[tor-bugs] #31718 [Internal Services/Tor Sysadmin Team]: Update DNS records for .ooni.torproject.org domains
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Nov 18 17:18:47 UTC 2019
#31718: Update DNS records for .ooni.torproject.org domains
-------------------------------------------------+-------------------------
Reporter: hellais | Owner: anarcat
Type: defect | Status:
| accepted
Priority: Medium | Milestone:
Component: Internal Services/Tor Sysadmin Team | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by anarcat):
i removed the nagios check and let's encrypt cert, then also cleaned this
up in puppet:
{{{
From b8e3ebc8f10c9b2e6654c84e85291c277b861637 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <anarcat at debian.org>
Date: Mon, 18 Nov 2019 12:08:12 -0500
Subject: [PATCH] remove remaining traces of ooni.tpo mirror (#31718)
---
modules/roles/manifests/static_mirror_onion.pp | 3 ++-
modules/roles/manifests/static_mirror_web.pp | 2 +-
.../roles/templates/static-mirroring/vhost/static-vhosts.erb | 1 -
modules/sudo/files/sudoers | 2 --
4 files changed, 3 insertions(+), 5 deletions(-)
diff --git a/modules/roles/manifests/static_mirror_onion.pp
b/modules/roles/manifests/static_mirror_onion.pp
index d9c15fce..706783cd 100644
--- a/modules/roles/manifests/static_mirror_onion.pp
+++ b/modules/roles/manifests/static_mirror_onion.pp
@@ -34,7 +34,6 @@ class roles::static_mirror_onion {
'nyx.torproject.org',
'onion.torproject.org',
'onionperf.torproject.org',
- 'ooni.torproject.org',
'openpgpkey.torproject.org',
'rbm.torproject.org',
'research.torproject.org',
@@ -56,5 +55,7 @@ class roles::static_mirror_onion {
ensure => 'ifstatic';
'spec.torproject.org':
ensure => 'present';
+ 'ooni.torproject.org':
+ ensure => 'absent';
}
}
diff --git a/modules/roles/manifests/static_mirror_web.pp
b/modules/roles/manifests/static_mirror_web.pp
index 997140b7..73859c41 100644
--- a/modules/roles/manifests/static_mirror_web.pp
+++ b/modules/roles/manifests/static_mirror_web.pp
@@ -65,7 +65,7 @@ class roles::static_mirror_web {
ssl::service { 'nyx.torproject.org': ensure => 'ifstatic', notify =>
Exec['service apache2 reload'], key => true, }
ssl::service { 'onion.torproject.org': ensure => 'ifstatic', notify =>
Exec['service apache2 reload'], key => true, }
ssl::service { 'onionperf.torproject.org': ensure => 'ifstatic', notify
=> Exec['service apache2 reload'], key => true, }
- ssl::service { 'ooni.torproject.org': ensure => 'ifstatic', notify =>
Exec['service apache2 reload'], key => true, }
+ ssl::service { 'ooni.torproject.org': ensure => 'absent', notify =>
Exec['service apache2 reload'], key => true, }
ssl::service { 'openpgpkey.torproject.org': ensure => 'ifstatic',
notify => Exec['service apache2 reload'], key => true, }
ssl::service { 'rbm.torproject.org': ensure => 'ifstatic', notify =>
Exec['service apache2 reload'], key => true, }
ssl::service { 'research.torproject.org': ensure => 'ifstatic', notify
=> Exec['service apache2 reload'], key => true, }
diff --git a/modules/roles/templates/static-mirroring/vhost/static-
vhosts.erb b/modules/roles/templates/static-mirroring/vhost/static-
vhosts.erb
index a49d64b5..30fd426b 100644
--- a/modules/roles/templates/static-mirroring/vhost/static-vhosts.erb
+++ b/modules/roles/templates/static-mirroring/vhost/static-vhosts.erb
@@ -152,7 +152,6 @@ vhost(lines, "newsletter.torproject.org")
vhost(lines, "nyx.torproject.org")
vhost(lines, "onion.torproject.org")
vhost(lines, "onionperf.torproject.org")
-vhost(lines, "ooni.torproject.org")
vhost(lines, "openpgpkey.torproject.org", :extra => true)
vhost(lines, "rbm.torproject.org")
vhost(lines, "research.torproject.org")
diff --git a/modules/sudo/files/sudoers b/modules/sudo/files/sudoers
index 39156276..90b2bcbc 100644
--- a/modules/sudo/files/sudoers
+++ b/modules/sudo/files/sudoers
@@ -59,7 +59,6 @@ letsencrypt nevii=(dnsadm)
NOPASSWD: /srv/dns.torproject.org/bin/update
%metrics meronense=(metrics) ALL
%onionoo ONIONOOHOSTS=(onionoo) ALL
%onionoo ONIONOOHOSTS=(onionoo-unpriv) ALL
-%ooni STATICMASTER=(ooni) ALL
%stem STATICMASTER=(stem) ALL
%nyx STATICMASTER=(nyx) ALL
%rtfolks rude=(rtstuff) ALL
@@ -89,7 +88,6 @@ exonerator materculae=(exonerator-web)
NOPASSWD: ALL
%globe STATICMASTER=(mirroradm) NOPASSWD:
/usr/local/bin/static-master-update-component globe.torproject.org,
/usr/local/bin/static-update-component globe.torproject.org
%consensus-health henryi=(mirroradm) NOPASSWD:
/usr/local/bin/static-master-update-component consensus-
health.torproject.org, /usr/local/bin/static-update-component consensus-
health.torproject.org
%torwww,%metrics STATICMASTER=(mirroradm) NOPASSWD:
/usr/local/bin/static-master-update-component onionperf.torproject.org,
/usr/local/bin/static-update-component onionperf.torproject.org
-%ooni STATICMASTER=(mirroradm) NOPASSWD:
/usr/local/bin/static-master-update-component ooni.torproject.org,
/usr/local/bin/static-update-component ooni.torproject.org
%snowflake STATICMASTER=(mirroradm) NOPASSWD:
/usr/local/bin/static-master-update-component snowflake.torproject.org,
/usr/local/bin/static-update-component snowflake.torproject.org
%stem STATICMASTER=(mirroradm) NOPASSWD:
/usr/local/bin/static-master-update-component stem.torproject.org,
/usr/local/bin/static-update-component stem.torproject.org
%nyx STATICMASTER=(mirroradm) NOPASSWD:
/usr/local/bin/static-master-update-component nyx.torproject.org,
/usr/local/bin/static-update-component stem.torproject.org
--
2.20.1
}}}
finally, i need to do documentation and we need to decide if/when we do
HTTP redirects instead of CNAMEs here to finalize this transition. but i
guess that OONI can do those redirects themselves, when they want to as
well...
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31718#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list