Opened 4 months ago

Closed 9 days ago

#30627 closed enhancement (fixed)

document how to map a service back to an underlying host

Reported by: arma Owned by: tpa
Priority: Medium Milestone:
Component: Internal Services/Tor Sysadmin Team Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Let's say check.tpo goes down, and is unpingable. That means something has probably gone wrong with the underlying host. How do I learn what underlying server is serving check.tpo?

It would be great to have that process, of mapping a service back to which host it's on, written down, either on https://help.torproject.org/tsa/ or pointed to from there.

Thanks!

Child Tickets

Change History (7)

comment:1 Changed 4 months ago by arma

Two resources that will be helpful for documenting this process:

weasel points me to https://nagios.torproject.org/cgi-bin/icinga/statusmap.cgi?host=all (though nobody can log in to our nagios to see this page unless somebody has explained to them how simple it is to log in.)

And to figure out which service runs on which host (which will help you look for that host on the nagios tree), there's https://db.torproject.org/machines.cgi

comment:3 Changed 5 weeks ago by anarcat

Resolution: fixed
Status: newclosed

i'll assume the documentation i have written is satisfactory here and move on, reopen if you need anything else.

comment:4 Changed 9 days ago by arma

Resolution: fixed
Status: closedreopened

Thanks!

I've looked at the doc (and fixed a typo), but now the big question is that it shifts from which 'you' it thinks it's addressing:

  • At the beginning it is about how you can figure out which service or server is involved when something isn't working
  • And then suddenly it's about how you need to file a ticket with Hetzner.

Anybody who notices a service is down can be the first you. But most of them shouldn't be the ones to file a ticket with Hetzner, right? Most of them should... mail torproject-admin? Find us on irc?

Speaking of which, when I want to approach hetzner, I go to the tor-passwords repo and "gpg < hosts-extra-info" and now I am more informed. But I notice that file isn't encrypted to anarcat. I guess that we have moved to some other approach. But I wonder what it is. :)

comment:5 Changed 9 days ago by anarcat

Anybody who notices a service is down can be the first you. But most of them shouldn't be the ones to file a ticket with Hetzner, right? Most of them should... mail torproject-admin? Find us on irc?

Well, this guide is directed mostly at sysadmins. Most people should "contact us", which is:

https://help.torproject.org/tsa/doc/how-to-get-help/

Maybe I should just throw that up there?

Speaking of which, when I want to approach hetzner, I go to the tor-passwords repo and "gpg < hosts-extra-info"

By the way, you really don't want to gpg < foo. It lets gpg "guess what you want", and it can do some pretty nasty stuff, in theory. In practice, it might be safe, but I was really unhappy about what I saw auditing that source path and I strongly recommend heeding the warnings that now bug you in GPG 2. What you want is gpg -d < foo or gpg --decrypt < foo.

and now I am more informed. But I notice that file isn't encrypted to anarcat. I guess that we have moved to some other approach. But I wonder what it is. :)

Wait what? It isn't encrypt to me? What do you mean? I just git pulled the file and I *can* decrypt it.

We haven't changed approach on that front, as far as I know.

comment:6 in reply to:  5 Changed 9 days ago by arma

Replying to anarcat:

Well, this guide is directed mostly at sysadmins. Most people should "contact us", which is:

Ok great, let's say that and call it good enough.

Wait what? It isn't encrypt to me? What do you mean? I just git pulled the file and I *can* decrypt it.

You're right! I just hadn't git pulled in a while.

We haven't changed approach on that front, as far as I know.

Great.

comment:7 Changed 9 days ago by anarcat

Resolution: fixed
Status: reopenedclosed

Ok great, let's say that and call it good enough.

done!

Note: See TracTickets for help on using tickets.