On 05/05/2017 06:16 PM, Jonathon Weiss wrote: > > I've tested a number of compromise configurations. I'm not sure I've > resolved the cascading failure (time will tell) but I was wondering, if > I've solved the timeout problem on large keys. Could you re-test? >
At least for the particular keyblock it now returns the full data. >> One thing that springs to mind is multiple instances of SKS behind the >> reverse proxy to distribute the load (I run two instances myself - and >> that is for lesser load). Would just need separate key port and do local >> reconciliation only between them necessary , can make sure stats page >> (?op=stats) only reaches the primary so it exposes the external peers on >> the reverse proxy. > > That was my slower to implement thought. Can you explain your > configuration in a little more detail? Do I understand correctly that > you're running multiple SKS instances on the same machine? Each with > their own copy of the DB? Is there any concern about polluting > https://sks-keyservers.net/status/ ? I guess all these same questions > apply if you have them on seperate VMs rather than the same machine. > In my case I'm running it on separate VMs, but the proposal is to run multiple instances, with separate DB copies, on the same machine, yes, as the overhead for multiple VMs isn't strictly necessary, but helps with failover during upgrades etc. As for pollution of the sks-keyservers.net data I solve this by always sending /pks/lookup?op=stats requests to the primary keyserver, that does external-facing reconciliation. The slave nodes only gossip internally to get the data, as such no need for multiple peers. Nodename was introduced for these setups, so hostname is the shared cluster addresse whereby nodename can be used to identify specific nodes. -- ---------------------------- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---------------------------- Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---------------------------- "Excellence is not a singular act but a habit. You are what you do repeatedly." (Shaquille O'Neal)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel