[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] sks-peer.spodhuis.org: 2nd migration imminent
|
From: |
Phil Pennock |
|
Subject: |
Re: [Sks-devel] sks-peer.spodhuis.org: 2nd migration imminent |
|
Date: |
Tue, 22 May 2018 19:24:07 -0400 |
On 2018-05-21 at 02:46 -0400, Phil Pennock wrote:
> If there's anyone who would like to de-peer, please let me know.
No complaints, that's nice. :)
> Otherwise, tomorrow evening (I think) I'll uncomment the membership
> entries on the new host and repoint spodhuis.org DNS, then take down the
> old instance a bit later (after a DNS TTL or so).
As expected, some clients held onto DNS for longer than others. There
are still some clients using the old IP, although that may well be pool
inclusion. I do not expect any peers to be stuck though. It's been 24½
hours on a 5 minute TTL. I'm about to take down sks-paris.
Today I re-deployed sks-ohio with a fresh image containing the latest
Ubuntu kernel today's security fixes (Spectre Variant 4, mostly) and
the outage lasted longer than the expected 1 minute, because I hadn't
updated the image to pull from the correct encrypted repository of TLS
keys, so it was missing the key/cert for sks-ohio and nginx didn't
start. Oops! Fixed.
https://sks-ohio.pennock.tech/pks/lookup?op=stats
FWIW, to better track this down in future, I'm now generating _some_
logs for HKP requests. This does not include IP address. I'll follow
up with a second email to not bury a privacy change deep in this mail.
-Phil
signature.asc
Description: Digital signature