seeking peers for hyperboria.net.pl

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
21 messages Options
12
Reply | Threaded
Open this post in threaded view
|

seeking peers for hyperboria.net.pl

Adam Wojcieszonek
Hi all
I am looking for peers for a new SKS keyserver installation.

- SKS version 1.1.6, on hyperboria.net.pl:11371
- Location - Poland (PL)
- loaded dump from keys.niif.hu/ (14.10.2020)
- I see total number of keys loaded 5757797

- direct contact [hidden email]
regards
Adam Wojcieszonek




Reply | Threaded
Open this post in threaded view
|

Re: seeking peers for hyperboria.net.pl

Adam Wojcieszonek
sorry for mistake, full address is : keyserver.hyperboria.net.pl



‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
środa, 14 października 2020 23:26, Adam Wojcieszonek <[hidden email]> napisał(a):

Hi all
I am looking for peers for a new SKS keyserver installation.

- SKS version 1.1.6, on hyperboria.net.pl:11371
- Location - Poland (PL)
- loaded dump from keys.niif.hu/ (14.10.2020)
- I see total number of keys loaded 5757797

- direct contact [hidden email]
regards
Adam Wojcieszonek




Reply | Threaded
Open this post in threaded view
|

Re: seeking peers for hyperboria.net.pl

Dan Egli
On 10/14/2020 3:31 PM, Adam Wojcieszonek wrote:
sorry for mistake, full address is : keyserver.hyperboria.net.pl



Go ahead and add keyserver.newideatest.site to your peer list. I'll add you to mine. Welcome to the sks world!


-- 
Dan Egli
On my Test server

OpenPGP_0xF8A7B3F2AAB08F9D.asc (1K) Download Attachment
OpenPGP_signature (505 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: seeking peers for hyperboria.net.pl

Ángel
In reply to this post by Adam Wojcieszonek
On 2020-10-14 at 21:26 +0000, Adam Wojcieszonek wrote:
> - loaded dump from keys.niif.hu/ (14.10.2020)

Unless I'm missing something, the last dump from keys.niif.hu,
https://keys.niif.hu/keydump/ is nearly 2 months old.



Reply | Threaded
Open this post in threaded view
|

Re: seeking peers for hyperboria.net.pl

Dan Egli
On 10/14/2020 7:04 PM, Ángel wrote:
On 2020-10-14 at 21:26 +0000, Adam Wojcieszonek wrote:
- loaded dump from keys.niif.hu/ (14.10.2020)
Unless I'm missing something, the last dump from keys.niif.hu, 
https://keys.niif.hu/keydump/ is nearly 2 months old.



It does appear that way. But he'll catch up eventually. That was my soruce too about a month ago.


-- 
Dan Egli
On my Test server

OpenPGP_0xF8A7B3F2AAB08F9D.asc (1K) Download Attachment
OpenPGP_signature (505 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: seeking peers for hyperboria.net.pl

Skip Carter
In reply to this post by Adam Wojcieszonek

the last time that I had to do a full key load, I found that 

 http://pgp.key-server.io/dump/current/

was reliable.

Currently I have 6059298 at keyserver.taygeta.com



On Wed, 2020-10-14 at 21:26 +0000, Adam Wojcieszonek wrote:

> Hi all
> I am looking for peers for a new SKS keyserver installation.
>
> - SKS version 1.1.6, on hyperboria.net.pl:11371
> - Location - Poland (PL)
> - loaded dump from keys.niif.hu/ (14.10.2020)
> - I see total number of keys loaded 5757797
>
> - direct contact [hidden email]
> regards
> Adam Wojcieszonek
>
>
>
>
--
Dr Everett (Skip) Carter  0xF29BF36844FB7922
[hidden email]

Taygeta Scientific Inc
607 Charles Ave
Seaside CA 93955
831-641-0645 x103


signature.asc (673 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: seeking peers for hyperboria.net.pl

Gabor Kiss
In reply to this post by Adam Wojcieszonek
On Wed, 14 Oct 2020, Adam Wojcieszonek wrote:

> - loaded dump from
> keys.niif.hu/
> (14.10.2020)

Folks,

FYI unfortunately the last successful dump was two months
ago on keys.niif.hu.
Since then some database corruption prevents dumping.

I delete the garbled files from the dump area right now.
I hope at the weekend I'll have some spare time to rebuild
the whole server from scratch.

Gabor

Reply | Threaded
Open this post in threaded view
|

Re: seeking peers for hyperboria.net.pl

Todd Fleisher
I have placed a current dump @ https://sks.pod02.fleetstreetops.com/dump/2020-10-15/ if anyone needs it. Otherwise, recon will need to catch up 301,510 keys based on the stats pages of http://keyserver.hyperboria.net.pl:11371/pks/lookup?op=stats & other servers that are current in the network. Adam W’s server also lists epidemic.cs.cornell.edu 11370 in it’s membership file, but that hostname does not resolve in DNS. I would recommend he delete his current instance and start over with a current dump if he wants to participate in the pool. I would also urge operators to check the stats page of a new server requesting peering to ensure the delta is low before adding them to the network.

