#31718: Update DNS records for .ooni.torproject.org domains -------------------------------------------------+------------------------- Reporter: hellais | Owner: anarcat Type: defect | Status: | accepted Priority: Medium | Milestone: Component: Internal Services/Tor Sysadmin Team | Version: Severity: Normal | Resolution: Keywords: | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------------+-------------------------
Comment (by anarcat): i removed the nagios check and let's encrypt cert, then also cleaned this up in puppet: {{{ From b8e3ebc8f10c9b2e6654c84e85291c277b861637 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antoine=20Beaupr=C3=A9?= <anar...@debian.org> Date: Mon, 18 Nov 2019 12:08:12 -0500 Subject: [PATCH] remove remaining traces of ooni.tpo mirror (#31718) --- modules/roles/manifests/static_mirror_onion.pp | 3 ++- modules/roles/manifests/static_mirror_web.pp | 2 +- .../roles/templates/static-mirroring/vhost/static-vhosts.erb | 1 - modules/sudo/files/sudoers | 2 -- 4 files changed, 3 insertions(+), 5 deletions(-) diff --git a/modules/roles/manifests/static_mirror_onion.pp b/modules/roles/manifests/static_mirror_onion.pp index d9c15fce..706783cd 100644 --- a/modules/roles/manifests/static_mirror_onion.pp +++ b/modules/roles/manifests/static_mirror_onion.pp @@ -34,7 +34,6 @@ class roles::static_mirror_onion { 'nyx.torproject.org', 'onion.torproject.org', 'onionperf.torproject.org', - 'ooni.torproject.org', 'openpgpkey.torproject.org', 'rbm.torproject.org', 'research.torproject.org', @@ -56,5 +55,7 @@ class roles::static_mirror_onion { ensure => 'ifstatic'; 'spec.torproject.org': ensure => 'present'; + 'ooni.torproject.org': + ensure => 'absent'; } } diff --git a/modules/roles/manifests/static_mirror_web.pp b/modules/roles/manifests/static_mirror_web.pp index 997140b7..73859c41 100644 --- a/modules/roles/manifests/static_mirror_web.pp +++ b/modules/roles/manifests/static_mirror_web.pp @@ -65,7 +65,7 @@ class roles::static_mirror_web { ssl::service { 'nyx.torproject.org': ensure => 'ifstatic', notify => Exec['service apache2 reload'], key => true, } ssl::service { 'onion.torproject.org': ensure => 'ifstatic', notify => Exec['service apache2 reload'], key => true, } ssl::service { 'onionperf.torproject.org': ensure => 'ifstatic', notify => Exec['service apache2 reload'], key => true, } - ssl::service { 'ooni.torproject.org': ensure => 'ifstatic', notify => Exec['service apache2 reload'], key => true, } + ssl::service { 'ooni.torproject.org': ensure => 'absent', notify => Exec['service apache2 reload'], key => true, } ssl::service { 'openpgpkey.torproject.org': ensure => 'ifstatic', notify => Exec['service apache2 reload'], key => true, } ssl::service { 'rbm.torproject.org': ensure => 'ifstatic', notify => Exec['service apache2 reload'], key => true, } ssl::service { 'research.torproject.org': ensure => 'ifstatic', notify => Exec['service apache2 reload'], key => true, } diff --git a/modules/roles/templates/static-mirroring/vhost/static- vhosts.erb b/modules/roles/templates/static-mirroring/vhost/static- vhosts.erb index a49d64b5..30fd426b 100644 --- a/modules/roles/templates/static-mirroring/vhost/static-vhosts.erb +++ b/modules/roles/templates/static-mirroring/vhost/static-vhosts.erb @@ -152,7 +152,6 @@ vhost(lines, "newsletter.torproject.org") vhost(lines, "nyx.torproject.org") vhost(lines, "onion.torproject.org") vhost(lines, "onionperf.torproject.org") -vhost(lines, "ooni.torproject.org") vhost(lines, "openpgpkey.torproject.org", :extra => true) vhost(lines, "rbm.torproject.org") vhost(lines, "research.torproject.org") diff --git a/modules/sudo/files/sudoers b/modules/sudo/files/sudoers index 39156276..90b2bcbc 100644 --- a/modules/sudo/files/sudoers +++ b/modules/sudo/files/sudoers @@ -59,7 +59,6 @@ letsencrypt nevii=(dnsadm) NOPASSWD: /srv/dns.torproject.org/bin/update %metrics meronense=(metrics) ALL %onionoo ONIONOOHOSTS=(onionoo) ALL %onionoo ONIONOOHOSTS=(onionoo-unpriv) ALL -%ooni STATICMASTER=(ooni) ALL %stem STATICMASTER=(stem) ALL %nyx STATICMASTER=(nyx) ALL %rtfolks rude=(rtstuff) ALL @@ -89,7 +88,6 @@ exonerator materculae=(exonerator-web) NOPASSWD: ALL %globe STATICMASTER=(mirroradm) NOPASSWD: /usr/local/bin/static-master-update-component globe.torproject.org, /usr/local/bin/static-update-component globe.torproject.org %consensus-health henryi=(mirroradm) NOPASSWD: /usr/local/bin/static-master-update-component consensus- health.torproject.org, /usr/local/bin/static-update-component consensus- health.torproject.org %torwww,%metrics STATICMASTER=(mirroradm) NOPASSWD: /usr/local/bin/static-master-update-component onionperf.torproject.org, /usr/local/bin/static-update-component onionperf.torproject.org -%ooni STATICMASTER=(mirroradm) NOPASSWD: /usr/local/bin/static-master-update-component ooni.torproject.org, /usr/local/bin/static-update-component ooni.torproject.org %snowflake STATICMASTER=(mirroradm) NOPASSWD: /usr/local/bin/static-master-update-component snowflake.torproject.org, /usr/local/bin/static-update-component snowflake.torproject.org %stem STATICMASTER=(mirroradm) NOPASSWD: /usr/local/bin/static-master-update-component stem.torproject.org, /usr/local/bin/static-update-component stem.torproject.org %nyx STATICMASTER=(mirroradm) NOPASSWD: /usr/local/bin/static-master-update-component nyx.torproject.org, /usr/local/bin/static-update-component stem.torproject.org -- 2.20.1 }}} finally, i need to do documentation and we need to decide if/when we do HTTP redirects instead of CNAMEs here to finalize this transition. but i guess that OONI can do those redirects themselves, when they want to as well... -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31718#comment:16> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs