[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] new ansible-tor features: automatic instance configuration + automatic MyFamily generation (PATCH)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

> Bug:
> 
> Due to the fact that MyFamily is not written to the torrc in the 
> "first round", torrc files will always change which results in tor 
> processes being reloaded unnecessarily often - which is not what we
> want.
> 
> --list-fingerprint is probably the better approach here.

Patched.

I guess I'll setup a repo and stop sending emails..
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJU46vvAAoJEFv7XvVCELh01b8QAJ3eFrzOT7K5+ysVTNp/PBC7
+A3msVW5NItQBItQCvSc3EOlzc7EMT66FwZzBVwkPPOAttgAcc/GyAMUB7C3DOG1
dkIx50ewqsEywqLbY6tItI2jiEmt98JXFcNC95DJKvfJaCdhEQGj3T4AQKBW/b2l
6hDm3odjP9rm+GmYVbDaDKR8a2ChkRpLAou1TcKT8T/I6e0B3+ANhPkrxiQSNGgi
DdYy8qKSrVK3VJtI17DJxFSvHXpcXiFEeyQXg7U7zMSEAkHf4wAbFXla5B1JkGcN
Po7gbwYG0f7xqRSgGl8tC9p5BHPlZRgVUmCzvzAfstwI12HsOPu0X72WuHumXVsP
liW+7X2lWvaoztAcNOTIJHlvivCoh1e5qbsMNcJ8f9cmxyK+X/TasgKbWa5pWr8F
vvq27RW8oWyBc5VQUPBI6jMelqnuaIrDcwjaDoxzNoqjdSE1gR1pQS/EiTea6vdY
8dWwNVkC580yEndKCZUPfY8NUmdwyaewcY8SSTJeXbZu9ud7JyeWcNlHb0eFjMgj
/02JWcZdGOOFuANEdyEQHd7S30I7MZVHSAGvYkxJdlIQ/yLUmj/Tgs2MMz/DBOgX
HIISPCGAX+F60u4HHxB99+IJiIz2c2yIp1DXDwlCJBhAiTl3WA2nK7dRQpHSD0r6
H+u5pdAalQxhMnH24qJP
=f8+2
-----END PGP SIGNATURE-----
diff --git a/tasks/configure_tor_instance.yml b/tasks/configure_tor_instance.yml
index cd17eef..2003a92 100644
--- a/tasks/configure_tor_instance.yml
+++ b/tasks/configure_tor_instance.yml
@@ -27,40 +27,18 @@
     owner={{ tor_user }}
     mode=2750
 
-- name: generating torrc file(s)...
+- name: generating TEMPORARY (without MyFamily) torrc file(s)...
   template: >
     src=torrc
-    dest="{{ tor_ConfDir }}/{{ item[0] }}_{{ item[1] }}.torrc"
+    dest="{{ tor_ConfDir }}/{{ item[0] }}_{{ item[1] }}.torrc-tmp"
     owner=root
     mode=0644
-    backup=yes
-  with_nested:
-   - "{{ ansible_all_ipv4_addresses }}"
-   - tor_ORPorts
-  register: instances
-
-- name: ensure torrc files are sane
-  shell: "tor --verify-config -f {{ tor_ConfDir }}/{{ item[0] }}_{{ item[1] }}.torrc"
-  with_nested:
-   - "{{ ansible_all_ipv4_addresses }}"
-   - tor_ORPorts
-
-- name: ensure tor instances are reloaded if its torrc changed
-  shell: "kill -HUP `cat {{ tor_PidDir }}/{{ item.item[0] }}_{{ item.item[1] }}.pid`"
-  ignore_errors: yes
-  with_items: instances.results
-  when: item.changed == True
-
-- name: ensure tor instances are running
-  shell: "kill -0 `cat {{ tor_PidDir }}/{{ item[0] }}_{{ item[1] }}.pid` || tor -f {{ tor_ConfDir }}/{{ item[0] }}_{{ item[1] }}.
   with_nested:
    - "{{ ansible_all_ipv4_addresses }}"
    - tor_ORPorts
 
-# each tor instance has been started at least once
-# now we can collect tor fingerprints
-- name: gather relay fingerprints (for MyFamily)
-  shell: "cut -d' ' -f2 {{ tor_DataDir }}/{{ item[0] }}_{{ item[1] }}/fingerprint"
+- name: generate keys (if not in place yet) and gather relay fingerprints (for MyFamily)
+  shell: "tor --hush -f {{ tor_ConfDir }}/{{ item[0] }}_{{ item[1] }}.torrc-tmp --list-fingerprint |cut -d' ' -f2-|sed -e 's, ,,g
   with_nested:
    - "{{ ansible_all_ipv4_addresses }}"
    - tor_ORPorts
@@ -78,7 +56,7 @@
    - tor_ORPorts
   register: instances
 
-- name: ensure torrc files are still sane (after adding MyFamily)
+- name: ensure torrc files are sane
   shell: "tor --verify-config -f {{ tor_ConfDir }}/{{ item[0] }}_{{ item[1] }}.torrc"
   with_nested:
    - "{{ ansible_all_ipv4_addresses }}"
@@ -89,3 +67,9 @@
   ignore_errors: yes
   with_items: instances.results
   when: item.changed == True
+
+- name: ensure tor instances are running
+  shell: "kill -0 `cat {{ tor_PidDir }}/{{ item[0] }}_{{ item[1] }}.pid` || tor -f {{ tor_ConfDir }}/{{ item[0] }}_{{ item[1] }}.
+  with_nested:
+   - "{{ ansible_all_ipv4_addresses }}"
+   - tor_ORPorts

Attachment: MyFamily_reload_fix.patch.sig
Description: PGP signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays