[tor] noisetor recovery
Patrick O'Doherty
p at trickod.com
Mon Jul 4 22:30:27 UTC 2016
Ok great.
I'll have a took at the offline-master setup in the coming weeks. It's
not too high a priority over other stuff going on right now.
p.s. today I added automated backups w/ tarsnap such that the key
material is at least backed up should we experience another disk
catastrophe.
aestetix:
> +1
>
> Also thanks for all your hard work in keeping the project going. It
> makes me
> happy :)
>
> On Sun, Jul 03, 2016 at 08:23:16PM -0700, John Menerick wrote:
>> Yes to the dead man switch.
>>
>> John Menerick
>> https://securesql.info
>>
>> On Jul 3, 2016 7:14 PM, "Patrick O'Doherty" <p at trickod.com> wrote:
>>
>> Final check in here.
>>
>> After fighting against some configuration specifics noisetor is now
>> back
>> online. All relays (bar noiseexit01c for some reason) are now
>> appearing
>> in consensus with their old fingerprints. I'm confident that
>> noiseexit01c will be in consensus soon.
>>
>> Given they've been offline for a while they'll have to re-earn some
>> flags, specifically exit, fast, and stable. I'll have to read up on
>> specifics but I think we should have them in a week-ish, followed by a
>> ramp-up of traffic.
>>
>> cheers,
>>
>> p
>>
>> p.s. considering researching an offline-master setup with the existing
>> keys such that we'd have a dead-mans-switch requirement to check up on
>> the box every N months. would be very much interested in hearing
>> people's thoughts on this.
>>
>> Patrick O'Doherty:
>> > Just to follow up,
>> >
>> > The ddrescue that I ran on the disk overnight appears to have
>> created a
>> > good image, at least I believe I have recovered key material for
>> all of
>> > the 4 tor instances that we were running.
>> >
>> > I'll look to get them back up and running with an upgraded tor
>> either
>> > tonight or tomorrow time depending.
>> >
>> > p
>> >
>> > Patrick O'Doherty:
>> >> hey folks,
>> >>
>> >> as some of you might have noticed the noisetor has been offline
>> due to a
>> >> hardware (HDD) failure.
>> >>
>> >> myself and Andy have gotten the host back online, but
>> unfortunately it
>> >> looks as if we've lost the relay key material as the filesystem is
>> >> highly corrupted.
>> >>
>> >> my plan to get noisetor back up and running is as follows:
>> >>
>> >> 1) image the disk and attempt to recover the key material
>> >>
>> >> 2) failing that generate new offline master keys (so that HDD
>> recovery
>> >> doesn't cause this issue again) and create new 18-month signing
>> keys
>> >> such that the relay can live again with minimal upkeep. I'm
>> hoping that
>> >> an 18 month dead mans switch encourages somewhat more frequent
>> >> maintenance of the node going forward.
>> >>
>> >> posting here so there's some semblance of a public plan to get
>> noisetor
>> >> back on its feet.
>> >>
>> >> cheers,
>> >>
>> >> p
>> >>
>> >
>>
>>
>> _______________________________________________
>> tor mailing list
>> tor at lists.noisebridge.net
>> https://www.noisebridge.net/mailman/listinfo/tor
>>
>>
>
>> _______________________________________________
>> tor mailing list
>> tor at lists.noisebridge.net
>> https://www.noisebridge.net/mailman/listinfo/tor
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://lists.noisebridge.net/pipermail/tor/attachments/20160704/aed3ef3d/attachment-0003.sig>
More information about the tor
mailing list