visagewrites: HV> I’ve already set base_dir: /sks2/sks/db, but then I still get this: HV> Fatal error: exception Sys_error("/sks2/sks/db//var/log/sks/db.log: No such file or directory”) Wouldn't it be easier to just mount your extra disk at /var/lib/sks? /etc/sks is tiny and /var/log/sks is also reasonably small. Only /var/lib/sks is large and under heavy load. You could use a symlink from /var/log/sks to /var/lib/sks/log to get the logs also onto your extra disk, but I wouldn't bother. -JimC -- James Cloos OpenPGP: 0x997A9F17ED7DAEA6 ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Debian asks package and default paths
Hello, To run a sks-server accessible via TOR and normal usage don't require to run different instances. A usage, which comes to my mind is to run keyservers for different purposes: #1 as a normal keyserver for the keyservers pool. #2 as a special keyserver for a keysigning-party/... (of course: in this case you need different IP-adresses for both servers ;-) ) Kind regards, dirk On 23.01.2018 18:11, Alain Wolf wrote: On 23.01.2018 17:18, Daniel Kahn Gillmor wrote: On Tue 2018-01-23 10:51:54 +0100, Alain Wolf wrote: I would try to change desired filepaths in debian/patches/0001-use-debian-fhs.patch Hi there-- I'm one of the current maintainers of the debian package. this patch is intended to put sks in compliance with the filesystem hierarchy. however, i'm not convinced that the patches in the debian package are the right thing for debian today, since they basically hardcode a single path (and make it difficult to run two instances of sks on the same machine, for example). I'd welcome any proposals people have that: The only proposal that comes to my mind is to 'fix' this within SKS itself by adding command-line options and or config-file options. Apparently there is already ticket: https://bitbucket.org/skskeyserver/sks-keyserver/issues/6/make-directories-better-configurable Multiple instances could then be setup like .i.e. Tor with tor-instance-create(8). But sorry, I am again in no position to help there. ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Debian asks package and default paths
On 23.01.2018 17:18, Daniel Kahn Gillmor wrote: > On Tue 2018-01-23 10:51:54 +0100, Alain Wolf wrote: >> I would try to change desired filepaths in >> debian/patches/0001-use-debian-fhs.patch > > Hi there-- > > I'm one of the current maintainers of the debian package. > > this patch is intended to put sks in compliance with the filesystem > hierarchy. > > however, i'm not convinced that the patches in the debian package are > the right thing for debian today, since they basically hardcode a single > path (and make it difficult to run two instances of sks on the same > machine, for example). I'd welcome any proposals people have that: > The only proposal that comes to my mind is to 'fix' this within SKS itself by adding command-line options and or config-file options. Apparently there is already ticket: https://bitbucket.org/skskeyserver/sks-keyserver/issues/6/make-directories-better-configurable Multiple instances could then be setup like .i.e. Tor with tor-instance-create(8). But sorry, I am again in no position to help there. -- pgpkeys.urown.net 11370 #0x27A69FC9A1744242 signature.asc Description: OpenPGP digital signature ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Debian asks package and default paths
Hi, my 2 dimes in-line too On 23/01/18 16:55, Hendrik Visage wrote: > Thanks for the explanation Daniel > >> On 23 Jan. 2018, at 18:18 , Daniel Kahn Gillmor>> wrote: >> >> On Tue 2018-01-23 10:51:54 +0100, Alain Wolf wrote: >>> I would try to change desired filepaths in >>> debian/patches/0001-use-debian-fhs.patch >> Hi there-- >> >> I'm one of the current maintainers of the debian package. >> >> this patch is intended to put sks in compliance with the filesystem >> hierarchy. >> >> however, i'm not convinced that the patches in the debian package are >> the right thing for debian today, since they basically hardcode a single >> path (and make it difficult to run two instances of sks on the same >> machine, for example). I'd welcome any proposals people have that: >> >> a) retain the default filesystem placement to stay in line with the >>filesystem hierarchy standard (FHS) > Well… FHS makes sense…. up to the point that I’m deploying each service in > it’s own set of mountpoints (ala old-style unix when disks was small, like in > VMs > today with OS disk separate from the data disks) > >> b) enables running multiple keyservers on a given host > That is what base_dir: is suppose to achieve, isn’t it? The only bit that's required is a configuration switch passed to the daemon with the location of the configuration file. The rest (things like base_dir etc.) is already covered inside it. I'd guess a default value of /etc/sks/sksconf or similar will do the trick if the parameter is omitted yet allows multiple instances on the same box (although I don't see a point in doing so because if the server dies all instances will be lost) > >> c) people can upgrade their existing installations without too much >>pain > Yes, that’s the part that always becomes a problem in special setups... > >> d) (optional) can be merged upstream so that we don't carry patches :) >> >> If i had more time, i'd experiment with dropping the patch completely, >> and setting up a symlink approach in /etc/sks/ but i'm not sure whether >> that would work; or if it works, if it would horrify anyone. > I’d personally rather prefer a configuration file/settings I could > modify/tweak > w.r.t. those files/etc., then it’ll be much easier to have multiple SKS > services on the > same server/VM. > >> Anyway, i'm just saying that just because it's this way today, it >> doesn't have to be this way forever. feedback welcome :) > As it’ll be a recompile/repackage to achieve my goals (other than symlinks > all over the show) > I’ll have a look as see what I can contribute back. > > > ___ > Sks-devel mailing list > Sks-devel@nongnu.org > https://lists.nongnu.org/mailman/listinfo/sks-devel signature.asc Description: OpenPGP digital signature ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Debian asks package and default paths
Thanks for the explanation Daniel > On 23 Jan. 2018, at 18:18 , Daniel Kahn Gillmor> wrote: > > On Tue 2018-01-23 10:51:54 +0100, Alain Wolf wrote: >> I would try to change desired filepaths in >> debian/patches/0001-use-debian-fhs.patch > > Hi there-- > > I'm one of the current maintainers of the debian package. > > this patch is intended to put sks in compliance with the filesystem > hierarchy. > > however, i'm not convinced that the patches in the debian package are > the right thing for debian today, since they basically hardcode a single > path (and make it difficult to run two instances of sks on the same > machine, for example). I'd welcome any proposals people have that: > > a) retain the default filesystem placement to stay in line with the >filesystem hierarchy standard (FHS) Well… FHS makes sense…. up to the point that I’m deploying each service in it’s own set of mountpoints (ala old-style unix when disks was small, like in VMs today with OS disk separate from the data disks) > b) enables running multiple keyservers on a given host That is what base_dir: is suppose to achieve, isn’t it? > c) people can upgrade their existing installations without too much >pain Yes, that’s the part that always becomes a problem in special setups... > d) (optional) can be merged upstream so that we don't carry patches :) > > If i had more time, i'd experiment with dropping the patch completely, > and setting up a symlink approach in /etc/sks/ but i'm not sure whether > that would work; or if it works, if it would horrify anyone. I’d personally rather prefer a configuration file/settings I could modify/tweak w.r.t. those files/etc., then it’ll be much easier to have multiple SKS services on the same server/VM. > Anyway, i'm just saying that just because it's this way today, it > doesn't have to be this way forever. feedback welcome :) As it’ll be a recompile/repackage to achieve my goals (other than symlinks all over the show) I’ll have a look as see what I can contribute back. signature.asc Description: Message signed with OpenPGP ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Debian asks package and default paths
On Tue 2018-01-23 10:51:54 +0100, Alain Wolf wrote: > I would try to change desired filepaths in > debian/patches/0001-use-debian-fhs.patch Hi there-- I'm one of the current maintainers of the debian package. this patch is intended to put sks in compliance with the filesystem hierarchy. however, i'm not convinced that the patches in the debian package are the right thing for debian today, since they basically hardcode a single path (and make it difficult to run two instances of sks on the same machine, for example). I'd welcome any proposals people have that: a) retain the default filesystem placement to stay in line with the filesystem hierarchy standard (FHS) b) enables running multiple keyservers on a given host c) people can upgrade their existing installations without too much pain d) (optional) can be merged upstream so that we don't carry patches :) If i had more time, i'd experiment with dropping the patch completely, and setting up a symlink approach in /etc/sks/ but i'm not sure whether that would work; or if it works, if it would horrify anyone. Anyway, i'm just saying that just because it's this way today, it doesn't have to be this way forever. feedback welcome :) --dkg signature.asc Description: PGP signature ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Debian asks package and default paths
> On 23 Jan. 2018, at 11:51 , Alain Wolfwrote: >> >> strings does show that /var/log/sks/db.log is in the Debian packaged >> /usr/sbin/sks file. >> > > I would try to change desired filepaths in > debian/patches/0001-use-debian-fhs.patch Okay, that implies recompiling/packaging ;) Thanks! signature.asc Description: Message signed with OpenPGP ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Debian asks package and default paths
Hey On 23.01.2018 08:06, Hendrik Visage wrote: > Good day, > > Busy setting up a SKS keyserver, and wants to have a separate /sks > filesystem, and before I start to add symlinks > all over the place, or re-compile SKS, I was wondering how/where to > override the defaults in the configuration files. > > I’ve already set base_dir: /sks2/sks/db, but then I still get this: > Fatal error: exception Sys_error("/sks2/sks/db//var/log/sks/db.log: No > such file or directory”) > > strings does show that /var/log/sks/db.log is in the Debian packaged > /usr/sbin/sks file. > I would try to change desired filepaths in debian/patches/0001-use-debian-fhs.patch -- pgpkeys.urown.net 11370 #0x27A69FC9A1744242 signature.asc Description: OpenPGP digital signature ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel