[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Your thoughts and any objective performance data
|
From: |
Jeremy T. Bouse |
|
Subject: |
Re: [Sks-devel] Your thoughts and any objective performance data |
|
Date: |
Mon, 5 Oct 2015 18:32:49 -0400 |
|
User-agent: |
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 |
On 10/5/2015 4:34 PM, Pete Stephenson wrote:
> On Mon, Oct 5, 2015 at 10:20 PM, Jeremy T. Bouse
> <address@hidden> wrote:
>> Okay, so I need to rebuild the sks.undergrid.net cluster to upgrade
>> the base OS image. I currently have the nginx and sks configuration
>> handled via Salt so that isn't a big issue with me rebuilding from
>> scratch. The issue is the systems have 20GB drives and the sks database
>> is 13GB. This presents the problem of I can't download a keydump, import
>> it and delete it. If I had the space I could actually automate that with
>> Salt easily enough. The only other options is to do the fastbuild and
>> keep the dump files letting it use that for those keys instead of
>> reading them into the DB. Previously what I did was I had built another
>> server with additional drive space and imported the keys then rsynced
>> the DB file over. I've had to do that a couple times before when I've
>> had issues with upgrades. Since it's a cluster no one really even
>> notices when I've done that.
> I had a similar issue since my server is hosted on the smallest server
> on DigitalOcean (20GB SSD). For importing a keydump, I just spun up a
> new VM in the same zone and set it up as an NFS share and mounted that
> share on the main server. I downloaded the keydump to the NFS server,
> then imported the keydump into the main server. When done, I deleted
> the NFS server. Worked pretty well for me.
Doing similar wouldn't really be a burden as I can actually build it out
as a deploy mapping to fire off an NFS instance and run the state
against it to grab the keydump along with the number of instances for
the cluster. I've got other servers running in the environment that I
might even be able to just use as an NFS server already. Wouldn't
require any special permissions on the mount so long as the 'sks' user
could read the files. Then the only issue is that the actual sks-buid.sh
that comes with the Debian sks package never runs cleanly on virtual
machines without tweaking it. Specifically the 'sks build' call... the
script uses '-n 10 -cache 100' but I'm typically finding I need to run
with '-n 2 -cache 50' to ensure it runs. The 'sks pbuild' is never a
problem though.
smime.p7s
Description: S/MIME Cryptographic Signature