[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: oneway sync with hockeypuck
|
From: |
Andrew Gallagher |
|
Subject: |
Re: oneway sync with hockeypuck |
|
Date: |
Thu, 23 Jun 2022 23:20:38 +0100 |
> On 23 Jun 2022, at 12:01, Steffen Kaiser <skasks@infcs.de> wrote:
>
> I did not found any references about such feature in hockeypuck, but
> does somebody has a solution for a one-way sync between hockeypuck servers?
>
> So, the internal server may pull changes from the outside one, but the
> outside one does never ever pull changes from the internal one?
There is no such feature, but you could crudely simulate it by blocking port
11371 in the inwards direction only; that way the key servers would be able to
build a difference set over port 11370 but only the inner one would be able to
pull key updates over 11371.
This would have a similar degrading effect on sync as blacklisting; the
unwanted differences would grow over time and gradually dominate the recon
process, however the inner server would not experience as much excess load as
with blacklisting, since the unwanted key queries would be dropped at the
network layer.
To implement one-way sync efficiently would require a complete reworking of the
recon protocol (see my earlier “fake recon” proposal on this list).
A
signature.asc
Description: Message signed with OpenPGP