sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Constant high iowait. Infinte recon loop? What to do?

From: John Clizbe
Subject: Re: [Sks-devel] Constant high iowait. Infinte recon loop? What to do?
Date: Sun, 26 Jun 2011 03:56:12 -0500
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.20pre) Gecko/20110606 Mnenhy/0.8.3 SeaMonkey/2.0.15pre 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1,SHA256

Andrey Korobkov wrote:
>> Is your SKS server running on some form of low performance server?
> keyserver.fryxell.ru is running on my own home 24*7 Parabola GNU/Linux-libre 
> machine
> (dedicated physical server! :) ) The server hardware is rather old, but still 
> powerful:
> AMD Athlon XP 2600+, RAM: 1287368 kB, HDD: (160 + 20) GB IDE.
> Connectivity: symmetrical 10 Mbit/s FTTB.
> Seems to be enough for a keyserver (many VPS-es have much less resources), 
> doesn't it?

keyserver.gingerbear.net started out on a Slackware box with an AMD Sempron
2100, 1024MB Ram, and 40GB Raid 1 IDE. It's now and Athlon XP 2800+, 2048 MB ram
and 80GB Raid 1. it's served by a 20/2MB cable link.

One of my development boxes is running SKS and reconciling just fine on a 500MHz
UltraSPARCII Sun Blade 100. It doesn't take much to run SKS except initially to
build the database.
> 
> Rather it may be me, who don't know how to configure keyserver's database 
> well... :)
> 
> P.S. Also, some problems may have appeared due to NAT-ing my machine for some
> days? Can SKS recon it's DB behind the NAT? (having ports forwarded to it,
> but listening on private addresses 192.168.1.0/24? May be, the recon protocol
> announces that private address for HKP too?) In either case, the machine
> isn't NAT-ed now, so SKS should run well. I'm just curious, whether NAT can
> cause such a trouble? If so, I suggest adding a warning to the FAQ...

Both of my public keyservers each consist of two NAT-ed SKS servers. That way I
can fail over at the router if one of the servers has a problem. sksconf must be
configured with the external name, not the internal name/IP so that recon
announces the correct name.

address@hidden:/var/sks# head sksconf
#  sksconf -- SKS main configuration
#
basedir:                        /var/sks

# debuglevel 4 is default (max. debuglevel is 10)
debuglevel:                     5

hostname:                       keyserver.gingerbear.net
hkp_port:                       11371
recon_port:                     11370
+++++++++++

The router is configured to forward ports 11370-11371 to yogi, 192.168.0.4


- -- 
John P. Clizbe                      Inet: John (a) GingerBear DAWT net
FSF Assoc #995 / FSFE Fellow #1797  hkp://keyserver.gingerbear.net  or
     mailto:address@hidden

"When life hands you melons, I think it's about time you admit to
yourself that you're dyslexic."


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12-svn5502-2010-12-23 (Windows XP)
Comment: When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
Comment: Be part of the £33† ECHELON -- Use Strong Encryption.
Comment: It's YOUR right - for the time being.
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJOBvQnAAoJECMTMVxDW9A0m8IH/ie484HJ4EISY4GVzj4R1vnD
VD5aiPEcU6QpAWSQleEaIUmipcZ7mvGN4W7UrHDIfb0Dvzys9ZR1A359w7G1UvS+
3RETXNOzpR3nNwUO+0bR7n80VD3Vss7K8s4r9s0xxVu/icEWFTLlibgLIuKSB/Uq
RkDirLTqqNsUZXU32blfJAMlXIl+0FBSZzM0J/FSdnS9KyIJaZdWVENHizo8ccYe
/5mQOiBaiV/Xc4aVuaL8anreCXG9U3D9vdPOg1zV4Wu0MdRYuo14vDPX2Q5iz4VP
5Ms5btYaXh/K/j14z9Bi3/DH9GYHxuqMihZKH10G+aEox9SX1ThtSPuvZ8qDpEqI
XgQBEQgABgUCTgb0JwAKCRDrXhnz1laYJfeUAP4tj0/o8fpmMVmGXTufNixDYXno
1YPcgV8kQYNvAfWLCwD9FD5x6aowv8BElxAOHoEL4FVIaVG2wr6IW/xb65/YUM0=
=ZUwq
-----END PGP SIGNATURE-----
reply via email to
[Prev in Thread] Current Thread [Next in Thread]