Re: [Sks-devel] sks.disunitedstates.com down and out

[David Benfell]

Quoting Christian Felsing <address@hidden>:

> Hello David,
>
> as desired I removed your server from our membership file.
>
> I am running SKS 1.1.5+ on CentOS6 (LXC container) and CentOS7 (KVM) for
> a long time w/o problems. In the past I had similar problems, but
> switching clocksource to tsc solved database problems. My current
> installations are working with tsc (LXC) and kvm-clock (kvm)
>
> You should give it a new try, may be it will work then.

This is on FreeBSD. The relevant sysctl variable for tsc is  
kern.timecounter.invariant_tsc . It's on by default.

I'm not running on a virtual machine, so if I understand correctly,  
kvm is irrelevant.

> An other SKS server admin found a problem if sks recon is running via
> haproxy tcp: SKS consumes lot of memory and does no longer gossip keys
> then while tcp service is still available. This can be exploited only,
> if there is a membership entry to such a server.

I'm not using haproxy.
> If there is a documentation how recon works, I would consider to build a
> new solution on Jetty with Hypersonic SQL or any other JDBC database.
> BouncyCastle is able to analyze PGP keys. Java is considered to be more
> spread than ocaml.

I tend to shy away from java. It, too, seems to be problematic, for a  
number of reasons including memory leaks and CPU hogging. And I've  
seen these problems with just about every java application I've tried  
to leave running.

--
David Benfell <address@hidden>

pgp1FgsqZuoOE.pgp
Description: PGP Digital Signature