[tor-bugs] #32239 [Internal Services/Tor Sysadmin Team]: setup a cache frontend for the blog

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Oct 31 18:34:14 UTC 2019 

#32239: setup a cache frontend for the blog
-------------------------------------------------+-------------------------
 Reporter:  anarcat                              |          Owner:  anarcat
     Type:  task                                 |         Status:
                                                 |  accepted
 Priority:  Medium                               |      Milestone:
Component:  Internal Services/Tor Sysadmin Team  |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:                                       |  Actual Points:
Parent ID:  #32090                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Old description:

> design docs in https://help.torproject.org/tsa/howto/cache/
>
> launch checklist:
>
>  1. alternatives listing and comparison (done)
>  2. deploy a test virtual machine by hand, say `cache-01.tpo` (done)
>  3. benchmark the different alternatives (done, ATS and nginx comparable)
>  4. setup secondary node with Puppet, say `cache-02.tpo` (in progress,
> missing puppet config)
>  4. validation benchmark against both nodes
>  5. lower DNS to 300 seconds, wait an hour
>  6. flip DNS to the cache node, wait and monitor for 5 minutes
>  7. raise DNS back to 1h if all goes well.
>
> Disaster recovery:
>
>  1. flip DNS back to pantheon

New description:

 design docs in https://help.torproject.org/tsa/howto/cache/

 launch checklist:

  1. alternatives listing and comparison (done)
  2. deploy a test virtual machine by hand, say `cache-01.tpo` (done)
  3. benchmark the different alternatives (done, ATS and nginx comparable)
  4. setup secondary node with Puppet, say `cache-02.tpo` (done)
  4. validation benchmark against both nodes (partial)
  5. lower DNS to 300 seconds, wait an hour (set TTL to 10min, waiting)
  6. flip DNS to the cache node, wait and monitor for 5 minutes
  7. raise DNS back to 1h if all goes well.

 Disaster recovery:

  1. flip DNS back to pantheon

--

Comment (by anarcat):

 new node is up and works, configured with puppet and the new nginx module.

 copied the cipher suite from the apache config, but i'm not sure about
 that, so I opened #32351 to followup on the suite in apache too.

 next step is to deploy on the original node with puppet, run sanity tests
 against both nodes, then flip the switch. whoohoo!

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32239#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list