multi tor instance support for startup scripts
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 I just filed two tickets to add support for multiple tor instances to the official deb/rpm packages. I think this is useful for many relay operators (so they don't have to replace the init scripts themselves anymore). https://trac.torproject.org/projects/tor/ticket/14995 https://trac.torproject.org/projects/tor/ticket/14996 another ticket for tor alpha users: https://trac.torproject.org/projects/tor/ticket/14997 -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJU6zp8AAoJEFv7XvVCELh0mIQP/06x9Ag6N3bb+RxTyt41x8TV lEIcX9JzROZoCHS+bO17BavAHMFJiCRBbCahqT5XHMbE/aXaW0bKP7cjstZxZkxJ uGEXot8z8m3x5YVtb2a5taFwD0wjIJZJBTR0+kJ6waFvs/z7Zh04dRtvXMc9SXeJ gMCGVByIJlJQgdb3CVKgqWSlfiaYrblyY8r7YXu540Qm73yuDcVEVPvH+rudxMot hiDHD/AgC2mgfjzhJSiBCThAakWuBzm/xEDsnJxqQUQL27FYhbCGR49rTxx5rZqx X6+HaZXyvjEh/EkCbevpfNgo4WGAKdGrGTUCzTssPjT9CchqUMRrZAlTe/vpNZpR NuMnKT0z3DFQDO4qsUtplNzSBUmrGTanDqQOnGxMBwcBajx9pWFJsnozb7OBU1LR FL1RJAeZfC7TQUa0r/6/V9gbXrPSoZsI5rK3sSZSa8yLu/OUBRXk4gK36/NXO0at Fq1tM48PNIVolkU/hhb3iYFiyU3d2Qng79iGGzO7mo3/OPsqVKASie6USsiVSDmh nu2IzpXzHKO6+iI3pOn4t6UoEJG2oKmpirH1LhfNKmcJMsH8dLLYDsJWoSKjwfNG ereJB6/0b47sirXUHIPPAXhxEgCW0U26PfUlIvYEjLQ924FgIkjMKfilJJnJXI9O lA8Rpo6ziL6MTcMYkjRX =JmDz -----END PGP SIGNATURE-----
On Mon, Feb 23, 2015 at 3:34 PM, Nusenu <nusenu@openmailbox.org> wrote:
I just filed two tickets to add support for multiple tor instances to the official deb/rpm packages.
I think this is useful for many relay operators (so they don't have to replace the init scripts themselves anymore).
I actually can't see how it can be useful except for Sybil attack. Wouldn't multiple relays per host harm network diversity? Ondrej
On Mon, 23 Feb 2015 16:19:11 +0100, Ondrej Mikle <ondrej.mikle@gmail.com> wrote:
On Mon, Feb 23, 2015 at 3:34 PM, Nusenu <nusenu@openmailbox.org> wrote:
I just filed two tickets to add support for multiple tor instances to the official deb/rpm packages.
I think this is useful for many relay operators (so they don't have to replace the init scripts themselves anymore).
I actually can't see how it can be useful except for Sybil attack.
It's useful on big nodes. Due to technical limitations in how Tor handle multicore, we need to run multiple daemons on a same host so it scales better with the CPU. Even if you have AES-NI. Cheers, Vigdis
On 02/23/2015 06:17 PM, Daniel Jakots wrote:
It's useful on big nodes. Due to technical limitations in how Tor handle multicore, we need to run multiple daemons on a same host so it scales better with the CPU. Even if you have AES-NI.
+1 -- Moritz Bartl https://www.torservers.net/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Daniel Jakots:
It's useful on big nodes. Due to technical limitations in how Tor handle multicore, we need to run multiple daemons on a same host so it scales better with the CPU.
Multiple tor instances can even be useful on systems with low bandwidth (i.e. 10MBit/s) because their consensus weight is so low that they wouldn't attract "enough traffic" (=far from using the entire bw) otherwise (without running more than one instance). -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJU8uK+AAoJEFv7XvVCELh0QwUQAJ4OjzYmRhM7oGsnCPtO5KU/ hvzfHkoy1JIuH2N7df/xeMll1gynzt5FO7LZOWt2xC30UsF9njf0axTc+0LSK3dH qZxVakuFDagFBxTXFhG91k14ObbXubE6nrX5qE1aoF7a6zR22F2ePttygkEZP6Q1 ORDRkWCjYlKcDfONlwjwm09II+q3fCLSAyxskPcFyN2fN4HKqW6e8Z46Ki84RRYT ZCvtAZRpsABKMf3GJEK5jr6/QlSMrmLSde6ziYTXogCaepWtLXP6xtxoNEN2UQpn iPBG7fr36OLRuFiOeclmoCFq4/tCRugUI9fPrZV+uVurx9DTMiVHDHmSmN4yPjdx 2hNGolePF/r8G8wW2T3Sjshuql53S16kbsEGmACF/oUReHcPM6duY+upbCHe3ZQn 5NQ42m7olDl9xxYKGynLAW1M3jNcDnhcwz+wNZb/7yf9vRrK+SjFi/5Fdibp+5x0 G+DEXoDC2cG4F1N6+yL+tqvJoFf9Dn9H+3/RWM2LVeeikChaT/h2hLpvL6h1ANuN HSX72r8kd8vA6kivGTXqEGK+DOPUohbyjymveuiz8XW1pKeOONRO1hPAURwrbw+Y IBcGdWuhqQuIkLYQenxJMjAZ6m/kgG/jmqE64JFD5RIDjKAbI8D7B7nVtYXWuK5B P7FRD3PR9hlW+wOv4Ve4 =TbQm -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Ondrej Mikle:
I just filed two tickets to add support for multiple tor instances to the official deb/rpm packages.
I think this is useful for many relay operators (so they don't have to replace the init scripts themselves anymore).
I actually can't see how it can be useful except for Sybil attack. Wouldn't multiple relays per host harm network diversity?
Hi Ondrej, I'm kinda surprised to read this from the maintainer of the RPM packages. Does that imply you will not accept patches to incorporate multi instance support in the init script shipped with RPM packages? thanks, Nusenu -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJU8OTbAAoJEFv7XvVCELh0rqsQAKEP+ShK/emjVyHb0816+prX a0bHLDUqZNLrSJHNlbSoU1a0IaIvIK1D4aDiuHQNusgwDWpdXip/h2vUB5U4B4e6 acePqLaXGBCAc7qxsGIJMnNgORWjC2Koat6Z2PFPSxmd+z/trXKmpCSToyHQcQmW W9g2A/fQTHp+n/cRhaAYIxQ+CoQ6in6Osy2J77+hqX9s/FqJCiS6+ttk9aLlis6D 3w91jOrbOxq3JnKPFipacUZfw+vuTyuls1jTOW56fJ9Nl0bmkUF9RLYw+WozaE2h l//PSvZcPe5rSuGQOBB52gzsIDK8Q8xcj/mXaJRRncy5jICK/MyrekIG6F2AThxk LqEBhzfFCu9ol3r2kWbhrpVCTcfh2L2GB+cev7gxPBLoiWLLTF2czDB2rLw8hXCG F2b0hbgfKweQyZakcTn0QgTqb1WtE/MKNpfvM/opjk0Eijn2HJOc98s4NgfoeCpo hIaqB46AromuZV94i704tlzbKxZjN327pvzrl7lR4j2UB47Xm3dZkYCQa6c71lUv S9W2GHiuVGkWqsktDUkOFIso0zYWKvtYOGdoRm0QmwcfIsgP9vEIK8Q5664hBCa4 NG6hrirV1Zgc73iVWxKuDFKS33Wh224QIXlZp7wcRxup28Ck5c8BGY9c8+pcKhYP l9arbyVMfCK92gmxvXM6 =WdXu -----END PGP SIGNATURE-----
On 02/27/2015 10:42 PM, Nusenu wrote:
Does that imply you will not accept patches to incorporate multi instance support in the init script shipped with RPM packages?
I still think it's a rather ugly hack that should be solved through virtualization means instead. But if you provide patch that works for all the supported distros (ELs and Fedoras) and doesn't negatively affect existing single-instance installations, I'd merge it. Ondrej
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Ondrej Mikle:
I still think it's a rather ugly hack that should be solved through virtualization means instead.
I'm not sure I'm following you here, could you elaborate?
But if you provide patch that works for all the supported distros (ELs and Fedoras) and doesn't negatively affect existing single-instance installations, I'd merge it.
Thanks for the info. When it comes to the RPM packages I have to think about our past systemd migration discussion [1] that got stuck. Should I pick that up again before writing anything that gets obsolete as soon as you migrate to systemd? (or did you give up on systemd migration?) [1] https://lists.torproject.org/pipermail/tor-dev/2014-August/007361.html -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJU858hAAoJEFv7XvVCELh093oQAIwZmKjYmqT9Yhu9SGQ/IS9l 33372IHXVBimWfj35ljPXgryU34t0CMNb9ZelPm3wcMdqitLXBjurYqCPHsqJBhc abLmSHpwDGgxRWXlqM5J8Eg7GoZMiBUeaV8yCzd+AGSfAxwqNJU/YZ/r5WDgXQ2z V2FixPEc2aS9KA5loQFIfQLwjEx/AyZ7FTth1z1tdBo3RCjbq5VxLDVAr3AT/L5l fJbabN3KVaZuDft/Vyu+iVasnaBhSf//SphKKEagWvOl69AV7O4c6JRIaqixMZij He2I4swLy9KLd2VPN5ReSCFrOVbHgB+FiVY28vZmqffxLcOXxNy2WbD9MW+DbHb+ uc6PlNqb0ZsXPkP07rzBbF6SjGP+gMubRyA55jIXg9I9W1ebiTRETIY+wH6fX02h hsRF5+hgTTvRs51EEb9xZSg/waKY78+tM86i+PyQYsX/mjGJqRuakD7WOIATaSBE 1hDInCC0RLHbQ4q0XkAgkvUfOHovs2S37c4fZ9lfT9HmE31NJLk5Uzdjt8/buOlz 6UtppjJZXVeLDC8G99wvqJGGp6kClZsC4Vu9Rn+7kwbZJOD6MzmPmSceDuoqeyMa Gzr0j0Tvskfu2hePnVk4WdsbDwx7PKJSCx6pzSHdyd1onsj7KoWggEOMz3WXLwSA FkarcuLRzHp6pglb3lbH =EeyG -----END PGP SIGNATURE-----
On 03/02/2015 12:22 AM, Nusenu wrote:
When it comes to the RPM packages I have to think about our past systemd migration discussion [1] that got stuck.
Yes I remember [2].
Should I pick that up again before writing anything that gets obsolete as soon as you migrate to systemd? (or did you give up on systemd migration?)
If you want to write the patch for multi-instance, don't focus on systemd. I don't plan systemd migration anytime soon since current system works and systemd migration would require systemd support on all platforms (not going to happen for EL6 any time soon). I already had had heavily ifdef-ed packaging system because of EL5 and it was major PITA that caused some unpleasant bugs along the way. [2] https://lists.torproject.org/pipermail/tor-dev/2014-August/007363.html
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi everyone, I followed the tickets about the subject and I've found the script they point to, but I didn't find any reference to a git repository, is it set up ? On the other side the script may be useful for no so big relays too, and even for clients. One may wish to start a tor process for TBB, another for TorBirdy, another for bitcoin's core wallet, etc. Lluís Ondrej Mikle:
On 03/02/2015 12:22 AM, Nusenu wrote:
When it comes to the RPM packages I have to think about our past systemd migration discussion [1] that got stuck.
Yes I remember [2].
Should I pick that up again before writing anything that gets obsolete as soon as you migrate to systemd? (or did you give up on systemd migration?)
If you want to write the patch for multi-instance, don't focus on systemd. I don't plan systemd migration anytime soon since current system works and systemd migration would require systemd support on all platforms (not going to happen for EL6 any time soon).
I already had had heavily ifdef-ed packaging system because of EL5 and it was major PITA that caused some unpleasant bugs along the way.
[2] https://lists.torproject.org/pipermail/tor-dev/2014-August/007363.html
_______________________________________________ tor-relays mailing
list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJU+C5OAAoJEJOS0D3m/rNllDgP/1PZNsgJSAcp6djPjxc+hsey wguA0VqgSbskKWlBPyQPZh1sRpqobCNGkvVzgpYOHBgdN1LD8WUUUqvXNSlBwDZ6 uY/qr4fSesp+7xoDn4TlWaoGbxQRWojmyNG3UCglHPxI0jc9dbHrggbTEzLors+7 l+QgpIFxwbM/NuZ9XgBDK3m/vriSzXVvudBGbUxZuC6AWDZHXoA8WkX32RWOj42o m0vW7Og8j3HZcwVFlWlCvIGpOwLyP01SpeUz1a4W7TAkXOtgCy+wobiFQCFR5lIs C2+KD2KA0/INfP9e6S9XBzjxj+I6EsoAmyG3sP44JMAT0XlapIOaTVkF34+XSEu6 Mq5lfcb0pCSGOj98Re9asaNZILZW8cik8CefsyALwo6zViRlziTN+7tzuv7CJhqX +pHMUl/LiUPsXEV5nPe9tLKMyRfpkVQOAAgMG7LFZUykkDoyYYa/+glsuXWRsRwH RSf0Q4fJXsx+Yz+SZQN20h2erZ0pO7yvrlwEAnBfoStaS2dehujlujoV85bER9QC gvd+kR+EqEEOrfFJ8DrNhFNxNNDIFE2hHfTfjtreJySKXSIMUCOzgd7EhSFRsgKA n00poqgYizKJniP+jwrNduwVvhhzB/uJBDhXvraCdri9zUgOrYDsDcCilKiF/qL2 BUdv2/ddcA7bJnVBX5ua =amaV -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
I followed the tickets about the subject and I've found the script they point to, but I didn't find any reference to a git repository, is it set up ?
temporary repo (until something gets merged) - of first drafts: https://github.com/nusenu/tor-multi-instance-initscripts/commit/6929546a2d8e... -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJU+5KEAAoJEFv7XvVCELh0LvIQAKq026OL+4CiqspYESNNFAFH LzSkAX+JlVgKxG4/0SvDTJfj8U/FMfRtSaFF8p4b44cTwqWKrF6NqPOcqftWFXWJ oegHoQ0HD1atfS/B94fyEj8bBkyfGfo4CuyXde2UfJqRj3Mqe19NM96WiBUWIeS1 p2ajZoVmnIhScajH8A1Lnx0sAUSH/tSnV2B152qRapTlk3NkIiMI+8h/NPGw5rVs E4ZIydOZylAdeMO+K6rjQBPetOWFA7qPd7OAUvXW6il/G0bL8gWLKi6Ua0brN2ar a0xc+rbq6ScarO0O/pTh72NMHK43GQOb+dI2B5w2Fv2I52BhlfcAqtyjIUQnM91Y dJz2LdluSTiIRkEAqyBTSVAVRtid20ZNDwSJdywWy3Lx9kiQBM/HJwCSqES+/4TA MqD+9yTj4Rw5GEn9oWJnnR6futygv/zzv3o+tU3YmvJYvo51gWiIEB5uSt4gZKuu DPhwCaIvZe2at+Ftm5t812WcNsWU04Fjy3Jhw9K0nDZtYUbKsBADLP6KHNyWSBV3 U826uzimCpnpOG9Yh5IToQZv1HBr9BrqWAdOuSHP0Ku/VQFNjnKHi3QCnsU3/uim 5HlbhBaz8jy3gCQktjMuKEuATa0BQ74oBTOuosV4vFXUosirvobQAmqgTqijorDS SpQ8w80anhhz3qRCLMr0 =bTVf -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
If you want to write the patch for multi-instance, don't focus on systemd.
Thanks for the info.
I don't plan systemd migration anytime soon since current system works and systemd migration would require systemd support on all platforms (not going to happen for EL6 any time soon).
Yes, that would bring me back to my suggestion from the tor-dev thread about using upstream distro spec files and per-distro packages - but I'll leave it there and try to work something out based on the current script. -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJU+NhnAAoJEFv7XvVCELh0ipYP/0LUZ3yb4lWT45YfeH9lYpZt MGIl+UThbZLQ/ld8flR43g97bpKUDgsn39cKbZCIYyxpK0lx57sqzLz4SuAh+8Ys VqmQ7FGnlvhXMw8v8cbF/rHJDlN/0RD2UTOs848++qg8MyDJPD/TJlA4JmqlAf29 46qgZ0uxrS3HlLrz7hSojPO04KWJC2DC2QPitgeuOek1CildCxaev3/qrkZxEpVJ LLvtCPLtzcH+o/Dx4hejOakw3Ael8I2vp3Y4/RguMONa8xlq9CwpQkSlIUsjGGc+ bXgKkXfro0IXF0RKkOw6Eb+sRSIakI3fk8Gui9NbIa1Unzzxg+WTlkjksF0VpZKn cM/v24UHo2zVg08iyNAiYGTp/My1yU+iLGXe2gExzArS+g5xBlsiEK1wHwGeUNwk rqcXmIYJ0MpniK3pcE3+yaYzoIpHbP7p8fbX1KJ9uYG8DJtsZb13aYxlX/L0l5Tp z66D4na2/X8X2SLbsCPe7gfsqlRpxEgrpy1mL/58o6VC2P8EvhDp/nG9DhB6LySB ZLSulxkB4gNyyk/nvyDidlvInLaBc/Ye2pbjPCyDX49DaVU0Tdzn65cFZrAwJgnW 5hscZ+38MLAn600idqjAp1ZUfeqbWa3lsTsHgFIGZR509x0bF+crpNLnKt+0WaS0 Gqy8HsKFELkL2S3k/mek =c+fY -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Ondrej, before starting I'd like to make sure that this is the authoritative repo: https://gitweb.torproject.org/user/hiviah/rpm-tor.git/ I'll us the 0.2.5 branch https://gitweb.torproject.org/user/hiviah/rpm-tor.git/tree/?h=rpm-release-0.... I just noticed that torctl (which includes configuration) is still in use, so my first