Re: Simulating SKS best practice [Was: keyserver.dobrev.eu is back running Hockeypuck]

2021-04-16 Thread Andrew Gallagher 

On 15/04/2021 15:39, Martin Dobrev wrote:
I can open a PR to change the default software key value from hockeypuck 
to Hockeypuck.


Don't worry, it is already the default - I just mentioned it to warn 
against overriding it locally. I'm not aware of any currently-available 
hockeypuck servers using the lowercase version.


--
Andrew Gallagher



OpenPGP_signature
Description: OpenPGP digital signature

Re: Simulating SKS best practice [Was: keyserver.dobrev.eu is back running Hockeypuck]

2021-04-15 Thread Andreas Puls 




Am 15.04.2021 um 16:39 schrieb Martin Dobrev:

Hi Andrew and team,

On 15/04/2021 12:33, Andrew Gallagher wrote:

On 23/03/2021 12:58, Andrew Gallagher wrote:

On 21/03/2021 21:48, Martin Dobrev wrote:

I had to play with mod_rewrite and force a redirect from
//pks/lookup?op=stats&options=mr/ to //pks/lookup?op=stats /to let
the script parse HTML. I don't have a proper explanation why peers
and recon port are not picked from the produced JSON but left out
(line 286/287).


I can confirm this works, and it has the unexpected side effect that
pgpkeys.eu is now recognised as SKS, even though it is still
declaring itself Hockeypuck.


The following hockeypuck servers appear to have implemented a stats
rewrite rule:

keyserver.dobrev.eu

Server has been reconfigured with the below additional rule.

pgp.cyberbits.eu
keys.okash.it
keys*.andreas-puls.de

Reconfigured both of mine. Should be working.



Could I humbly request of hockeypuck operators that this workaround be
limited to sks-keyservers.net's IP address? This would allow the
machine-readable JSON to be read by other spiders which may or may not
exist in the future... ;-) ;-) ;-)

For example, pgpkeys.eu uses the following apache snippet:

```
RewriteCond %{REMOTE_ADDR} ^37\.191\.231\.105
RewriteCond %{QUERY_STRING} op=stats&options=mr
RewriteRule ^/pks/lookup http://127.0.0.1:11371/pks/lookup?op=stats [P,L]
```

Similarly, could we collectively agree to emit {software:
"Hockeypuck"} and the real Hockeypuck version number when simulating
SKS, so that the human-readable status is accurate? So long as
"Hockeypuck" has a capital "H", the pool spider shouldn't reject you
(it may reject you for other reasons, but not for running hockeypuck).


Full ACK.

I can open a PR to change the default software key value from hockeypuck
to Hockeypuck.

Thanks, everyone.



Regards,
Martin Dobrev


Greetz
  Andreas

Re: Simulating SKS best practice [Was: keyserver.dobrev.eu is back running Hockeypuck]

2021-04-15 Thread Martin Dobrev 

Hi Andrew and team,

On 15/04/2021 12:33, Andrew Gallagher wrote:

On 23/03/2021 12:58, Andrew Gallagher wrote:

On 21/03/2021 21:48, Martin Dobrev wrote:
I had to play with mod_rewrite and force a redirect from 
//pks/lookup?op=stats&options=mr/ to //pks/lookup?op=stats /to let 
the script parse HTML. I don't have a proper explanation why peers 
and recon port are not picked from the produced JSON but left out 
(line 286/287).


I can confirm this works, and it has the unexpected side effect that 
pgpkeys.eu is now recognised as SKS, even though it is still 
declaring itself Hockeypuck.


