keyserver1.computer42.org is dropping peers [but not keyserver2.computer42.org]

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

keyserver1.computer42.org is dropping peers [but not keyserver2.computer42.org]

H.-Dirk Schmitt
Hello !

the instance keyserver1.computer42.org is constantly crashing. It has a 40Gb partition for the keys and is filled up every ~6h.
My 2nd instance keyserver2.computer42.org consumes currently ~24Gb and seems to be stable.

To reduce the annoyance of the current problems I'm dropping all the peers (except keyserver2.computer42.org).
Hopefully I will become an uptime greater as ~6 hours.

Affected are the following peers:

# keyservers.org                     11370 # Rob Hansen <[hidden email]>
# keyserver.gingerbear.net           11370 # John P. Clizbe <[hidden email]> 0xD6569825
# sks.keyservers.net                 11370 # John P. Clizbe <[hidden email]> 0xD6569825
# cryptochan.org                     11370 # [hidden email]  0x18EEDFD7
# keyserver.leg.uct.ac.za            11370 # [hidden email] or Stefano Rivera <[hidden email]> 0xCD92D072
# sks-server.siu.edu                 11370 # Jim Dutton 0xDFF6B6341BB5576F
# www.mainframe.cx                   11370 # [hidden email]
# ice.mudshark.org                   11370 # Jack Cummings <[hidden email]> 0xCC48B110
# gpg.NebrWesleyan.edu               11370 # Timothy A. Holtzen <[hidden email]> 0xDABCB3D7
# sks1.webtru.st                     11370 # Ryan Hunt <[hidden email]> 74A771E1
# sks2.webtru.st                     11370 # Ryan Hunt <[hidden email]> 74A771E1
# keyserver.serviz.fr                11370 # robert <sks(at)serviz(pt)fr> 0xEF333C7E
# keys.bz                            11370 # Nick Bebout  0x154FDAF0
# gpg-keyserver.de                   11370 # Jan Kesten <[hidden email]>
# keys.christensenplace.us           11370 # Eric H Christensen <[hidden email]>
# keyserver.saol.no-ip.com           11370 # Peter <[hidden email]> 0x32C2B118
# keys.fedoraproject.org             11370 # Nick Bebout <[hidden email]> 0x154FDAF0
# keys.thoma.cc                      11370 # Maximilian Thoma <[hidden email]> 0xB480AC4B
# key-server.org                     11370 # Sebastian Urbach 3B4330DE1
# pgp.cert.am                        11370 # Inna Kholodova <[hidden email]> 0x046E9B51
# pgpkeys.co.uk                      11370 # Daniel Austin <[hidden email]> 0x7F003DE6
# pgpkeys.eu                         11370 # Daniel Austin <[hidden email]> 0x7F003DE6
# keyserver.uberslacks.com           11370 # Mike Doty 0xA797C7A7
# keys2.kfwebs.net                   11370 # 0x6b0b9508
# sks.kserver.eu                     11370 # Christopher Kleen     DE <[hidden email]>    0xF8F67170
# keyserver.spline.inf.fu-berlin.de  11370 # Alexander Sulfrian <[hidden email]> 0xF12AEF7C
# keyserver.veloxis.de               11370 # Dennis Herbrich <[hidden email]> 0x0D21BE6C
# keyserver.straderdynamics.com      11370 #              John Strader 0x0007F724
# keyserver.northernstandard.us.com  11370 #              David Clancy 0x67DCE713
# keyserver.linux.it                 11370 # Marco Nenciarini <[hidden email]> 0xF095E5E4
# gpg.planetcyborg.de                11370 # Moritz <helios> Rudert 0x4941485B
# keys-01.licoho.de                  11370 # admin <admin(at)tech(pt)licoho(pt)de> 0xECB2FEC3
# keys-02.licoho.de                  11370 # admin <admin(at)tech(pt)licoho(pt)de> 0xECB2FEC3
# keyserver.mesh.deuxpi.ca           11370 # Philippe Gauthier 0xD8E07AFA
# sks.nimblesec.com                  11370 # James Thomas 0xE600C820
# key-server.nl                      11370 # Wijnand Modderman-Lenstra <[hidden email]> 0x294DF221
# keyserver.sincer.us                11370 # Petru Ghita Sherar <[hidden email]> 0x7CF29D04
# sks.ecks.ca                        11370 # Eric Benoit <[hidden email]> 0x69E65D2C
# keyserver.mpi-bremen.de            11370 #  <[hidden email]> 0x8A485A10
# sks.research.nxfifteen.me.uk       11370 # Stuart McCulloch Anderson <[hidden email]> A7EEB609
# keyserver.nausch.org               11370   # Michael Nausch <[hidden email]> #0x2384C849
# keys.s-l-c.biz                     11370 # Simon Lange <[hidden email]> 0xBDD503BE
# pgp.jjim.de                        11370 # Joel Garske <[hidden email]> 0xA921EB20
# sks.rainydayz.org                  11370 # Admin <[hidden email]> 0xE20840AC
# keyserver.ut.mephi.ru              11370 # NRNU MEPhI, Dmitry Yu Okunev
# keys.jhcloos.com                   11370 # James Cloos <[hidden email]> 0xED7DAEA6
# keyserver.skoopsmedia.net          11370 # Adam Lewicki 0xF3E88A9F
# openpgp1.claruscomms.net           11370 # ClarusComms OpenPGP Services <[hidden email]> 0x2D6ED5C0
# keys.exosphere.de                  11370 # Christoph Gebhardt <[hidden email]> 0xE1C2E92C
# sks.parafoil.net                   11370 # Parke Bostrom <[hidden email]> 0x74E84137
# liberty.antagonism.org             11370 # Patrick R McDonald 0xA2D1E972
# sks.fidocon.de                     11370 # Dirk Astrath 0x8351e0af or 0x2840c708
# keyserver.adamas.ai                11370 # Tyler Durden (Big Brother is watching) <[hidden email]> 0x2A2CF11B
# schluesselkasten.wertarbyte.de     11370 # Stefan Tomanek 0xAC2C9AAB
# keys.internet-sicherheit.de        11370 # Stefan Tomanek 0xAC2C9AAB
# key1.dock23.de                     11370 # Ramón Goeden <[hidden email]> 0xb7c51fd6


If you're sure that your server is stable and not affected by the malicious key problem contact me for activating the peering again.

Best Regards,

H.-Dirk Schmitt

-- 
Signature H.-Dirk Schmitt


H.-Dirk Schmitt

Dipl.Math.

eMail:[hidden email]
mobile:+49 177 616 8564
phone: +49 2642 99 41 14
fax: +49 2642 99 41 15
Schillerstr. 42, D-53489 Sinzig

pgp: http://www.computer42.org/~dirk/OpenPGP-fingerprint.html


_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (220 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: keyserver1.computer42.org is dropping peers [but not keyserver2.computer42.org]

H Visage
Hi H-.Dirk

 I’ve been having trouble on my keyservers, and after I added the DB_CONFIG file (below) in the KDB/DB directory, stopped the sks, then ran the commands:
—snip—commands---
db5.3_recover -ev
db5.3_checkpoint -1
db5.3_archive -dv
—snip—commands—

things returned to ~17GB for >5million keys


#************************************************************************#
#* DB_CONFIG - Sample Berkeley DB tunables for use with SKS             *#
#*                                                                      *#
#* Copyright (C) 2011, 2012, 2013  John Clizbe                         *#
#*                                                                      *#
#* This file is part of SKS.  SKS is free software; you can             *#
#* redistribute it and/or modify it under the terms of the GNU General  *#
#* Public License as published by the Free Software Foundation; either  *#
#* version 2 of the License, or (at your option) any later version.     *#
#*                                                                      *#
#* This program is distributed in the hope that it will be useful, but  *#
#* WITHOUT ANY WARRANTY; without even the implied warranty of           *#
#* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU    *#
#* General Public License for more details.                             *#
#*                                                                      *#
#* You should have received a copy of the GNU General Public License    *#
#* along with this program; if not, write to the Free Software          *#
#* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  *#
#* USA or see <http://www.gnu.org/licenses/>.                           *#
#************************************************************************#

set_mp_mmapsize         268435456
set_cachesize    0      134217728 1
set_flags               DB_LOG_AUTOREMOVE
set_lg_regionmax        1048576
set_lg_max              104857600
set_lg_bsize            2097152
set_lk_detect           DB_LOCK_DEFAULT
set_tmp_dir             /tmp
set_lock_timeout        1000
set_txn_timeout         1000
mutex_set_max           65536


> On 22 Jun 2018, at 19:36 , H.-Dirk Schmitt <[hidden email]> wrote:
>
> Signed PGP part
> Hello !
>
> the instance keyserver1.computer42.org is constantly crashing. It has a 40Gb partition for the keys and is filled up every ~6h.
> My 2nd instance keyserver2.computer42.org consumes currently ~24Gb and seems to be stable.
>
> To reduce the annoyance of the current problems I'm dropping all the peers (except keyserver2.computer42.org).
> Hopefully I will become an uptime greater as ~6 hours.
>
> Affected are the following peers:
>
> # keyservers.org                     11370 # Rob Hansen <[hidden email]>
> # keyserver.gingerbear.net           11370 # John P. Clizbe <[hidden email]> 0xD6569825
> # sks.keyservers.net                 11370 # John P. Clizbe <[hidden email]> 0xD6569825
> # cryptochan.org                     11370 # [hidden email]  0x18EEDFD7
> # keyserver.leg.uct.ac.za            11370 # [hidden email] or Stefano Rivera <[hidden email]> 0xCD92D072
> # sks-server.siu.edu                 11370 # Jim Dutton 0xDFF6B6341BB5576F
> # www.mainframe.cx                   11370 # [hidden email]
> # ice.mudshark.org                   11370 # Jack Cummings <[hidden email]> 0xCC48B110
> # gpg.NebrWesleyan.edu               11370 # Timothy A. Holtzen <[hidden email]> 0xDABCB3D7
> # sks1.webtru.st                     11370 # Ryan Hunt <[hidden email]> 74A771E1
> # sks2.webtru.st                     11370 # Ryan Hunt <[hidden email]> 74A771E1
> # keyserver.serviz.fr                11370 # robert <sks(at)serviz(pt)fr> 0xEF333C7E
> # keys.bz                            11370 # Nick Bebout  0x154FDAF0
> # gpg-keyserver.de                   11370 # Jan Kesten <[hidden email]>
> # keys.christensenplace.us           11370 # Eric H Christensen <[hidden email]>
> # keyserver.saol.no-ip.com           11370 # Peter <[hidden email]> 0x32C2B118
> # keys.fedoraproject.org             11370 # Nick Bebout <[hidden email]> 0x154FDAF0
> # keys.thoma.cc                      11370 # Maximilian Thoma <[hidden email]> 0xB480AC4B
> # key-server.org                     11370 # Sebastian Urbach 3B4330DE1
> # pgp.cert.am                        11370 # Inna Kholodova <[hidden email]> 0x046E9B51
> # pgpkeys.co.uk                      11370 # Daniel Austin <[hidden email]> 0x7F003DE6
> # pgpkeys.eu                         11370 # Daniel Austin <[hidden email]> 0x7F003DE6
> # keyserver.uberslacks.com           11370 # Mike Doty 0xA797C7A7
> # keys2.kfwebs.net                   11370 # 0x6b0b9508
> # sks.kserver.eu                     11370 # Christopher Kleen     DE <[hidden email]>    0xF8F67170
> # keyserver.spline.inf.fu-berlin.de  11370 # Alexander Sulfrian <[hidden email]> 0xF12AEF7C
> # keyserver.veloxis.de               11370 # Dennis Herbrich <[hidden email]> 0x0D21BE6C
> # keyserver.straderdynamics.com      11370 #              John Strader 0x0007F724
> # keyserver.northernstandard.us.com  11370 #              David Clancy 0x67DCE713
> # keyserver.linux.it                 11370 # Marco Nenciarini <[hidden email]> 0xF095E5E4
> # gpg.planetcyborg.de                11370 # Moritz <helios> Rudert 0x4941485B
> # keys-01.licoho.de                  11370 # admin <admin(at)tech(pt)licoho(pt)de> 0xECB2FEC3
> # keys-02.licoho.de                  11370 # admin <admin(at)tech(pt)licoho(pt)de> 0xECB2FEC3
> # keyserver.mesh.deuxpi.ca           11370 # Philippe Gauthier 0xD8E07AFA
> # sks.nimblesec.com                  11370 # James Thomas 0xE600C820
> # key-server.nl                      11370 # Wijnand Modderman-Lenstra <[hidden email]> 0x294DF221
> # keyserver.sincer.us                11370 # Petru Ghita Sherar <[hidden email]> 0x7CF29D04
> # sks.ecks.ca                        11370 # Eric Benoit <[hidden email]> 0x69E65D2C
> # keyserver.mpi-bremen.de            11370 #  <[hidden email]> 0x8A485A10
> # sks.research.nxfifteen.me.uk       11370 # Stuart McCulloch Anderson <[hidden email]> A7EEB609
> # keyserver.nausch.org               11370   # Michael Nausch <[hidden email]> #0x2384C849
> # keys.s-l-c.biz                     11370 # Simon Lange <[hidden email]> 0xBDD503BE
> # pgp.jjim.de                        11370 # Joel Garske <[hidden email]> 0xA921EB20
> # sks.rainydayz.org                  11370 # Admin <[hidden email]> 0xE20840AC
> # keyserver.ut.mephi.ru              11370 # NRNU MEPhI, Dmitry Yu Okunev
> # keys.jhcloos.com                   11370 # James Cloos <[hidden email]> 0xED7DAEA6
> # keyserver.skoopsmedia.net          11370 # Adam Lewicki 0xF3E88A9F
> # openpgp1.claruscomms.net           11370 # ClarusComms OpenPGP Services <[hidden email]> 0x2D6ED5C0
> # keys.exosphere.de                  11370 # Christoph Gebhardt <[hidden email]> 0xE1C2E92C
> # sks.parafoil.net                   11370 # Parke Bostrom <[hidden email]> 0x74E84137
> # liberty.antagonism.org             11370 # Patrick R McDonald 0xA2D1E972
> # sks.fidocon.de                     11370 # Dirk Astrath 0x8351e0af or 0x2840c708
> # keyserver.adamas.ai                11370 # Tyler Durden (Big Brother is watching) <[hidden email]> 0x2A2CF11B
> # schluesselkasten.wertarbyte.de     11370 # Stefan Tomanek 0xAC2C9AAB
> # keys.internet-sicherheit.de        11370 # Stefan Tomanek 0xAC2C9AAB
> # key1.dock23.de                     11370 # Ramón Goeden <[hidden email]> 0xb7c51fd6
>
>
> If you're sure that your server is stable and not affected by the malicious key problem contact me for activating the peering again.
>
> Best Regards,
>
> H.-Dirk Schmitt
>
> --
>
> H.-Dirk Schmitt
> Dipl.Math.
>
> eMail:[hidden email]
> mobile:+49 177 616 8564
> phone: +49 2642 99 41 14
> fax: +49 2642 99 41 15
> Schillerstr. 42, D-53489 Sinzig
>
> pgp: http://www.computer42.org/~dirk/OpenPGP-fingerprint.html
>
>
>
---
Hendrik Visage
HeViS.Co Systems Pty Ltd
T/A Envisage Systems / Envisage Cloud Solutions
+27-84-612-5345 or +27-21-945-1192
[hidden email]