step would be to merge the code in torctl into the main init script and then proceed with multi-init support (adds /etc/default/tor). (will be separate commits) looking forward to your reply, Nusenu -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJU+ut0AAoJEFv7XvVCELh0rU4P/0VeWDxzI/vK3zq34TaPl/Br 1+PNgmnPfP3JALHqiKj3K6PV5vTkURGD7cpU4z45IIM0Ce1eBk/g4+DGuJXBAYVm HvyVQei39Ry8X7bQlv/M2t176ZCNGcTAdC9ZBTkToh7KZcXHBS5qjjdX52VXDAST AdeOcAqjKZhrrji27nSUIpXDpyl1tLEmg5kIXmqpnQiAJ9kqfu2pujJ0r5248yvv ROWBzc0fXJvP0FxgrM8yMFLuq3TbbYTTVqs7Vfa8N9GDTrg8m6Ohf9y7tgUtL+03 f7qSbWsYecKsjL557gGqoT0KbeAbg4LVTOePxjGPMo2bGUJ5Mqk+VUk7R3pRfB8h 4eegj5IDsGn2Emdx5RaE2q6AnwPqXjgcq6byY6QwDmX0U3z8sS3O+8w5QcMXNnt5 FCxcoN7IdP7sVM77azNgoGpX9YWVoI4r5kmGolD5x+xMX846h9pHAUoSe4/CpAtI 5x7lt9v/hFGwKcWNnd3WBzP3Ay3n0wGOp/26vW1Kz+0kpZDkMmk5T55s7cHwmWZc jRL9GNB02kpmfAjvx2jX3GLi5S/XQ4dD8QPinseK6s9vbSOB4+fJULrMcuULh1AF WwcLGK/4mc1BlzaJvyXMNghOIs5vBrsX8FvT/aTE0MqKF8Mj05lI4ThKieSk0weq 7DNHTXzzY4jBI19qSks9 =s/N/ -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
I just filed two tickets to add support for multiple tor instances to the official deb/rpm packages.
I think this is useful for many relay operators (so they don't have to replace the init scripts themselves anymore).
I attached a patch to the debian version of this enhancement request [1] - it is based on [2]. If MULTI_INSTANCE == 'yes' - can be set in /etc/default/tor - we take files from /etc/tor/enabled/*.torrc into account (thanks to federico3 for suggesting the 'enabled' subfolder). If it is not set, the behaviour should not change at all for the user. Feedback and review welcome. [1] https://trac.torproject.org/projects/tor/attachment/ticket/14995/tor.init.pa... [2] https://gist.github.com/7adietri/9122199 -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJU9GoVAAoJEFv7XvVCELh0m58P/1AvIfhQzsQ0xyhAQYkgWw3K /cRt6UFVS/57E9PLGU0orCE7GkzuS44fCOSU5pkuDzpzze9YYQxXARSsyFnep4AR IDONm4exUZSK0sIimKG+SWNfV7pob46zolfiRWMBeCPa4Alav+OlKsVa9pDlUy82 SGS57oTGpQRmOpvI0A/gopdnFygcTawcJhI/p8ztQLcqymOtBEgWMLfDRgwdLjac qKe4YUqveUdGOkcwaE8q6tGy9n/5Uvc1TscURqBJogzjHsCBPeNka18kmgmHk2Rx YGvSvdZKKGk6GmMuMo37wff6/agoFSHjOrQpbAuu6dLbo8BevGD8Cm0ChfND41rg PdV536is3Bds+2PLtdNOHke1MZ2OBjB+2csNuWsKQ5uOCzOnvgsCoyBusBf9K5Iy eBS7CP/IV+azJsj/NCS7blmrN0ToqI3Y1JVRXPEbf8e08GNzdFQEqryYa0ScDmex Iy3BxnGnYIOZxaWFOTcAoDoNh+5xprWvR+ojsnmmRC/hbywlPujrkSpD6xZjxF8L toMeVkg63zJhzGI5rS05BDWy0i5+f+ZoR4xOjlP9NBzvfpq+y4KjFm7YvpdJa9Aj SJ4fJgjdCuwUfXlh8EcBR0ccfOHISpppkU01urlwpxvK5prmVEIw51JheQh1kEZe +QwPjjH0IXII3F2Ef1Xf =A7ul -----END PGP SIGNATURE-----
participants (5)
-
Daniel Jakots -
Lluís -
Moritz Bartl -
Nusenu -
Ondrej Mikle