-T

> On Oct 14, 2020, at 20:54, Gabor Kiss <[hidden email]> wrote:
>
> On Wed, 14 Oct 2020, Adam Wojcieszonek wrote:
>
>> - loaded dump from
>> keys.niif.hu/
>> (14.10.2020)
>
> Folks,
>
> FYI unfortunately the last successful dump was two months
> ago on keys.niif.hu.
> Since then some database corruption prevents dumping.
>
> I delete the garbled files from the dump area right now.
> I hope at the weekend I'll have some spare time to rebuild
> the whole server from scratch.
>
> Gabor
>


signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: seeking peers for hyperboria.net.pl

Adam Wojcieszonek
ok, I have downloaded Your dump. ..with using "http" instead of "https" because of errors.

Now when trying to normal rebuild then:

DB time:  0.38 min.  Total time: 0.84 min.
Loading keys...Fatal error: exception Stack overflow
Command failed unexpectedly. Bailing out

...and when fast rebuild :

=== Running fastbuild... ===
./sks_build.sh: line 62: 29051 Segmentation fault      /usr/sbin/sks $mode -n 10 -cache 100
Command failed unexpectedly. Bailing out

What can be a reason ? Is there any debug option to find what's going on ???








‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
czwartek, 15 października 2020 07:03, Todd Fleisher <[hidden email]> napisał(a):

> I have placed a current dump @ https://sks.pod02.fleetstreetops.com/dump/2020-10-15/ if anyone needs it. Otherwise, recon will need to catch up 301,510 keys based on the stats pages of http://keyserver.hyperboria.net.pl:11371/pks/lookup?op=stats & other servers that are current in the network. Adam W’s server also lists epidemic.cs.cornell.edu 11370 in it’s membership file, but that hostname does not resolve in DNS. I would recommend he delete his current instance and start over with a current dump if he wants to participate in the pool. I would also urge operators to check the stats page of a new server requesting peering to ensure the delta is low before adding them to the network.
>
> -T
>
> > On Oct 14, 2020, at 20:54, Gabor Kiss [hidden email] wrote:
> > On Wed, 14 Oct 2020, Adam Wojcieszonek wrote:
> >
> > > -   loaded dump from
> > >     keys.niif.hu/
> > >     (14.10.2020)
> > >
> >
> > Folks,
> > FYI unfortunately the last successful dump was two months
> > ago on keys.niif.hu.
> > Since then some database corruption prevents dumping.
> > I delete the garbled files from the dump area right now.
> > I hope at the weekend I'll have some spare time to rebuild
> > the whole server from scratch.
> > Gabor



Reply | Threaded
Open this post in threaded view
|

Re: seeking peers for hyperboria.net.pl

Gabor Kiss
On Thu, 15 Oct 2020, Adam Wojcieszonek wrote:

> Now when trying to normal rebuild then:
>
> DB time:  0.38 min.  Total time: 0.84 min.
> Loading keys...Fatal error: exception Stack overflow
> Command failed unexpectedly. Bailing out
>
> ...and when fast rebuild :
>
> === Running fastbuild... ===
> ./sks_build.sh: line 62: 29051 Segmentation fault      /usr/sbin/sks $mode -n 10 -cache 100
> Command failed unexpectedly. Bailing out
>
> What can be a reason ? Is there any debug option to find what's going on ???

Some of the dump files contains certain keys with enermous amount of
fake signatures. The program that reads these files cannot handle
the situation.

This summer I had to write a script that filters out the largest
files before I load the dumps in the database.
Yes, I lose some valid keys initially but at least I have a working
and not empty server that can retrieve the missing keys from the peers.

Gabor

Reply | Threaded
Open this post in threaded view
|

Re: seeking peers for hyperboria.net.pl

Skip Carter
In reply to this post by Adam Wojcieszonek
To avoid stack overflow type: ulimit -s unlimited
before building


Also after building a full build, move the dump out of the way,
otherwise you will have hunreds of open file handles consumed by sks
(you can see this if you type: lsof | grep sks)


On Thu, 2020-10-15 at 14:46 +0000, Adam Wojcieszonek wrote:

