[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #33766 [Internal Services/Tor Sysadmin Team]: DNS renumbering procedure fails if git server is unavailable (was: DNS renumbering procedure fails if git is untouched)

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #33766 [Internal Services/Tor Sysadmin Team]: DNS renumbering procedure fails if git server is unavailable (was: DNS renumbering procedure fails if git is untouched)
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 31 Mar 2020 18:10:22 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 31 Mar 2020 14:10:32 -0400
In-reply-to: <047.5daf45b73bd3513deb30eb75c0576c9f@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.5daf45b73bd3513deb30eb75c0576c9f@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, blackhole@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#33766: DNS renumbering procedure fails if git server is unavailable
-------------------------------------------------+-------------------------
 Reporter:  anarcat                              |          Owner:  tpa
     Type:  defect                               |         Status:
                                                 |  needs_revision
 Priority:  High                                 |      Milestone:
Component:  Internal Services/Tor Sysadmin Team  |        Version:
 Severity:  Major                                |     Resolution:
 Keywords:                                       |  Actual Points:
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by anarcat):

 weasel gave me a few more hints:

  6. ud-replicate *does* call the update script:

     {{{
 rebuild_zones=0
 if [ -e /var/lib/misc/thishost/dns-sshfp ]; then
   if ! cmp -s /var/lib/misc/thishost/dns-sshfp "$tempfile"; then
     rebuild_zones=1
   fi
 fi
 [..]
 if [ "${rebuild_zones}" -gt 0 ]; then
   sudo -u dnsadm /srv/dns.torproject.org/bin/update
 fi
 }}}

  7. the update can be triggered by hand with the last command above,
     `sudo -u dnsadm /srv/dns.torproject.org/bin/update`, possibly with
     `--force`

  8. the `$INCLUDE "/var/lib/misc/thishost/dns-sshfp"` from the
     `dns/domains.git` zonefile is not parsed by bind, but by
     "makezonefile or whatever it's called to syntax check and to add
     the SOA header"

 What seems to have happened here is specific to the migration of vineale
 and the git infrastructure: the `update` script failed because it could
 not pull from git (because the original server was done), and aborted
 everything.

 So the following should have happened instead:

  * `update` should have continued with the cached copy of the git repo if
 git pull failed
  * failing that, `ud-replicate` should have warned about the problem
 instead of silently succeeding, and retried until it worked

 The above two points feel like the code changes that could happen to avoid
 that problem in the future. Everything else seems like docs that could be
 thrown in `tsa/howto/ldap.mdwn`.

 But for now, i'll just go back to business as usual and try to get some
 more shit done instead.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33766#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #33766 [Internal Services/Tor Sysadmin Team]: DNS renumbering procedure fails if git is untouched
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #32672 [Core Tor/Tor]: Reject 0.2.9 and 0.4.0 in dirserv_rejects_tor_version()
Next by Author: Re: [tor-bugs] #19251 [Applications/Tor Browser]: TorBrowser might want to have an error page specific to when .onion links fail
Previous by thread: Re: [tor-bugs] #33766 [Internal Services/Tor Sysadmin Team]: DNS renumbering procedure fails if git is untouched
Next by thread: [tor-bugs] #33767 [Core Tor/Tor]: consider using a GitHub mirror for tor-rust-dependencies
Index(es):
- Author
- Thread