[tor] Update: all our deployed relays are now managed by ansible

Patrick O'Doherty p at trickod.com
Mon Aug 14 17:32:26 UTC 2017


Hey folks,

This weekend I completed the migration of our first exit exit-01 to be
managed by our central ansible playbook alongside exit-03. I also
migrated the middle relay deployed on Pegusas @ 2169 into the playbook
such that *every* relay that we now run is centrally managed and deployed.

The source code for this playbook is available on Github @
https://github.com/noisetor/noisetor.ansible.

This is a big win in terms of ongoing maintenance costs, and also means
that adding new nodes to the network will be trivial. On top of that all
of these nodes are now running with offline master keys, meaning that we
can very easily migrate hosts and burn the signing keys in the event of
any trouble. I have the master key material backed up and ready to
distribute to people.

The two remaining areas that I want to look into are a) monitoring and
b) modifying the playbook to support tor upgrades. I've already started
on the monitoring side of things and I suspect that it'll only take a
few hours more to get it to completion. I'll merge the changes once the
monitoring host is deployed and ready to share.

Looking forward to seeing folks this evening.

cheers,

p

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://www.noisebridge.net/pipermail/tor/attachments/20170814/50295d7a/attachment-0002.sig>


More information about the tor mailing list