> ok, I have downloaded Your dump. ..with using "http" instead of
> "https" because of errors.
>
> Now when trying to normal rebuild then:
>
> DB time:  0.38 min.  Total time: 0.84 min.
> Loading keys...Fatal error: exception Stack overflow
> Command failed unexpectedly. Bailing out
>
> ...and when fast rebuild :
>
> === Running fastbuild... ===
> ./sks_build.sh: line 62: 29051 Segmentation fault      /usr/sbin/sks
> $mode -n 10 -cache 100
> Command failed unexpectedly. Bailing out
>
> What can be a reason ? Is there any debug option to find what's going
> on ???
>
>
>
>
>
>
>
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> czwartek, 15 października 2020 07:03, Todd Fleisher <todd@fleetstreet
> ops.com> napisał(a):
>
> > I have placed a current dump @ https://sks.pod02.fleetstreetops.com
> > /dump/2020-10-15/ if anyone needs it. Otherwise, recon will need to
> > catch up 301,510 keys based on the stats pages of
> > http://keyserver.hyperboria.net.pl:11371/pks/lookup?op=stats &
> > other servers that are current in the network. Adam W’s server also
> > lists epidemic.cs.cornell.edu 11370 in it’s membership file, but
> > that hostname does not resolve in DNS. I would recommend he delete
> > his current instance and start over with a current dump if he wants
> > to participate in the pool. I would also urge operators to check
> > the stats page of a new server requesting peering to ensure the
> > delta is low before adding them to the network.
> >
> > -T
> >
> > > On Oct 14, 2020, at 20:54, Gabor Kiss [hidden email] wrote:
> > > On Wed, 14 Oct 2020, Adam Wojcieszonek wrote:
> > >
> > > > -   loaded dump from
> > > >     keys.niif.hu/
> > > >     (14.10.2020)
> > > >
> > >
> > > Folks,
> > > FYI unfortunately the last successful dump was two months
> > > ago on keys.niif.hu.
> > > Since then some database corruption prevents dumping.
> > > I delete the garbled files from the dump area right now.
> > > I hope at the weekend I'll have some spare time to rebuild
> > > the whole server from scratch.
> > > Gabor
>
>
>
--
Dr Everett (Skip) Carter  0xF29BF36844FB7922
[hidden email]

Taygeta Scientific Inc
607 Charles Ave
Seaside CA 93955
831-641-0645 x103


signature.asc (673 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: seeking peers for hyperboria.net.pl

Gabor Kiss
In reply to this post by Gabor Kiss
On Thu, 15 Oct 2020, Todd Fleisher wrote:

> Do you mean largest files or largest keys within files? Either way, could you

I cannot analyse the dumps. (I started to wrote a parser but I could
not finish it.) So I simply check file sizes. Script computes the average
of lengths and standard deviation and it drops the most suspicious files.
Then it recomputes again for the rest of files.
It iterates a few (10) times.
Then it suggest a command that lists files to be deleted. Just copy&paste
after visual checking.

> share this script with me for my own knowledge and/or future use? I figured
> I?d start here with you off-list, but if you think it?s helpful and are
> comfortable sharing it with the world feel free to reply on list.

Here is the code:
-----------------8<------------------8<----------------------
#!/bin/bash

dir=/var/lib/sks/dump

filestat () {
        local -a sizes=( $(stat --printf='%s '  "$@" ) )
        local count=${#sizes[*]}
        local totalsize=$(( $(echo ${sizes[*]} | tr ' ' '+') ))
        local mean=$(( $totalsize/$count ))

        local stddev=$( (
                echo m=$mean    # mean
                echo n=$count   # count
                echo s=0        # sum of (x-m)^2
                for s in ${sizes[*]}
                do
                        echo "s += ($s-m)^2"
                done
                echo 'sqrt(s/n)'
        ) | bc)

        echo $mean $stddev $count
}

read mean stddev count < <(filestat $dir/*.pgp)
echo $mean $stddev $count

for a in $(seq 1 10) ; do
        maxsize=$(( $mean + 4*$stddev ))
        normalfiles=$(find $dir -maxdepth 1 -type f -name '*.pgp' -size -${maxsize}c)
        read mean stddev count < <(filestat $normalfiles)
        echo $mean $stddev $count
done

(find $dir -maxdepth 1 -type f -name '*.pgp' -size -${maxsize}c |
xargs ls -lsh |
sort -h ;
find $dir -maxdepth 1 -type f -name '*.pgp' -size +${maxsize}c |
xargs ls -lsh |
sort -h) |
cat -n

echo "find $dir -maxdepth 1 -type f -name '*.pgp' -size +${maxsize}c"
-----------------8<------------------8<----------------------

Cheers

Gabor
--
E-mail = m-mail * c-mail ^ 2

Reply | Threaded
Open this post in threaded view
|

Re: seeking peers for hyperboria.net.pl

Ángel
In reply to this post by Adam Wojcieszonek
On 2020-10-15 at 14:46 +0000, Adam Wojcieszonek wrote:
> ok, I have downloaded Your dump. ..with using "http" instead of
> "https" because of errors.

https://sks.pod02.fleetstreetops.com/ works fine here. The only catch I
see is that it is using a sks certificate. Thus, you would need to
validate usng the sks-keyservers CA (preferred) or skip certificate
validation altogether.

You may already have a copy of this CA in e.g. /usr/share/gnupg/sks-
keyservers.netCA.pem, it can also be downloaded from
https://sks-keyservers.net/verify_tls.php

(the CA file has sha256 0666ee848e03a48f3ea7bb008dbe9d63dfde280af82fb4412a04bf4e24cab36b)

If you were going to use wget as instructed on the README, you would
simply need to add a parameter like --ca-certificate=$HOME/sks-keyservers.netCA.pem
to validate against this alternate CA.

