Discussion:
[Sks-devel] Keyserver Network Down?
Matthew Walster
2018-06-19 20:53:51 UTC
Permalink
Hello all,

I was getting alerts for large amounts of IO Wait on my server, I restarted
it and now I'm getting a lot of failures in syslog from sks, either recon
client timeouts / connection refused, or the key fetcher receiving 502 (Bad
Gateway) from servers.

The keyserver status page seems broken also:
https://sks-keyservers.net/status/

Is there some kind of mass breakage occurring with people's sks installs at
the moment?

Matthew Walster
(sysop: keyserver.waffle.sexy)
Kristian Fiskerstrand
2018-06-19 21:09:30 UTC
Permalink
Post by Matthew Walster
https://sks-keyservers.net/status/
This was an intermittent failure, should be back up now.. Needed to
shift around some primaries to bootstrap the crawler.
--
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
Aurum est Potestas
Gold is power
Kristian Fiskerstrand
2018-06-19 21:17:18 UTC
Permalink
Post by Kristian Fiskerstrand
Post by Matthew Walster
https://sks-keyservers.net/status/
This was an intermittent failure, should be back up now.. Needed to
shift around some primaries to bootstrap the crawler.
That said, looks to be very high activity towards my cluster atm, which
was why it timed out on my own server initially during last search,
seems more than 37k hosts requesting keyblocks just from my server
today, so might have to spin up a couple more nodes in the cluster.
--
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
"If you don't drive your business, you will be driven out of business"
(B. C. Forbes)
Kristian Fiskerstrand
2018-06-19 22:35:58 UTC
Permalink
Post by Kristian Fiskerstrand
Post by Kristian Fiskerstrand
Post by Matthew Walster
https://sks-keyservers.net/status/
This was an intermittent failure, should be back up now.. Needed to
shift around some primaries to bootstrap the crawler.
That said, looks to be very high activity towards my cluster atm, which
was why it timed out on my own server initially during last search,
seems more than 37k hosts requesting keyblocks just from my server
today, so might have to spin up a couple more nodes in the cluster.
Seems to be a very high request for mongodb release key, so forcing
caching on the front-end helps relaxing SKS quite a bit, see

https://www.nginx.com/blog/nginx-caching-guide/
https://www.digitalocean.com/community/tutorials/understanding-nginx-http-proxying-load-balancing-buffering-and-caching

some hints
proxy_cache backcache;
proxy_ignore_headers Cache-Control "Expires";
proxy_cache_valid any 30m;
--
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
Fabricando fit faber
Practice makes perfect
Loading...