_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: keyserver1.computer42.org is dropping peers [but not keyserver2.computer42.org]

H.-Dirk Schmitt
Thanks, I applied this to keyserver1 and go down from 32Gb to 20 Gb :-)


Am Freitag, den 22.06.2018, 19:48 +0200 schrieb Hendrik Visage:
Hi H-.Dirk

 I’ve been having trouble on my keyservers, and after I added the DB_CONFIG file (below) in the KDB/DB directory, stopped the sks, then ran the commands:
—snip—commands---
db5.3_recover -ev
db5.3_checkpoint -1
db5.3_archive -dv
—snip—commands—

things returned to ~17GB for >5million keys


#************************************************************************#
#* DB_CONFIG - Sample Berkeley DB tunables for use with SKS             *#
#*                                                                      *#
#* Copyright (C) 2011, 2012, 2013  John Clizbe                         *#
#*                                                                      *#
#* This file is part of SKS.  SKS is free software; you can             *#
#* redistribute it and/or modify it under the terms of the GNU General  *#
#* Public License as published by the Free Software Foundation; either  *#
#* version 2 of the License, or (at your option) any later version.     *#
#*                                                                      *#
#* This program is distributed in the hope that it will be useful, but  *#
#* WITHOUT ANY WARRANTY; without even the implied warranty of           *#
#* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU    *#
#* General Public License for more details.                             *#
#*                                                                      *#
#* You should have received a copy of the GNU General Public License    *#
#* along with this program; if not, write to the Free Software          *#
#* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  *#
#* USA or see <http://www.gnu.org/licenses/>.                           *#
#************************************************************************#

set_mp_mmapsize         268435456
set_cachesize    0      134217728 1
set_flags               DB_LOG_AUTOREMOVE
set_lg_regionmax        1048576
set_lg_max              104857600
set_lg_bsize            2097152
set_lk_detect           DB_LOCK_DEFAULT
set_tmp_dir             /tmp
set_lock_timeout        1000
set_txn_timeout         1000
mutex_set_max           65536



_______________________________________________
Sks-devel mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/sks-devel

signature.asc (220 bytes) Download Attachment