[tor-bugs] #31232 [Internal Services/Tor Sysadmin Team]: Migrate default snowflake broker (and bridge?) to TPA machines
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Aug 8 14:56:55 UTC 2019
#31232: Migrate default snowflake broker (and bridge?) to TPA machines
-------------------------------------------------+-------------------------
Reporter: cohosh | Owner: tpa
Type: defect | Status:
| needs_information
Priority: Medium | Milestone:
Component: Internal Services/Tor Sysadmin Team | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by cohosh):
There are a few different scenarios here. Basically what we want in the
end is for us to be able to handle outages and maintenance to key
snowflake infrastructure as an organization without relying solely on dcf.
The key infrastructure here is the snowflake bridge (which is hard-coded
into the proxies and therefore difficult to update a change of IP address
quickly), and the snowflake broker (think of this as bridgeDB but for
Snowflake).
Right now both the bridge and the broker are on hosts and domains owned by
dcf. We as the anti-censorship team have access to the hosts, but if
something goes wrong with the domain (as happened in #31230), our hands
are still tied. We hacked together a temporary fix by pointing
`freehaven.net` domains to the bridge and broker machines but that
shouldn't be our permanent solution.
So to answer your questions:
1) We definitely need a tp.org (or tp.net)? domain to point to the broker
and bridge IP addresses. There is a rumour going around that we only want
to use these domains for hosts we control. If that is true, then we need a
domain-fronted snowflake broker host and a snowflake bridge host. I
suppose it's up to the sysadmin team as to whether these are each their
own machines or not. The resource usage doesn't seem too bad at the moment
but the bridge will need a lot of data transfer. I can be more specific
about resource numbers if needed. I think dcf said he'd be happy to keep
hosting these services as long as we're happy to point our domains at his
machines but I'll let him confirm that.
2) It's not urgent because things are back up and running now but I think
it's a good idea to keep the ball rolling on this. Now if Roger and dcf
are unavailable we're in a tough spot again until we hack together another
quick fix.
3) The anti-censorship team will need root access to both the bridge and
broker for monitoring/logs/installation/update abilities.
As far as #29863 and #31159, we'll still want prometheus monitoring. I'm
not sure whether this is something the anti-censorship team or the
sysadmin team will "own" though. I suppose if TPA absorbs the snowflake
infrastructure, then it is in a similar category as bridgedb or gettor and
I'm not clear on where we are with who is in charge of monitoring this
infrastructure at the moment.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31232#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list