[tor-relays] new ansible-tor features: automatic instance configuration + automatic MyFamily generation (PATCH)

Nusenu nusenu at openmailbox.org
Mon Feb 16 17:57:22 UTC 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi David,

thanks for creating ansible-tor. I added two features that are crucial
to me and maybe useful for others as well. If you like it, feel free
to merge - this is my first ansible experience and it is lightly tested.

Example:
lets say you have added a new server to your inventory. The server has
3 public IP addresses (1.1.1.1, 2.2.2.2, 3.3.3.3). After running
ansible-tor with the new changes you will have the following 6 tor
instances/ORPorts running (without manually specifying IP addresses
first):

1.1.1.1:80
1.1.1.1:443
2.2.2.2:80
2.2.2.2:443
3.3.3.3:80
3.3.3.3:443

including MyFamily configuration across all servers/instances.

regards,
Nusenu

changes
=======

- - auto instance deployment without manual IP/ORPort configuration (new)
	starts 2 tor instances per available IP address by default
	makes manually specifying IP addresses and ORPorts via
	proc_instances obsolete
	ORPorts default to 80 and 443 (DirPort not added yet)	
	replace "single.yml" + "instances.yml" -> instance.yml only
	(handles both cases dynamically)
	
- - MyFamily autogeneration (new)
	Keeping all relay fingerprints in sync is probably one
	of the most annoying tasks for a relay operator
	managing multiple relays, now ansible takes care of this
	(all relays need to be in the 'relays' group)	

- - directory structure (changed)
	defaults:
	configs -> /etc/tor/<ip>_<orport>.torrc
	log dir -> /var/log/tor/<ip>_<orport>.log
	datadir -> /var/lib/tor/<ip>_<orport>/
	pid dir -> /var/run/tor/<ip>_<orport>.pid

	(previously everything was located in /etc)

- - added torrc sanity check (tor --verify-config ) (new)

- - torrc files are owned by root (previously owned by $tor_user)

- - the pid file check has been removed since the file is not required
to exist
(it will be created when tor starts)


open
- -----
- - it does not take care of instance removals yet
(in case IPs are no longer available or amount of ORPorts have been
reduced)
- - allow opt-out -> only 1 tor instance per host
(even if there are more IPs available)
- - DirPort support
- - detect RFC1918 IPs (opt-in)
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJU4i+CAAoJEFv7XvVCELh0y+kP/i4Mn/XClgXYloGdgWU9UPR+
Y8yZv97FvJOMPI40tccPKcNPcLQFRvGFYkR96sAOGoMfbJT/tQeH2dOxwAEF31mv
afFkLsVPAOpNzlyO2qP1mkLtB/aYXtZ6jb2+JtpAhVBLKOVFBN2nNRiwdgFYZFGy
f0ZIp7xyR9XcAhXo4nc0hlETREAnbMOgFGM6vqqIpJfimF3liE6va5HNw2CD+7Zd
MmeIOuVNvQh09SiYf48AJpBeBRoybOvmFIPphtXEYlC/y6cd/IyUIYdOBuaLa5td
vQnrQOC7TUgp74uarl0yaatOYOEagl0lrNeN6+Vgy5e0e12TgVccWW5ZosM1PBXG
VH2FTfjHXUO+VN0p4xn6AS0dhWTRKb7isj3jpznTMsiq0AcvXM6DZjkzkcCPChVz
jptdUbNvgpdP7j5X11iZniGpxVe7aFo2wCzgZORY1xMysiigJsL4M/nonr4YO4G9
w7kyNcco9gStklJSvOJXbfX4HrOCuWdq8hp4xubyON+5jpEUgMmG1o/v5NJANV4C
CLzlz4kf9l9o351Z7DJQzilxzDEwe6oZwSWnsq+yB65Mgj5sUJnchi40iPLOHSUr
DaVSSUxoZ8VVNYqqvGYb2fysYa7DsCgofsF/eXP4QyJp1WFNwc0ft6qIhyAGIDwx
RfwQHrA+Lg95mdXDyr0B
=QHkD
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ansible-tor.patch
Type: text/x-patch
Size: 8016 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20150216/e2c63e1c/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ansible-tor.patch.sig
Type: application/pgp-signature
Size: 543 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20150216/e2c63e1c/attachment.sig>

More information about the tor-relays mailing list