[tor] noisetor recovery

Patrick O'Doherty p at trickod.com
Mon Jul 4 02:14:00 UTC 2016 

Final check in here.

After fighting against some configuration specifics noisetor is now back
online. All relays (bar noiseexit01c for some reason) are now appearing
in consensus with their old fingerprints. I'm confident that
noiseexit01c will be in consensus soon.

Given they've been offline for a while they'll have to re-earn some
flags, specifically exit, fast, and stable. I'll have to read up on
specifics but I think we should have them in a week-ish, followed by a
ramp-up of traffic.

cheers,

p

p.s. considering researching an offline-master setup with the existing
keys such that we'd have a dead-mans-switch requirement to check up on
the box every N months. would be very much interested in hearing
people's thoughts on this.

Patrick O'Doherty:
> Just to follow up,
> 
> The ddrescue that I ran on the disk overnight appears to have created a
> good image, at least I believe I have recovered key material for all of
> the 4 tor instances that we were running.
> 
> I'll look to get them back up and running with an upgraded tor either
> tonight or tomorrow time depending.
> 
> p
> 
> Patrick O'Doherty:
>> hey folks,
>>
>> as some of you might have noticed the noisetor has been offline due to a
>> hardware (HDD) failure.
>>
>> myself and Andy have gotten the host back online, but unfortunately it
>> looks as if we've lost the relay key material as the filesystem is
>> highly corrupted.
>>
>> my plan to get noisetor back up and running is as follows:
>>
>> 1) image the disk and attempt to recover the key material
>>
>> 2) failing that generate new offline master keys (so that HDD recovery
>> doesn't cause this issue again) and create new 18-month signing keys
>> such that the relay can live again with minimal upkeep. I'm hoping that
>> an 18 month dead mans switch encourages somewhat more frequent
>> maintenance of the node going forward.
>>
>> posting here so there's some semblance of a public plan to get noisetor
>> back on its feet.
>>
>> cheers,
>>
>> p
>>
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://www.noisebridge.net/pipermail/tor/attachments/20160704/6ece48ea/attachment-0002.sig>

More information about the tor mailing list