responding inline >> Would you mind telling me which 2 features are critical for your >> use-case and why? > > - - automatic instance deployment (and all the dependencies that comes > with that, like ORListenAddress - without it tor0 would block tor2 from > starting since they are binding on the same port) > > - - automatic MyFamily management > this is just too annoying to manage manually
OK. I'd like for this feature to co-exist with the current configure_tor_instance.yml... because other entities are currently using that... including Mozilla. > - - the directory layout change is more cosmetic but your current way > (everything in /etc) is rather unusual and as an example would require > custom logrotate configuration that wouldn't be required otherwise OK... I don't have a strong opinion... and I think the parent directory for all this should be configuration via a role variable so that the user can specify. >> I'd like for this ansible role to be useful to relay operators like >> yourself... so I'm very interested in learning about how you'd like to >> use it. > > - From the examples I assumed you are probably not using it mainly for > relays, is that correct? Yes that is correct. I operate many Tor hidden services. However I initially created this Ansible role to help Moritz of torservers.net and those people that may be working for him; therefore pull requests and feedback helps; for instance Moritz specified several features it should have... and an engineer working for Mozilla chatted with me about the features they needed; then he sent me a pull request on github. > One could also add some auto detection to see if the ports are already > in use.. I think the sys admin should just know what they are doing; and should know which ports are available. >> If using configure_apt_single.yml then the torrc is in fact owned by >> root... and tor will then drop prives. The other way tor is deployed >> with this role is using the configure_tor_instance.yml... and i >> suppose the individual torrc files could be owned as root as long as >> they are readable by the tor user. But does this matter? What are the >> implications? > > On a default install they are owned by root, I just reverted the change > from owner=tor_user to owner=root to restore defaults. Implication.. > tor_user will not be able to rewrite/manipulate its own configuration. Yes I agree. >> I'd be much more likely to merge your patches if they were one feature >> per patch... instead of this monolithic patch with many features. > > Yes, that is what I expected, but then I thought that the two main > changes code wise (autoconfig + directory structure) are dependent on > each other anyway. Merging autoconfig without the directory > restructuring (or vice versa) wouldn't be much fun since these > modifications always touch overlapping areas. > If you want to add it as additional option, including it as a separate > yml in tasks/main.yml + separate torrc is also a possibility - but > probably not the nicest way (duplicate code, multiple torrc's). > OK... I agree with you... but let's make this a seperate yml task file; your use is quite different than most of the entities currently using this ansible role. So let's add these as a new task file instead of modifying the existing task file. _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
