[tor-relays] relayor: automation for relay operators (ansible)

Richard Johnson rdump at river.com
Mon Mar 2 01:52:16 UTC 2015 

On 2015-02-27 14:53, Nusenu wrote:
> Supported platforms:
...
> 	- OpenBSD
>
> Everything is still fresh, so I would NOT recommend to use this on
> production relays. Testing and review is appreciated.
>
> There is still a crucial piece missing (init scripts), but I hope tor
> packagers are willing to incorporate multi-init support patches (see
> issues).

In the interest of going with the OS flow and intent/defaults, I recommend the 
following for OpenBSD.

Configure relays with a unique ${tag} appended to "tor".

Say you have 2 IPs, want to run 4 total relays, and you want ${tag} to be 1 2 
3 or 4.  Call each by the name tor${tag}, and use that name to set up resources.

Content changes in the /etc/rc.d/tor... startup/shutdown scripts are unneeded. 
Straight copies to /etc/rc.d/tor${tag} are best for avoiding having to 
maintain them separately across upgrades.

Give each relay its own torrc via /etc/tor/tor${tag}, and each its own 
/var/tor${tag} directory referenced in that torrc.

Then in /etc/rc.conf.local, hook them together and tell OpenBSD how to launch 
each of them:
tor1_flags = {tor1_flags} -f /etc/tor/tor1
tor2_flags = {tor2_flags} -f /etc/tor/tor2
tor3_flags = {tor3_flags} -f /etc/tor/tor3
tor4_flags = {tor4_flags} -f /etc/tor/tor4
pkg_scripts = "... tor1 tor2 tor3 tor4"

At the end of /etc/login.conf, tell OpenBSD to give them a few more resources 
than the default for daemon class:
-------8<-------
# Override resource limits for certain LOCAL daemons started by rc.d(8)
#
# For Tor, set an openfiles-max to override default openfiles-max 1024
# (we leave _tor user in 'daemon' class and rely on /etc/rc.d/tor* names
# to pick up possibly unique settings for each instance)
tor1:\
         :openfiles-cur=1024:\
         :openfiles-max=8192:\
         :tc=daemon:
tor2:\
         :openfiles-cur=1024:\
         :openfiles-max=4096:\
         :tc=daemon:
tor3:\
         :openfiles-cur=1024:\
         :openfiles-max=8192:\
         :tc=daemon:
tor4:\
         :openfiles-cur=1024:\
         :openfiles-max=8192:\
         :tc=daemon:
-------8<-------


Richard

More information about the tor-relays mailing list