Best regards


Reply | Threaded
Open this post in threaded view
|

Re: seeking peers for hyperboria.net.pl

Adam Wojcieszonek
Hi again
My server (Debian 9) is configured according to mrjones plip blog https://blog.plip.com/2018/06/29/deploying-a-pgp-sks-server-on-ubuntu-18-04/
Looks like similar to other configuration tutorials but as i observe my proxy is hanging every time. This causes srv is thrown every hour from the pool. Does anyone have an idea how to fix it ??
I've testet adding "retry=0" to web proxy configuration and also extend timeouts in apache2.conf by adding "Timeout 2400, ProxyTimeout 2400, ProxyBadHeader Ignore" but nothing changes. Can You give some examples of Apache configuration ? (tried also to search Google and this mailing list but no right fixes found for SKS).
I am also worried about errors in the log that I wrote about yesterday night.

br

Adam




Sks running few hours and I already have few questions.
I have traced syslog and can see frequently recurring event logs. Not sure something is wrong with sksconf ?

1.


Oct 16 00:58:32 Khaos sks[10527]: 2020-10-16 00:58:32 99 keys received
Oct 16 00:59:32 Khaos sks[10526]: 2020-10-16 00:59:32 add_keys_merge failed: Eventloop.SigAlarm
Oct 16 00:59:32 Khaos sks[10526]: 2020-10-16 00:59:32 Key addition failed: Eventloop.SigAlarm

(last few hours see 0 updated keys in stats page  but DB folder size growing really fast  . After Eventloop.SigAlarm sks instance is unresponsive few minutes and cannot enter stats page)

2.
Oct 16 00:52:11 Khaos sks[10526]: x-forwarded-server:keyserver.hyperboria.net.pl]): Sys_error("Connection reset by peer")

3.
Oct 16 00:50:00 Khaos sks[771]: host:127.0.0.1:11371
Oct 16 00:50:00 Khaos sks[771]: pragma:no-cache
Oct 16 00:50:00 Khaos sks[771]: via:1.1 keyserver.hyperboria.net.pl:11371
Oct 16 00:50:00 Khaos sks[771]: x-forwarded-for:217.76.45.34
Oct 16 00:50:00 Khaos sks[771]: x-forwarded-host:pool.sks-keyservers.net:11371
Oct 16 00:50:00 Khaos sks[771]: x-forwarded-server:keyserver.hyperboria.net.pl]): Sys_error("Broken pipe")

Can someone explain me what above does it mean ?

Here is conf with addressess. IP's should be local , external IP or leave as it is 127.0.0.1 ?
# recon_address: 127.0.0.1
recon_port: 11370
hkp_address: 127.0.0.1 ::1
hkp_port: 11371

Adam



Reply | Threaded
Open this post in threaded view
|

ODP: seeking peers for hyperboria.net.pl

Marcin Gondek
Hi,


Maybe my old notes with dual SKS will help.

Thanks,

--

Marcin Gondek / Drixter
AS56662



Od: Sks-devel <sks-devel-bounces+drixter=[hidden email]> w imieniu użytkownika Adam Wojcieszonek <[hidden email]>
Wysłane: piątek, 16 października 2020 12:37
Do: [hidden email] <[hidden email]>
Temat: Re: seeking peers for hyperboria.net.pl
 
Hi again
My server (Debian 9) is configured according to mrjones plip blog https://blog.plip.com/2018/06/29/deploying-a-pgp-sks-server-on-ubuntu-18-04/
Looks like similar to other configuration tutorials but as i observe my proxy is hanging every time. This causes srv is thrown every hour from the pool. Does anyone have an idea how to fix it ??
I've testet adding "retry=0" to web proxy configuration and also extend timeouts in apache2.conf by adding "Timeout 2400, ProxyTimeout 2400, ProxyBadHeader Ignore" but nothing changes. Can You give some examples of Apache configuration ? (tried also to search Google and this mailing list but no right fixes found for SKS).
I am also worried about errors in the log that I wrote about yesterday night.

br

Adam




Sks running few hours and I already have few questions.
I have traced syslog and can see frequently recurring event logs. Not sure something is wrong with sksconf ?

1.


Oct 16 00:58:32 Khaos sks[10527]: 2020-10-16 00:58:32 99 keys received
Oct 16 00:59:32 Khaos sks[10526]: 2020-10-16 00:59:32 add_keys_merge failed: Eventloop.SigAlarm
Oct 16 00:59:32 Khaos sks[10526]: 2020-10-16 00:59:32 Key addition failed: Eventloop.SigAlarm

(last few hours see 0 updated keys in stats page  but DB folder size growing really fast  . After Eventloop.SigAlarm sks instance is unresponsive few minutes and cannot enter stats page)

2.
Oct 16 00:52:11 Khaos sks[10526]: x-forwarded-server:keyserver.hyperboria.net.pl]): Sys_error("Connection reset by peer")

3.
Oct 16 00:50:00 Khaos sks[771]: host:127.0.0.1:11371
Oct 16 00:50:00 Khaos sks[771]: pragma:no-cache
Oct 16 00:50:00 Khaos sks[771]: via:1.1 keyserver.hyperboria.net.pl:11371
Oct 16 00:50:00 Khaos sks[771]: x-forwarded-for:217.76.45.34
Oct 16 00:50:00 Khaos sks[771]: x-forwarded-host:pool.sks-keyservers.net:11371
Oct 16 00:50:00 Khaos sks[771]: x-forwarded-server:keyserver.hyperboria.net.pl]): Sys_error("Broken pipe")

Can someone explain me what above does it mean ?

Here is conf with addressess. IP's should be local , external IP or leave as it is 127.0.0.1 ?
# recon_address: 127.0.0.1
recon_port: 11370
hkp_address: 127.0.0.1 ::1
hkp_port: 11371

Adam



Reply | Threaded
Open this post in threaded view
|

Re: ODP: seeking peers for hyperboria.net.pl

Adam Wojcieszonek
Hi,
Thanks for valuable suggestion. Today night will try with Varnish cache.

Dziękuję ,pozdrawiam serdecznie

Adam






‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
piątek, 16 października 2020 12:41, Marcin Gondek <[hidden email]> napisał(a):

Hi,


Maybe my old notes with dual SKS will help.

Thanks,

--

Marcin Gondek / Drixter
AS56662






Od: Sks-devel <sks-devel-bounces+drixter=[hidden email]> w imieniu użytkownika Adam Wojcieszonek <[hidden email]>
Wysłane: piątek, 16 października 2020 12:37
Do: [hidden email] <[hidden email]>
Temat: Re: seeking peers for hyperboria.net.pl
 
Hi again
My server (Debian 9) is configured according to mrjones plip blog https://blog.plip.com/2018/06/29/deploying-a-pgp-sks-server-on-ubuntu-18-04/
Looks like similar to other configuration tutorials but as i observe my proxy is hanging every time. This causes srv is thrown every hour from the pool. Does anyone have an idea how to fix it ??
I've testet adding "retry=0" to web proxy configuration and also extend timeouts in apache2.conf by adding "Timeout 2400, ProxyTimeout 2400, ProxyBadHeader Ignore" but nothing changes. Can You give some examples of Apache configuration ? (tried also to search Google and this mailing list but no right fixes found for SKS).
I am also worried about errors in the log that I wrote about yesterday night.

br

Adam




Sks running few hours and I already have few questions.
I have traced syslog and can see frequently recurring event logs. Not sure something is wrong with sksconf ?

1.


Oct 16 00:58:32 Khaos sks[10527]: 2020-10-16 00:58:32 99 keys received
Oct 16 00:59:32 Khaos sks[10526]: 2020-10-16 00:59:32 add_keys_merge failed: Eventloop.SigAlarm
Oct 16 00:59:32 Khaos sks[10526]: 2020-10-16 00:59:32 Key addition failed: Eventloop.SigAlarm

(last few hours see 0 updated keys in stats page  but DB folder size growing really fast  . After Eventloop.SigAlarm sks instance is unresponsive few minutes and cannot enter stats page)

2.
Oct 16 00:52:11 Khaos sks[10526]: x-forwarded-server:keyserver.hyperboria.net.pl]): Sys_error("Connection reset by peer")

3.
Oct 16 00:50:00 Khaos sks[771]: host:127.0.0.1:11371
Oct 16 00:50:00 Khaos sks[771]: pragma:no-cache
Oct 16 00:50:00 Khaos sks[771]: via:1.1 keyserver.hyperboria.net.pl:11371
Oct 16 00:50:00 Khaos sks[771]: x-forwarded-for:217.76.45.34
Oct 16 00:50:00 Khaos sks[771]: x-forwarded-host:pool.sks-keyservers.net:11371
Oct 16 00:50:00 Khaos sks[771]: x-forwarded-server:keyserver.hyperboria.net.pl]): Sys_error("Broken pipe")

Can someone explain me what above does it mean ?

Here is conf with addressess. IP's should be local , external IP or leave as it is 127.0.0.1 ?
# recon_address: 127.0.0.1
recon_port: 11370
hkp_address: 127.0.0.1 ::1
hkp_port: 11371

Adam




Reply | Threaded
Open this post in threaded view
|

Re: seeking peers for hyperboria.net.pl

Todd Fleisher
Adam,
You can also search the list archives for a thread with subject "SKS scaling configuration which goes into detail about how to build a more robust pool of nodes to service requests. The software is far from perfect and you will likely see some errors even under “normal” operation. I wouldn’t worry about them unless they are causing specific issues.

Marcin,
Very cool info on your website, thanks for sharing.

-T

On Oct 16, 2020, at 06:00, Adam Wojcieszonek <[hidden email]> wrote:

Hi,
Thanks for valuable suggestion. Today night will try with Varnish cache.

Dziękuję ,pozdrawiam serdecznie

Adam






‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
piątek, 16 października 2020 12:41, Marcin Gondek <[hidden email]> napisał(a):

Hi,


Maybe my old notes with dual SKS will help.

Thanks,

--

Marcin Gondek / Drixter
AS56662






Od: Sks-devel <[hidden email]> w imieniu użytkownika Adam Wojcieszonek <[hidden email]>
Wysłane: piątek, 16 października 2020 12:37
Do: [hidden email] <[hidden email]>
Temat: Re: seeking peers for hyperboria.net.pl
 
Hi again
My server (Debian 9) is configured according to mrjones plip blog https://blog.plip.com/2018/06/29/deploying-a-pgp-sks-server-on-ubuntu-18-04/
Looks like similar to other configuration tutorials but as i observe my proxy is hanging every time. This causes srv is thrown every hour from the pool. Does anyone have an idea how to fix it ??
I've testet adding "retry=0" to web proxy configuration and also extend timeouts in apache2.conf by adding "Timeout 2400, ProxyTimeout 2400, ProxyBadHeader Ignore" but nothing changes. Can You give some examples of Apache configuration ? (tried also to search Google and this mailing list but no right fixes found for SKS).
I am also worried about errors in the log that I wrote about yesterday night.

br

Adam




Sks running few hours and I already have few questions.
I have traced syslog and can see frequently recurring event logs. Not sure something is wrong with sksconf ?

1.


Oct 16 00:58:32 Khaos sks[10527]: 2020-10-16 00:58:32 99 keys received
Oct 16 00:59:32 Khaos sks[10526]: 2020-10-16 00:59:32 add_keys_merge failed: Eventloop.SigAlarm
Oct 16 00:59:32 Khaos sks[10526]: 2020-10-16 00:59:32 Key addition failed: Eventloop.SigAlarm

(last few hours see 0 updated keys in stats page  but DB folder size growing really fast  . After Eventloop.SigAlarm sks instance is unresponsive few minutes and cannot enter stats page)

2.
Oct 16 00:52:11 Khaos sks[10526]: x-forwarded-server:keyserver.hyperboria.net.pl]): Sys_error("Connection reset by peer")

3.
Oct 16 00:50:00 Khaos sks[771]: host:127.0.0.1:11371
Oct 16 00:50:00 Khaos sks[771]: pragma:no-cache
Oct 16 00:50:00 Khaos sks[771]: via:1.1 keyserver.hyperboria.net.pl:11371
Oct 16 00:50:00 Khaos sks[771]: x-forwarded-for:217.76.45.34
Oct 16 00:50:00 Khaos sks[771]: x-forwarded-host:pool.sks-keyservers.net:11371
Oct 16 00:50:00 Khaos sks[771]: x-forwarded-server:keyserver.hyperboria.net.pl]): Sys_error("Broken pipe")

Can someone explain me what above does it mean ?

Here is conf with addressess. IP's should be local , external IP or leave as it is 127.0.0.1 ?
# recon_address: 127.0.0.1
recon_port: 11370
hkp_address: 127.0.0.1 ::1
hkp_port: 11371

Adam






signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: ODP: seeking peers for hyperboria.net.pl

Adam Wojcieszonek
In reply to this post by Marcin Gondek
Hi Marcin
For short test have added Varnish cache and reconfigure apache + sks but Varnish does not pass proxy properly in Your example configuration. Only mainpage of sks showed but not stats. Means apache cannot see nothing after /pks/...
Sure have to less experience with proper Varnish configuration. But really good news is daily historgam of sks moving forward with Your sks config .

br
Adam



‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
piątek, 16 października 2020 12:41, Marcin Gondek <[hidden email]> napisał(a):

Hi,


Maybe my old notes with dual SKS will help.

Thanks,

--

Marcin Gondek / Drixter
AS56662






Od: Sks-devel <sks-devel-bounces+drixter=[hidden email]> w imieniu użytkownika Adam Wojcieszonek <[hidden email]>
Wysłane: piątek, 16 października 2020 12:37
Do: [hidden email] <[hidden email]>
Temat: Re: seeking peers for hyperboria.net.pl
 
Hi again
My server (Debian 9) is configured according to mrjones plip blog https://blog.plip.com/2018/06/29/deploying-a-pgp-sks-server-on-ubuntu-18-04/
Looks like similar to other configuration tutorials but as i observe my proxy is hanging every time. This causes srv is thrown every hour from the pool. Does anyone have an idea how to fix it ??
I've testet adding "retry=0" to web proxy configuration and also extend timeouts in apache2.conf by adding "Timeout 2400, ProxyTimeout 2400, ProxyBadHeader Ignore" but nothing changes. Can You give some examples of Apache configuration ? (tried also to search Google and this mailing list but no right fixes found for SKS).
I am also worried about errors in the log that I wrote about yesterday night.

br

Adam




Sks running few hours and I already have few questions.
I have traced syslog and can see frequently recurring event logs. Not sure something is wrong with sksconf ?

1.


Oct 16 00:58:32 Khaos sks[10527]: 2020-10-16 00:58:32 99 keys received
Oct 16 00:59:32 Khaos sks[10526]: 2020-10-16 00:59:32 add_keys_merge failed: Eventloop.SigAlarm
Oct 16 00:59:32 Khaos sks[10526]: 2020-10-16 00:59:32 Key addition failed: Eventloop.SigAlarm

(last few hours see 0 updated keys in stats page  but DB folder size growing really fast  . After Eventloop.SigAlarm sks instance is unresponsive few minutes and cannot enter stats page)

2.
Oct 16 00:52:11 Khaos sks[10526]: x-forwarded-server:keyserver.hyperboria.net.pl]): Sys_error("Connection reset by peer")

3.
Oct 16 00:50:00 Khaos sks[771]: host:127.0.0.1:11371
Oct 16 00:50:00 Khaos sks[771]: pragma:no-cache
Oct 16 00:50:00 Khaos sks[771]: via:1.1 keyserver.hyperboria.net.pl:11371
Oct 16 00:50:00 Khaos sks[771]: x-forwarded-for:217.76.45.34
Oct 16 00:50:00 Khaos sks[771]: x-forwarded-host:pool.sks-keyservers.net:11371
Oct 16 00:50:00 Khaos sks[771]: x-forwarded-server:keyserver.hyperboria.net.pl]): Sys_error("Broken pipe")

Can someone explain me what above does it mean ?