The following hockeypuck servers appear to have implemented a stats 
rewrite rule:


keyserver.dobrev.eu

Server has been reconfigured with the below additional rule.

pgp.cyberbits.eu
keys.okash.it
keys*.andreas-puls.de

Could I humbly request of hockeypuck operators that this workaround be 
limited to sks-keyservers.net's IP address? This would allow the 
machine-readable JSON to be read by other spiders which may or may not 
exist in the future... ;-) ;-) ;-)


For example, pgpkeys.eu uses the following apache snippet:

```
RewriteCond %{REMOTE_ADDR} ^37\.191\.231\.105
RewriteCond %{QUERY_STRING} op=stats&options=mr
RewriteRule ^/pks/lookup http://127.0.0.1:11371/pks/lookup?op=stats [P,L]
```

Similarly, could we collectively agree to emit {software: 
"Hockeypuck"} and the real Hockeypuck version number when simulating 
SKS, so that the human-readable status is accurate? So long as 
"Hockeypuck" has a capital "H", the pool spider shouldn't reject you 
(it may reject you for other reasons, but not for running hockeypuck).


I can open a PR to change the default software key value from hockeypuck 
to Hockeypuck.

Thanks, everyone.



Regards,
Martin Dobrev



OpenPGP_0xCAAAE2B8C198C9AE.asc
Description: application/pgp-keys


OpenPGP_signature
Description: OpenPGP digital signature

Simulating SKS best practice [Was: keyserver.dobrev.eu is back running Hockeypuck]

2021-04-15 Thread Andrew Gallagher 

On 23/03/2021 12:58, Andrew Gallagher wrote:

On 21/03/2021 21:48, Martin Dobrev wrote:
I had to play with mod_rewrite and force a redirect from 
//pks/lookup?op=stats&options=mr/ to //pks/lookup?op=stats /to let the 
script parse HTML. I don't have a proper explanation why peers and 
recon port are not picked from the produced JSON but left out (line 
286/287).


I can confirm this works, and it has the unexpected side effect that 
pgpkeys.eu is now recognised as SKS, even though it is still declaring 
itself Hockeypuck.


The following hockeypuck servers appear to have implemented a stats 
rewrite rule:


keyserver.dobrev.eu
pgp.cyberbits.eu
keys.okash.it
keys*.andreas-puls.de

Could I humbly request of hockeypuck operators that this workaround be 
limited to sks-keyservers.net's IP address? This would allow the 
machine-readable JSON to be read by other spiders which may or may not 
exist in the future... ;-) ;-) ;-)


For example, pgpkeys.eu uses the following apache snippet:

```
RewriteCond %{REMOTE_ADDR} ^37\.191\.231\.105
RewriteCond %{QUERY_STRING} op=stats&options=mr
RewriteRule ^/pks/lookup http://127.0.0.1:11371/pks/lookup?op=stats [P,L]
```

Similarly, could we collectively agree to emit {software: "Hockeypuck"} 
and the real Hockeypuck version number when simulating SKS, so that the 
human-readable status is accurate? So long as "Hockeypuck" has a capital 
"H", the pool spider shouldn't reject you (it may reject you for other 
reasons, but not for running hockeypuck).


Thanks, everyone.

--
Andrew Gallagher



OpenPGP_signature
Description: OpenPGP digital signature

Re: keyserver.dobrev.eu is back running Hockeypuck

2021-03-23 Thread Andrew Gallagher 

On 23/03/2021 13:32, Martin Dobrev wrote:


Only way to "overwrite" it is to output Software 
 
in the stats page.


Got it. Applied now in pgpkeys.eu for consistency. Thanks!

(And I've also fixed its ipv6...)

--
Andrew Gallagher



OpenPGP_signature
Description: OpenPGP digital signature

Re: keyserver.dobrev.eu is back running Hockeypuck

2021-03-23 Thread Martin Dobrev 

On 23/03/2021 12:58, Andrew Gallagher wrote:
> On 21/03/2021 21:48, Martin Dobrev wrote:
>> I had to play with mod_rewrite and force a redirect from
>> //pks/lookup?op=stats&options=mr/ to //pks/lookup?op=stats /to let
>> the script parse HTML. I don't have a proper explanation why peers
>> and recon port are not picked from the produced JSON but left out
>> (line 286/287).
>
> I can confirm this works, and it has the unexpected side effect that
> pgpkeys.eu is now recognised as SKS, even though it is still declaring
> itself Hockeypuck.
>
This only because Status page sets 'Software' to SKS by default
.
Only way to "overwrite" it is to output Software

in the stats page.

