[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Constant high iowait. Infinte recon loop? What to do?
From: |
John Clizbe |
Subject: |
Re: [Sks-devel] Constant high iowait. Infinte recon loop? What to do? |
Date: |
Sun, 26 Jun 2011 03:56:12 -0500 |
User-agent: |
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.20pre) Gecko/20110606 Mnenhy/0.8.3 SeaMonkey/2.0.15pre |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1,SHA256
Andrey Korobkov wrote:
>> Is your SKS server running on some form of low performance server?
> keyserver.fryxell.ru is running on my own home 24*7 Parabola GNU/Linux-libre
> machine
> (dedicated physical server! :) ) The server hardware is rather old, but still
> powerful:
> AMD Athlon XP 2600+, RAM: 1287368 kB, HDD: (160 + 20) GB IDE.
> Connectivity: symmetrical 10 Mbit/s FTTB.
> Seems to be enough for a keyserver (many VPS-es have much less resources),
> doesn't it?
keyserver.gingerbear.net started out on a Slackware box with an AMD Sempron
2100, 1024MB Ram, and 40GB Raid 1 IDE. It's now and Athlon XP 2800+, 2048 MB ram
and 80GB Raid 1. it's served by a 20/2MB cable link.
One of my development boxes is running SKS and reconciling just fine on a 500MHz
UltraSPARCII Sun Blade 100. It doesn't take much to run SKS except initially to
build the database.
>
> Rather it may be me, who don't know how to configure keyserver's database
> well... :)
>
> P.S. Also, some problems may have appeared due to NAT-ing my machine for some
> days? Can SKS recon it's DB behind the NAT? (having ports forwarded to it,
> but listening on private addresses 192.168.1.0/24? May be, the recon protocol
> announces that private address for HKP too?) In either case, the machine
> isn't NAT-ed now, so SKS should run well. I'm just curious, whether NAT can
> cause such a trouble? If so, I suggest adding a warning to the FAQ...
Both of my public keyservers each consist of two NAT-ed SKS servers. That way I
can fail over at the router if one of the servers has a problem. sksconf must be
configured with the external name, not the internal name/IP so that recon
announces the correct name.
address@hidden:/var/sks# head sksconf
# sksconf -- SKS main configuration
#
basedir: /var/sks
# debuglevel 4 is default (max. debuglevel is 10)
debuglevel: 5
hostname: keyserver.gingerbear.net
hkp_port: 11371
recon_port: 11370
+++++++++++
The router is configured to forward ports 11370-11371 to yogi, 192.168.0.4
- --
John P. Clizbe Inet: John (a) GingerBear DAWT net
FSF Assoc #995 / FSFE Fellow #1797 hkp://keyserver.gingerbear.net or
mailto:address@hidden
"When life hands you melons, I think it's about time you admit to
yourself that you're dyslexic."
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12-svn5502-2010-12-23 (Windows XP)
Comment: When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
Comment: Be part of the £33 ECHELON -- Use Strong Encryption.
Comment: It's YOUR right - for the time being.
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJOBvQnAAoJECMTMVxDW9A0m8IH/ie484HJ4EISY4GVzj4R1vnD
VD5aiPEcU6QpAWSQleEaIUmipcZ7mvGN4W7UrHDIfb0Dvzys9ZR1A359w7G1UvS+
3RETXNOzpR3nNwUO+0bR7n80VD3Vss7K8s4r9s0xxVu/icEWFTLlibgLIuKSB/Uq
RkDirLTqqNsUZXU32blfJAMlXIl+0FBSZzM0J/FSdnS9KyIJaZdWVENHizo8ccYe
/5mQOiBaiV/Xc4aVuaL8anreCXG9U3D9vdPOg1zV4Wu0MdRYuo14vDPX2Q5iz4VP
5Ms5btYaXh/K/j14z9Bi3/DH9GYHxuqMihZKH10G+aEox9SX1ThtSPuvZ8qDpEqI
XgQBEQgABgUCTgb0JwAKCRDrXhnz1laYJfeUAP4tj0/o8fpmMVmGXTufNixDYXno
1YPcgV8kQYNvAfWLCwD9FD5x6aowv8BElxAOHoEL4FVIaVG2wr6IW/xb65/YUM0=
=ZUwq
-----END PGP SIGNATURE-----