Here is conf with addressess. IP's should be local , external IP or leave as it is 127.0.0.1 ?
# recon_address: 127.0.0.1
recon_port: 11370
hkp_address: 127.0.0.1 ::1
hkp_port: 11371

Adam




Reply | Threaded
Open this post in threaded view
|

RE: ODP: seeking peers for hyperboria.net.pl

Marcin Gondek

Hi Adam,

 

Be carefully about SKS, behind Varnish, SKS servers are running on different ports, not standard ones, Varnish is a frontend of them.

Generally such setup works for me in past, SKS anyway need to be monitored and restarted if crash by puppet for example, but Varnish did it’s job, did proper LoadBalance + HeathCheck and was used to massive caching, so only few queries goes to SKS directly, only when Varnish didn’t have it on selfcache.

 

I stop running did, because I’ve running from my home box and have limited upload bandwidth.

 

Thanks,

 

--

Marcin Gondek / Drixter

http://fido.e-utp.net/

AS56662

 

From: Adam Wojcieszonek <[hidden email]>
Sent: Saturday, October 17, 2020 12:55 AM
To: Marcin Gondek <[hidden email]>
Cc: [hidden email]
Subject: Re: ODP: seeking peers for hyperboria.net.pl

 

Hi Marcin

For short test have added Varnish cache and reconfigure apache + sks but Varnish does not pass proxy properly in Your example configuration. Only mainpage of sks showed but not stats. Means apache cannot see nothing after /pks/...

Sure have to less experience with proper Varnish configuration. But really good news is daily historgam of sks moving forward with Your sks config .

 

br

Adam

 

 

 

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

piątek, 16 października 2020 12:41, Marcin Gondek <[hidden email]> napisał(a):

 

Hi,

 

 

Maybe my old notes with dual SKS will help.

 

Thanks,

 

--

Marcin Gondek / Drixter

AS56662

 

 

 


 

Od: Sks-devel <[hidden email]> w imieniu użytkownika Adam Wojcieszonek <[hidden email]>
Wysłane: piątek, 16 października 2020 12:37
Do: [hidden email] <[hidden email]>
Temat: Re: seeking peers for hyperboria.net.pl

 

Hi again

My server (Debian 9) is configured according to mrjones plip blog https://blog.plip.com/2018/06/29/deploying-a-pgp-sks-server-on-ubuntu-18-04/

Looks like similar to other configuration tutorials but as i observe my proxy is hanging every time. This causes srv is thrown every hour from the pool. Does anyone have an idea how to fix it ??

I've testet adding "retry=0" to web proxy configuration and also extend timeouts in apache2.conf by adding "Timeout 2400, ProxyTimeout 2400, ProxyBadHeader Ignore" but nothing changes. Can You give some examples of Apache configuration ? (tried also to search Google and this mailing list but no right fixes found for SKS).

I am also worried about errors in the log that I wrote about yesterday night.

 

br

 

Adam

 

 

 

 

Sks running few hours and I already have few questions.

I have traced syslog and can see frequently recurring event logs. Not sure something is wrong with sksconf ?

 

1.

 

 

Oct 16 00:58:32 Khaos sks[10527]: 2020-10-16 00:58:32 99 keys received

Oct 16 00:59:32 Khaos sks[10526]: 2020-10-16 00:59:32 add_keys_merge failed: Eventloop.SigAlarm

Oct 16 00:59:32 Khaos sks[10526]: 2020-10-16 00:59:32 Key addition failed: Eventloop.SigAlarm

 

(last few hours see 0 updated keys in stats page  but DB folder size growing really fast  . After Eventloop.SigAlarm sks instance is unresponsive few minutes and cannot enter stats page)

 

2.

Oct 16 00:52:11 Khaos sks[10526]: x-forwarded-server:keyserver.hyperboria.net.pl]): Sys_error("Connection reset by peer")

 

3.

Oct 16 00:50:00 Khaos sks[771]: host:127.0.0.1:11371

Oct 16 00:50:00 Khaos sks[771]: pragma:no-cache

Oct 16 00:50:00 Khaos sks[771]: via:1.1 keyserver.hyperboria.net.pl:11371

Oct 16 00:50:00 Khaos sks[771]: x-forwarded-for:217.76.45.34

Oct 16 00:50:00 Khaos sks[771]: x-forwarded-host:pool.sks-keyservers.net:11371

Oct 16 00:50:00 Khaos sks[771]: x-forwarded-server:keyserver.hyperboria.net.pl]): Sys_error("Broken pipe")

 

Can someone explain me what above does it mean ?

 

Here is conf with addressess. IP's should be local , external IP or leave as it is 127.0.0.1 ?