Re: keyserver.dobrev.eu is back running Hockeypuck

2021-03-23 Thread Andrew Gallagher 

On 21/03/2021 21:48, Martin Dobrev wrote:
I had to play with mod_rewrite and force a redirect from 
//pks/lookup?op=stats&options=mr/ to //pks/lookup?op=stats /to let the 
script parse HTML. I don't have a proper explanation why peers and recon 
port are not picked from the produced JSON but left out (line 286/287).


I can confirm this works, and it has the unexpected side effect that 
pgpkeys.eu is now recognised as SKS, even though it is still declaring 
itself Hockeypuck.


--
Andrew Gallagher



OpenPGP_signature
Description: OpenPGP digital signature

Re: keyserver.dobrev.eu is back running Hockeypuck

2021-03-21 Thread Andreas Puls 

Hi,

i also struggeld with this issus.
Only runnign a nginx instead of apache but got the redirect wokring :)

I've created now a patch that just replaces in the json export contact
with server_contact and Total with numkeys.
https://github.com/apuls/hockeypuck/commit/34fbdfcf73b60e6001f3770b86d8750d1c8b5385

In my hockeypuck configuration i've set Version to 1.1.6+ and Software
to SKS

Looking good in the pools stats - only missing some keys right know.

No need to create a redirect or modify the stats template.


Br
  Andreas

Am 21.03.2021 um 22:48 schrieb Martin Dobrev:

Hi,

I can open a PR and let Casey Marshall decide if it's bringing any
long-term value for Hockeypuck. I'm somehow not convinced it is the case
because the patch is trying to only fulfill a contract with SKS status
page generator
.
And the patch alone is not enough to satisfy the logic from
sks-keyservers.net/status-srv/sks_get_peer_data.php



I had to play with mod_rewrite and force a redirect from
//pks/lookup?op=stats&options=mr/ to //pks/lookup?op=stats /to let the
script parse HTML. I don't have a proper explanation why peers and recon
port are not picked from the produced JSON but left out (line 286/287).

Regards,
Martin

On 21/03/2021 18:45, Ryan Hunt wrote:

This is great, thank you for the effort you put into this. I pulled my
keyserver out long ago and am building two news ones now that
Hockeypuck finally looks ready to replace SKS

Are you going to try to merge this back upstream eventually?

-Ryan




On Mar 21, 2021, at 12:38 PM, Martin Dobrev  wrote:

Thanks everyone that messaged me privately. I recon many others are
wondering how my cluster is being setup, so I prepared a small
repository with sample configuration available here:
https://github.com/mclueppers/sks-keyserver-clustering

I hope it helps.

On 21/03/2021 00:38, Martin Dobrev wrote:

Good afternoon,

I've spent last few weeks fiddling and trying to revive three of the
SKS nodes from my cluster. It takes recently more time recovering
from dumps than actually running the service so I decided to give
Hockeypuck a proper go this time.

New cluster is dual node, running Hockeypuck 2.1.0 + some changes to
pass SKS keyservers status checks available here:
https://github.com/mclueppers/hockeypuck/tree/sks-compatability


Regards,
Martin

Re: keyserver.dobrev.eu is back running Hockeypuck

2021-03-21 Thread Martin Dobrev 

Hi,

I can open a PR and let Casey Marshall decide if it's bringing any 
long-term value for Hockeypuck. I'm somehow not convinced it is the case 
because the patch is trying to only fulfill a contract with SKS status 
page generator 
. 
And the patch alone is not enough to satisfy the logic from 
sks-keyservers.net/status-srv/sks_get_peer_data.php 



I had to play with mod_rewrite and force a redirect from 
//pks/lookup?op=stats&options=mr/ to //pks/lookup?op=stats /to let the 
script parse HTML. I don't have a proper explanation why peers and recon 
port are not picked from the produced JSON but left out (line 286/287).


Regards,
Martin

On 21/03/2021 18:45, Ryan Hunt wrote:

This is great, thank you for the effort you put into this. I pulled my 
keyserver out long ago and am building two news ones now that Hockeypuck 
finally looks ready to replace SKS

Are you going to try to merge this back upstream eventually?

-Ryan




On Mar 21, 2021, at 12:38 PM, Martin Dobrev  wrote:

Thanks everyone that messaged me privately. I recon many others are wondering 
how my cluster is being setup, so I prepared a small repository with sample 
configuration available here: 
https://github.com/mclueppers/sks-keyserver-clustering

I hope it helps.

On 21/03/2021 00:38, Martin Dobrev wrote:

Good afternoon,

I've spent last few weeks fiddling and trying to revive three of the SKS nodes 
from my cluster. It takes recently more time recovering from dumps than 
actually running the service so I decided to give Hockeypuck a proper go this 
time.

New cluster is dual node, running Hockeypuck 2.1.0 + some changes to pass SKS 
keyservers status checks available here: 
https://github.com/mclueppers/hockeypuck/tree/sks-compatability


Regards,
Martin

Re: keyserver.dobrev.eu is back running Hockeypuck

2021-03-21 Thread Ryan Hunt 
This is great, thank you for the effort you put into this. I pulled my 
keyserver out long ago and am building two news ones now that Hockeypuck 
finally looks ready to replace SKS

Are you going to try to merge this back upstream eventually?

-Ryan



> On Mar 21, 2021, at 12:38 PM, Martin Dobrev  wrote:
> 
> Thanks everyone that messaged me privately. I recon many others are wondering 
> how my cluster is being setup, so I prepared a small repository with sample 
> configuration available here: 
> https://github.com/mclueppers/sks-keyserver-clustering
> 
> I hope it helps.
> 
> On 21/03/2021 00:38, Martin Dobrev wrote:
>> Good afternoon,
>> 
>> I've spent last few weeks fiddling and trying to revive three of the SKS 
>> nodes from my cluster. It takes recently more time recovering from dumps 
>> than actually running the service so I decided to give Hockeypuck a proper 
>> go this time.
>> 
>> New cluster is dual node, running Hockeypuck 2.1.0 + some changes to pass 
>> SKS keyservers status checks available here: 
>> https://github.com/mclueppers/hockeypuck/tree/sks-compatability
>> 
>> 
>> Regards,
>> Martin
>> 
>> 
> 



signature.asc
Description: Message signed with OpenPGP

Re: keyserver.dobrev.eu is back running Hockeypuck

2021-03-21 Thread Martin Dobrev 
Thanks everyone that messaged me privately. I recon many others are 
wondering how my cluster is being setup, so I prepared a small 
repository with sample configuration available here: 
https://github.com/mclueppers/sks-keyserver-clustering


I hope it helps.

On 21/03/2021 00:38, Martin Dobrev wrote:

Good afternoon,

I've spent last few weeks fiddling and trying to revive three of the 
SKS nodes from my cluster. It takes recently more time recovering from 
dumps than actually running the service so I decided to give 
Hockeypuck a proper go this time.


New cluster is dual node, running Hockeypuck 2.1.0 + some changes to 
pass SKS keyservers status checks available here: 
https://github.com/mclueppers/hockeypuck/tree/sks-compatability



Regards,
Martin

keyserver.dobrev.eu is back running Hockeypuck

2021-03-20 Thread Martin Dobrev 

Good afternoon,

I've spent last few weeks fiddling and trying to revive three of the SKS 
nodes from my cluster. It takes recently more time recovering from dumps 
than actually running the service so I decided to give Hockeypuck a 
proper go this time.


New cluster is dual node, running Hockeypuck 2.1.0 + some changes to 
pass SKS keyservers status checks available here: 
https://github.com/mclueppers/hockeypuck/tree/sks-compatability



Regards,
Martin