Bits and pieces of Tor Project infrastructure information

A collection of information looking for a better place, perhaps after being expanded a bit to deserve their own page.

Backups

  • We use Bacula to make backups, with one host running a director (currently dictyotum.tpo) and another host for storage (currently brulloi.tpo).
  • There are BASE files and WAL files, the latter for incremental backups.
  • The logs found in /var/log/bacula-main.log and /var/log/bacula/ seem mostly empty, just like the systemd journals.

Servers

  • There's one director and one storage node.

  • The director runs /usr/local/sbin/dsa-bacula-scheduler which reads /etc/bacula/dsa-clients for a list of clients to back up. This file is populated by puppet (puppetdb $bacula::tag_bacula_dsa_client_list) and will list clients until they're being deactivated in puppet.

Clients

  • tor-puppet/modules/bacula/manifests/client.pp gives an idea of where things are at on backup clients.
  • Clients run the Bacula File Daemon, bacula-fd(8).

Onion sites

  • Example from a vhost template

    <% if scope.function_onion_global_service_hostname(['crm-2018.torproject.org']) -%> ServerName <%= scope.function_onion_global_service_hostname(['crm-2018.torproject.org']) %> Use vhost-inner-crm-2018.torproject.org <% end -%>

  • Function defined in tor-puppet/modules/puppetmaster/lib/puppet/parser/functions/onion_global_service_hostname.rb parses /srv/puppet.torproject.org/puppet-facts/onionbalance-services.yaml.

  • onionbalance-services.yaml is populated through onion::balance (tor-puppet/modules/onion/manifests/balance.pp)
  • onion:balance uses the onion_balance_service_hostname fact from tor-puppet/modules/torproject_org/lib/facter/onion-services.rb

Puppet

See puppet.