# recon_address: 127.0.0.1

recon_port: 11370

hkp_address: 127.0.0.1 ::1

hkp_port: 11371

 

Adam

 

 

 

 


openpgp-digital-signature.asc (203 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: seeking peers for hyperboria.net.pl

Adam Wojcieszonek
In reply to this post by Todd Fleisher
Hi Todd,
Last 4 days I'm reading all threads with sks tunning, suggestions / troubles / errors etc.. It's really large dose of valuable informations.
SKS gives me different surprises every day. Final tunning its one of most important thing but it's very difficult to prevent malfunctions with unknown reasons. Today new one again - SKS shutting down every few hours. When restarting manually, situation repeats itself after few hours. 

sks.service - SKS database service
   Loaded: loaded (/lib/systemd/system/sks.service; enabled; vendor preset: disabled)
   Active: failed (Result: signal) since Sat 2020-10-17 15:55:14 CEST; 22min ago
     Docs: man:sks(8)
  Process: 3474 ExecStart=/usr/sbin/sks -stdoutlog db (code=killed, signal=SEGV)
Main PID: 3474 (code=killed, signal=SEGV)

Oct 17 15:55:14 Khaos systemd[1]: sks.service: Main process exited, code=killed, status=11/SEGV
Oct 17 15:55:14 Khaos systemd[1]: sks.service: Failed with result 'signal'.

Keeping keys on servers like sks is a very important goal for a positive idea but costs much work and attention.

br

Adam





‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
piątek, 16 października 2020 18:33, Todd Fleisher <[hidden email]> napisał(a):

Adam,
You can also search the list archives for a thread with subject "SKS scaling configuration which goes into detail about how to build a more robust pool of nodes to service requests. The software is far from perfect and you will likely see some errors even under “normal” operation. I wouldn’t worry about them unless they are causing specific issues.

Marcin,
Very cool info on your website, thanks for sharing.

-T

On Oct 16, 2020, at 06:00, Adam Wojcieszonek <[hidden email]> wrote:

Hi,
Thanks for valuable suggestion. Today night will try with Varnish cache.

Dziękuję ,pozdrawiam serdecznie

Adam






‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
piątek, 16 października 2020 12:41, Marcin Gondek <[hidden email]> napisał(a):

Hi,


Maybe my old notes with dual SKS will help.

Thanks,

--

Marcin Gondek / Drixter
AS56662






Od: Sks-devel <[hidden email]> w imieniu użytkownika Adam Wojcieszonek <[hidden email]>
Wysłane: piątek, 16 października 2020 12:37
Do: [hidden email] <[hidden email]>
Temat: Re: seeking peers for hyperboria.net.pl
 
Hi again
My server (Debian 9) is configured according to mrjones plip blog https://blog.plip.com/2018/06/29/deploying-a-pgp-sks-server-on-ubuntu-18-04/
Looks like similar to other configuration tutorials but as i observe my proxy is hanging every time. This causes srv is thrown every hour from the pool. Does anyone have an idea how to fix it ??
I've testet adding "retry=0" to web proxy configuration and also extend timeouts in apache2.conf by adding "Timeout 2400, ProxyTimeout 2400, ProxyBadHeader Ignore" but nothing changes. Can You give some examples of Apache configuration ? (tried also to search Google and this mailing list but no right fixes found for SKS).
I am also worried about errors in the log that I wrote about yesterday night.

br

Adam




Sks running few hours and I already have few questions.
I have traced syslog and can see frequently recurring event logs. Not sure something is wrong with sksconf ?

1.


Oct 16 00:58:32 Khaos sks[10527]: 2020-10-16 00:58:32 99 keys received
Oct 16 00:59:32 Khaos sks[10526]: 2020-10-16 00:59:32 add_keys_merge failed: Eventloop.SigAlarm
Oct 16 00:59:32 Khaos sks[10526]: 2020-10-16 00:59:32 Key addition failed: Eventloop.SigAlarm

(last few hours see 0 updated keys in stats page  but DB folder size growing really fast  . After Eventloop.SigAlarm sks instance is unresponsive few minutes and cannot enter stats page)

2.
Oct 16 00:52:11 Khaos sks[10526]: x-forwarded-server:keyserver.hyperboria.net.pl]): Sys_error("Connection reset by peer")

3.
Oct 16 00:50:00 Khaos sks[771]: host:127.0.0.1:11371
Oct 16 00:50:00 Khaos sks[771]: pragma:no-cache
Oct 16 00:50:00 Khaos sks[771]: via:1.1 keyserver.hyperboria.net.pl:11371
Oct 16 00:50:00 Khaos sks[771]: x-forwarded-for:217.76.45.34
Oct 16 00:50:00 Khaos sks[771]: x-forwarded-host:pool.sks-keyservers.net:11371
Oct 16 00:50:00 Khaos sks[771]: x-forwarded-server:keyserver.hyperboria.net.pl]): Sys_error("Broken pipe")

Can someone explain me what above does it mean ?

Here is conf with addressess. IP's should be local , external IP or leave as it is 127.0.0.1 ?
# recon_address: 127.0.0.1
recon_port: 11370
hkp_address: 127.0.0.1 ::1
hkp_port: 11371

Adam





12