Re: oneway sync with hockeypuck
> On 23 Jun 2022, at 12:01, Steffen Kaiser wrote: > > I did not found any references about such feature in hockeypuck, but > does somebody has a solution for a one-way sync between hockeypuck servers? > > So, the internal server may pull changes from the outside one, but the > outside one does never ever pull changes from the internal one? There is no such feature, but you could crudely simulate it by blocking port 11371 in the inwards direction only; that way the key servers would be able to build a difference set over port 11370 but only the inner one would be able to pull key updates over 11371. This would have a similar degrading effect on sync as blacklisting; the unwanted differences would grow over time and gradually dominate the recon process, however the inner server would not experience as much excess load as with blacklisting, since the unwanted key queries would be dropped at the network layer. To implement one-way sync efficiently would require a complete reworking of the recon protocol (see my earlier “fake recon” proposal on this list). A signature.asc Description: Message signed with OpenPGP
oneway sync with hockeypuck
On 15.06.22 13:33, Steffen Kaiser wrote: Dear fellows, I had been using a combination of log scraper, redis and several scripts to pull changes from one SKS to another, internal one. That internal one contains keys not to be published outside of the house. I made this approach in order to have domain search working. I did not found any references about such feature in hockeypuck, but does somebody has a solution for a one-way sync between hockeypuck servers? So, the internal server may pull changes from the outside one, but the outside one does never ever pull changes from the internal one? I had been looking for a keysever proxy, but couldn't find one that merges domain searches from different servers together. Kind regards, -- Steffen signature.asc Description: OpenPGP digital signature
