The Tor Project issueshttps://gitlab.torproject.org/groups/tpo/-/issues2021-12-13T16:46:38Zhttps://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/30PI meeting preparation2021-12-13T16:46:38ZCecylia BocovichPI meeting preparationWe need to prepare our PI meeting slides. We may also need to hurry up and finish some other s28 work so that we have exciting enough things to present.We need to prepare our PI meeting slides. We may also need to hurry up and finish some other s28 work so that we have exciting enough things to present.Sponsor 28: End of phase 2Cecylia BocovichCecylia Bocovich2021-12-01https://gitlab.torproject.org/tpo/tpa/team/-/issues/40477backup failure: disk full on bungei2023-10-19T20:11:36Zanarcatbackup failure: disk full on bungeiThe scheduler failed last night, starting at 08:09UTC:
```
From: root@bacula-director-01.torproject.org
Subject: Cron <root@bacula-director-01> sleep $(( $RANDOM % 60 )); flock -w 0 -e /usr/local/sbin/dsa-bacula-scheduler /usr/local/sbi...The scheduler failed last night, starting at 08:09UTC:
```
From: root@bacula-director-01.torproject.org
Subject: Cron <root@bacula-director-01> sleep $(( $RANDOM % 60 )); flock -w 0 -e /usr/local/sbin/dsa-bacula-scheduler /usr/local/sbin/dsa-bacula-scheduler
To: root@bacula-director-01.torproject.org
Date: Fri, 22 Oct 2021 08:09:57 +0000
Traceback (most recent call last):
File "/usr/local/sbin/dsa-bacula-scheduler", line 199, in <module>
conn = psycopg2.connect(args.db)
File "/usr/lib/python3/dist-packages/psycopg2/__init__.py", line 130, in connect
conn = _connect(dsn, connection_factory=connection_factory, **kwasync)
psycopg2.OperationalError: FATAL: remaining connection slots are reserved for non-replication superuser connections
```
we have a mail like this every 3 minutes. cause unclear.
we are also getting errors from individual jobs:
```
bacula-service@torproject.org (0 mins. ago) (backup rapports tor unread)
Subject: Bacula: Backup Fatal Error of static-master-fsn.torproject.org-fd Incremental
To: bacula-service@torproject.org
Date: Fri, 22 Oct 2021 13:34:48 +0000
22-Oct 05:33 bacula-director-01.torproject.org-dir JobId 175779: Start Backup JobId 175779, Job=static-master-fsn.torproject.org.2021-10-22_05.33.44_59
22-Oct 05:33 bacula-director-01.torproject.org-dir JobId 175779: There are no more Jobs associated with Volume "torproject-static-master-fsn.torproject.org-inc.2021-09-21_10:33". Marking it purged.
22-Oct 05:33 bacula-director-01.torproject.org-dir JobId 175779: New Pool is: poolgraveyard-torproject-static-master-fsn.torproject.org
22-Oct 05:33 bacula-director-01.torproject.org-dir JobId 175779: All records pruned from Volume "torproject-static-master-fsn.torproject.org-inc.2021-09-21_10:33"; marking it "Purged"
22-Oct 05:33 bacula-director-01.torproject.org-dir JobId 175779: Created new Volume="torproject-static-master-fsn.torproject.org-inc.2021-10-22_05:33", Pool="poolinc-torproject-static-master-fsn.torproject.org", MediaType="File-static-master-fsn.torproject.org" in catalog.
22-Oct 05:33 bacula-director-01.torproject.org-dir JobId 175779: Using Device "FileStorage-static-master-fsn.torproject.org" to write.
22-Oct 05:33 bacula-director-01.torproject.org-dir JobId 175779: Sending Accurate information to the FD.
22-Oct 05:33 bungei.torproject.org-sd JobId 175779: Fatal error: [SF0209] Out of freespace caused End of Volume "torproject-static-master-fsn.torproject.org-inc.2021-10-22_05:33" at 0 on device "FileStorage-static-master-fsn.torproject.org" (/srv/backups/bacula/static-master-fsn.torproject.org). Write of 366 bytes got -1.
22-Oct 05:33 static-master-fsn.torproject.org-fd JobId 175779: Fatal error: job.c:3013 Bad response from SD to Append Data command. Wanted 3000 OK data
, got len=320 msg="3903 Error append data: Read label block failed: requested Volume "torproject-static-master-fsn.torproject.org-inc.2021-10-22_05:33" on File device "FileStorage-static-master-fsn.torproject.org" (/srv/backups/bacula/static-master-fsn.torproject.org) is no"
22-Oct 05:33 bacula-director-01.torproject.org-dir JobId 175779: Error: Bacula bacula-director-01.torproject.org-dir 9.4.2 (04Feb19):
Build OS: x86_64-pc-linux-gnu debian 10.5
JobId: 175779
Job: static-master-fsn.torproject.org.2021-10-22_05.33.44_59
Backup Level: Incremental, since=2021-10-21 05:12:44
Client: "static-master-fsn.torproject.org-fd" 9.4.2 (04Feb19) x86_64-pc-linux-gnu,debian,10.5
FileSet: "Standard Set" 2014-09-06 20:30:19
Pool: "poolinc-torproject-static-master-fsn.torproject.org" (From Job IncPool override)
Catalog: "MyCatalog" (From Client resource)
Storage: "File-static-master-fsn.torproject.org" (From Pool resource)
Scheduled time: 22-Oct-2021 05:33:44
Start time: 22-Oct-2021 05:33:50
End time: 22-Oct-2021 05:33:59
Elapsed time: 9 secs
Priority: 10
FD Files Written: 0
SD Files Written: 0
FD Bytes Written: 0 (0 B)
SD Bytes Written: 0 (0 B)
Rate: 0.0 KB/s
Software Compression: None
Comm Line Compression: None
Snapshot/VSS: no
Encryption: no
Accurate: yes
Volume name(s):
Volume Session Id: 906
Volume Session Time: 1634072246
Last Volume Bytes: 0 (0 B)
Non-fatal FD errors: 1
SD Errors: 1
FD termination status: Error
SD termination status: Error
Termination: *** Backup Error ***
22-Oct 05:33 bacula-director-01.torproject.org-dir JobId 175779: Rescheduled Job static-master-fsn.torproject.org.2021-10-22_05.33.44_59 at 22-Oct-2021 05:33 to re-run in 14400 seconds (22-Oct-2021 09:33).
22-Oct 05:33 bacula-director-01.torproject.org-dir JobId 175779: Error: openssl.c:68 TLS shutdown failure.: ERR=error:14094123:SSL routines:ssl3_read_bytes:application data after close notify
22-Oct 05:33 bacula-director-01.torproject.org-dir JobId 175779: Error: openssl.c:68 TLS shutdown failure.: ERR=error:14094123:SSL routines:ssl3_read_bytes:application data after close notify
22-Oct 05:34 bacula-director-01.torproject.org-dir JobId 175779: Job static-master-fsn.torproject.org.2021-10-22_05.33.44_59 waiting 14400 seconds for scheduled start time.
22-Oct 09:34 bacula-director-01.torproject.org-dir JobId 175779: Start Backup JobId 175779, Job=static-master-fsn.torproject.org.2021-10-22_05.33.44_59
22-Oct 09:34 bacula-director-01.torproject.org-dir JobId 175779: There are no more Jobs associated with Volume "torproject-static-master-fsn.torproject.org-inc.2021-09-22_09:00". Marking it purged.
22-Oct 09:34 bacula-director-01.torproject.org-dir JobId 175779: New Pool is: poolgraveyard-torproject-static-master-fsn.torproject.org
22-Oct 09:34 bacula-director-01.torproject.org-dir JobId 175779: All records pruned from Volume "torproject-static-master-fsn.torproject.org-inc.2021-09-22_09:00"; marking it "Purged"
22-Oct 09:34 bacula-director-01.torproject.org-dir JobId 175779: Created new Volume="torproject-static-master-fsn.torproject.org-inc.2021-10-22_09:34", Pool="poolinc-torproject-static-master-fsn.torproject.org", MediaType="File-static-master-fsn.torproject.org" in catalog.
22-Oct 09:34 bacula-director-01.torproject.org-dir JobId 175779: Using Device "FileStorage-static-master-fsn.torproject.org" to write.
22-Oct 09:34 bacula-director-01.torproject.org-dir JobId 175779: Sending Accurate information to the FD.
22-Oct 09:34 bungei.torproject.org-sd JobId 175779: Fatal error: [SF0209] Out of freespace caused End of Volume "torproject-static-master-fsn.torproject.org-inc.2021-10-22_09:34" at 0 on device "FileStorage-static-master-fsn.torproject.org" (/srv/backups/bacula/static-master-fsn.torproject.org). Write of 366 bytes got -1.
22-Oct 09:34 static-master-fsn.torproject.org-fd JobId 175779: Fatal error: job.c:3013 Bad response from SD to Append Data command. Wanted 3000 OK data
, got len=561 msg="3903 Error append data: Read label block failed: requested Volume "torproject-static-master-fsn.torproject.org-inc.2021-10-22_09:34" on File device "FileStorage-static-master-fsn.torproject.org" (/srv/backups/bacula/static-master-fsn.torproject.org) is no"
22-Oct 09:34 bungei.torproject.org-sd JobId 175779: Marking Volume "torproject-static-master-fsn.torproject.org-inc.2021-10-22_09:34" in Error in Catalog.
22-Oct 09:34 bungei.torproject.org-sd JobId 175779: Job static-master-fsn.torproject.org.2021-10-22_05.33.44_59 canceled while waiting for mount on Storage Device ""FileStorage-static-master-fsn.torproject.org" (/srv/backups/bacula/static-master-fsn.torproject.org)".
22-Oct 09:34 bungei.torproject.org-sd JobId 175779: Fatal error: Too many errors trying to mount File device "FileStorage-static-master-fsn.torproject.org" (/srv/backups/bacula/static-master-fsn.torproject.org).
22-Oct 09:34 bacula-director-01.torproject.org-dir JobId 175779: Error: bsock.c:388 Wrote 4 bytes to Storage daemon:bungei.torproject.org:9103, but only 0 accepted.
22-Oct 09:34 bacula-director-01.torproject.org-dir JobId 175779: Error: Bacula bacula-director-01.torproject.org-dir 9.4.2 (04Feb19):
Build OS: x86_64-pc-linux-gnu debian 10.5
JobId: 175779
Job: static-master-fsn.torproject.org.2021-10-22_05.33.44_59
Backup Level: Incremental, since=2021-10-21 05:12:44
Client: "static-master-fsn.torproject.org-fd" 9.4.2 (04Feb19) x86_64-pc-linux-gnu,debian,10.5
FileSet: "Standard Set" 2014-09-06 20:30:19
Pool: "poolinc-torproject-static-master-fsn.torproject.org" (From Job IncPool override)
Catalog: "MyCatalog" (From Client resource)
Storage: "File-static-master-fsn.torproject.org" (From Pool resource)
Scheduled time: 22-Oct-2021 05:33:44
Start time: 22-Oct-2021 09:34:08
End time: 22-Oct-2021 09:34:22
Elapsed time: 14 secs
Priority: 10
FD Files Written: 0
SD Files Written: 0
FD Bytes Written: 0 (0 B)
SD Bytes Written: 0 (0 B)
Rate: 0.0 KB/s
Software Compression: None
Comm Line Compression: None
Snapshot/VSS: no
Encryption: no
Accurate: yes
Volume name(s):
Volume Session Id: 941
Volume Session Time: 1634072246
Last Volume Bytes: 0 (0 B)
Non-fatal FD errors: 3
SD Errors: 1
FD termination status: Error
SD termination status: Error
Termination: *** Backup Error ***
22-Oct 09:34 bacula-director-01.torproject.org-dir JobId 175779: Rescheduled Job static-master-fsn.torproject.org.2021-10-22_05.33.44_59 at 22-Oct-2021 09:34 to re-run in 14400 seconds (22-Oct-2021 13:34).
