[tor-bugs] #31786 [Internal Services/Tor Sysadmin Team]: move dictyotum off moly

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Oct 12 01:59:58 UTC 2019 

#31786: move dictyotum off moly
-------------------------------------------------+-------------------------
 Reporter:  anarcat                              |          Owner:  anarcat
     Type:  task                                 |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:
Component:  Internal Services/Tor Sysadmin Team  |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:                                       |  Actual Points:
Parent ID:  #29974                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by anarcat):

 got this warning by email from bungei:

 {{{
 Subject: Cron <bacula at bungei> chronic /usr/local/bin/bacula-unlink-
 removed-volumes -v
 To: root at bungei.torproject.org
 Date: Sat, 12 Oct 2019 00:00:02 +0000

 Traceback (most recent call last):
   File "/usr/local/bin/bacula-unlink-removed-volumes", line 64, in
 <module>
     conn = psycopg2.connect(args.db)
   File "/usr/lib/python3/dist-packages/psycopg2/__init__.py", line 130, in
 connect
     conn = _connect(dsn, connection_factory=connection_factory, **kwasync)
 psycopg2.OperationalError: could not connect to server: Connection refused
         Is the server running on host "dictyotum.torproject.org"
 (2620:0:6b0:b:1a1a:0:26e5:481b) and accepting
         TCP/IP connections on port 5433?
 could not connect to server: Connection refused
         Is the server running on host "dictyotum.torproject.org"
 (38.229.72.27) and accepting
         TCP/IP connections on port 5433?
 }}}

 as it turns out, `postgresql.conf` *also* needed configuring. I tried to
 add the following statement:

 {{{
 listen_addresses = '*'
 }}}

 but then bungei fails with:

 {{{
 root at bungei:~# psql "service=bacula user=bacula-bungei-reader"
 psql: erreur SSL : certificate verify failed
 }}}

 i also had to fix `/etc/postgresql-common/pg-service.conf` on bungei to
 point to the right host, but the cert verification still fails. i suspect
 we'll need to reissue or distribute those around somehow, although it's
 not clear to me why right now.

 it's weekend now, and i think we can survive it without bungei cleaning up
 its old cruft for now.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31786#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list