Re: [Sks-devel] wserver_timeout value causing cascading failure?

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] wserver_timeout value causing cascading failure?

From:	Kristian Fiskerstrand
Subject:	Re: [Sks-devel] wserver_timeout value causing cascading failure?
Date:	Sat, 13 May 2017 17:01:29 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.0

On 05/05/2017 06:16 PM, Jonathon Weiss wrote:

> 
> I've tested a number of compromise configurations.  I'm not sure I've
> resolved the cascading failure (time will tell) but I was wondering, if
> I've solved the timeout problem on large keys.  Could you re-test?
>

At least for the particular keyblock it now returns the full data.

>> One thing that springs to mind is multiple instances of SKS behind the
>> reverse proxy to distribute the load (I run two instances myself - and
>> that is for lesser load). Would just need separate key port and do local
>> reconciliation only between them necessary , can make sure stats page
>> (?op=stats) only reaches the primary so it exposes the external peers on
>> the reverse proxy.
> 
> That was my slower to implement thought.  Can you explain your
> configuration in a little more detail?  Do I understand correctly that
> you're running multiple SKS instances on the same machine?  Each with
> their own copy of the DB?  Is there any concern about polluting
> https://sks-keyservers.net/status/ ?  I guess all these same questions
> apply if you have them on seperate VMs rather than the same machine.
> 

In my case I'm running it on separate VMs, but the proposal is to run
multiple instances, with separate DB copies, on the same machine, yes,
as the overhead for multiple VMs isn't strictly necessary, but helps
with failover during upgrades etc.

As for pollution of the sks-keyservers.net data I solve this by always
sending /pks/lookup?op=stats requests to the primary keyserver, that
does external-facing reconciliation. The slave nodes only gossip
internally to get the data, as such no need for multiple peers. Nodename
was introduced for these setups, so hostname is the shared cluster
addresse whereby nodename can be used to identify specific nodes.

-- 
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
"Excellence is not a singular act but a habit. You are what you do
repeatedly."
(Shaquille O'Neal)

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Sks-devel] wserver_timeout value causing cascading failure?, Jonathon Weiss, 2017/05/05
- Re: [Sks-devel] wserver_timeout value causing cascading failure?, Kristian Fiskerstrand <=

Prev by Date: Re: [Sks-devel] wserver_timeout value causing cascading failure?
Next by Date: Re: [Sks-devel] seeking peers for pgp.lehigh.edu
Previous by thread: Re: [Sks-devel] wserver_timeout value causing cascading failure?
Next by thread: [Sks-devel] Seeking peers for keyserver.paulfurley.com
Index(es):
- Date
- Thread