#31718: Update DNS records for .ooni.torproject.org domains -------------------------------------------------+------------------------- Reporter: hellais | Owner: anarcat Type: defect | Status: | assigned Priority: Medium | Milestone: Component: Internal Services/Tor Sysadmin Team | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------------+-------------------------
Comment (by anarcat): seems to me that just adding the CNAME will not be enough, as there are many other things to cleanup. the main procedure should be: 1. remove `ooni.torproject.org` from `tor-puppet/modules/roles/misc /static-components.yaml` 2. ??? make it go away from auto-services somehow? 3. add the CNAME Other things to cleanup include: {{{ letsencrypt-domains/domains:46:ooni.torproject.org tor-nagios/config/nagios-master.cfg:1330: name: mirror static sync - ooni tor-nagios/config/nagios-master.cfg:1331: check: "dsa_check_staticsync!ooni.torproject.org" tor-puppet/modules/sudo/files/sudoers:63:%ooni STATICMASTER=(ooni) ALL tor-puppet/modules/sudo/files/sudoers:95:%ooni STATICMASTER=(mirroradm) NOPASSWD: /usr/local/bin/static-master- update-component ooni.torproject.org, /usr/local/bin/static-update- component ooni.torproject.org tor-puppet/modules/roles/manifests/static_mirror_web.pp:74: ssl::service { 'ooni.torproject.org': ensure => 'ifstatic', notify => Exec['service apache2 reload'], key => true, } tor-puppet/modules/roles/manifests/static_mirror_onion.pp:37: 'ooni.torproject.org', tor-puppet/onions/onionbalance-services.yaml:17: [...] }}} I'm particularly concerned about let's encrypt - wouldn't adding the cname break the X509 cert, as we would now point to another server? -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31718#comment:8> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs