Opened 9 years ago

Closed 8 years ago

Last modified 7 years ago

#2666 closed task (implemented)

Create a nagios config for dirauths

Reported by: mikeperry Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Keywords: tor-auth
Cc: Actual Points:
Parent ID: #2664 Points:
Reviewer: Sponsor:

Description

We should create a nagios config that provides core tor developers with notification, logs, and vote and descriptor data in the event of a failure of one or more directory authorities.

If Nick and Sebastian had not been able to get descriptor and log lines from Jake and Linus, the fix for the IPv6 catastrophe would have taken even longer, possibly long enough for the network to completely fail.

A simple version of this would be to modify Tor Weather just to provide immediate notification for dir auth operators. But in an ideal world, if some threshold of dir auths failed, logs and descriptor data would get sent to an email alias.

Child Tickets

Change History (7)

comment:1 Changed 9 years ago by karsten

The consensus-health checker in metrics-web now writes a status file that Nagios parses to learn about potential problems with the consensus process. Nagios currently warns in the following cases:

  • $dirSource does not support consensus method $consensusMethod
  • $dirSource recommends other client versions than the consensus
  • $dirSource recommends other server versions than the consensus
  • $dirSource sets conflicting or invalid consensus parameters
  • $dirSource's certificate expires in the next 14 days
  • We're missing votes from the following directory authorities: $dirSource*
  • The last consensus published at $validAfterTime is more than 3 hours old

I'm happy to add more checks if someone comes up with ideas.

comment:2 Changed 9 years ago by arma

Component: Tor RelayTor Directory Authority

comment:3 Changed 8 years ago by arma

Milestone: Tor: unspecified

Karsten did some stuff. Perhaps we should call this one done?

I'm totally freaked out by Mike's notion of hooking all the directory authorities into some harness that auto emails out their files sometimes. Mike is welcome to run it himself, but I sure wouldn't.

comment:4 Changed 8 years ago by nickm

Resolution: implemented
Status: newclosed

I'm calling this done with the current amount of stuff. Please reopen if you disagree, or open a new ticket for whatever you still want.

comment:5 Changed 8 years ago by karsten

I agree that this is implemented. We have the tor-consensus-health mailing list and IRC notifications in #tor-bots. That should do it.

comment:6 Changed 7 years ago by nickm

Keywords: tor-auth added

comment:7 Changed 7 years ago by nickm

Component: Tor Directory AuthorityTor
Note: See TracTickets for help on using tickets.