22-Oct 09:34 bacula-director-01.torproject.org-dir JobId 175779: Error: openssl.c:68 TLS shutdown failure.: ERR=error:14094123:SSL routines:ssl3_read_bytes:application data after close notify
22-Oct 09:34 bacula-director-01.torproject.org-dir JobId 175779: Job static-master-fsn.torproject.org.2021-10-22_05.33.44_59 waiting 14400 seconds for scheduled start time.
22-Oct 13:34 bacula-director-01.torproject.org-dir JobId 175779: Start Backup JobId 175779, Job=static-master-fsn.torproject.org.2021-10-22_05.33.44_59
22-Oct 13:34 bacula-director-01.torproject.org-dir JobId 175779: Created new Volume="torproject-static-master-fsn.torproject.org-inc.2021-10-22_13:34", Pool="poolinc-torproject-static-master-fsn.torproject.org", MediaType="File-static-master-fsn.torproject.org" in catalog.
22-Oct 13:34 bacula-director-01.torproject.org-dir JobId 175779: Using Device "FileStorage-static-master-fsn.torproject.org" to write.
22-Oct 13:34 bacula-director-01.torproject.org-dir JobId 175779: Sending Accurate information to the FD.
22-Oct 13:34 bungei.torproject.org-sd JobId 175779: Fatal error: [SF0209] Out of freespace caused End of Volume "torproject-static-master-fsn.torproject.org-inc.2021-10-22_13:34" at 0 on device "FileStorage-static-master-fsn.torproject.org" (/srv/backups/bacula/static-master-fsn.torproject.org). Write of 366 bytes got -1.
22-Oct 13:34 static-master-fsn.torproject.org-fd JobId 175779: Fatal error: job.c:3013 Bad response from SD to Append Data command. Wanted 3000 OK data
, got len=320 msg="3903 Error append data: Read label block failed: requested Volume "torproject-static-master-fsn.torproject.org-inc.2021-10-22_13:34" on File device "FileStorage-static-master-fsn.torproject.org" (/srv/backups/bacula/static-master-fsn.torproject.org) is no"
22-Oct 13:34 bacula-director-01.torproject.org-dir JobId 175779: Error: Bacula bacula-director-01.torproject.org-dir 9.4.2 (04Feb19):
Build OS: x86_64-pc-linux-gnu debian 10.5
JobId: 175779
Job: static-master-fsn.torproject.org.2021-10-22_05.33.44_59
Backup Level: Incremental, since=2021-10-21 05:12:44
Client: "static-master-fsn.torproject.org-fd" 9.4.2 (04Feb19) x86_64-pc-linux-gnu,debian,10.5
FileSet: "Standard Set" 2014-09-06 20:30:19
Pool: "poolinc-torproject-static-master-fsn.torproject.org" (From Job IncPool override)
Catalog: "MyCatalog" (From Client resource)
Storage: "File-static-master-fsn.torproject.org" (From Pool resource)
Scheduled time: 22-Oct-2021 05:33:44
Start time: 22-Oct-2021 13:34:30
End time: 22-Oct-2021 13:34:48
Elapsed time: 18 secs
Priority: 10
FD Files Written: 0
SD Files Written: 0
FD Bytes Written: 0 (0 B)
SD Bytes Written: 0 (0 B)
Rate: 0.0 KB/s
Software Compression: None
Comm Line Compression: None
Snapshot/VSS: no
Encryption: no
Accurate: yes
Volume name(s):
Volume Session Id: 52
Volume Session Time: 1634896469
Last Volume Bytes: 0 (0 B)
Non-fatal FD errors: 2
SD Errors: 1
FD termination status: Error
SD termination status: Error
Termination: *** Backup Error ***
```
at least there the cause is clearer: bungei is full...
```
22-Oct 05:33 bungei.torproject.org-sd JobId 175779: Fatal error: [SF0209] Out of freespace caused End of Volume "torproject-static-master-fsn.torproject.org-inc.2021-10-22_05:33" at 0 on device "FileStorage-static-master-fsn.torproject.org" (/srv/backups/bacula/static-master-fsn.torproject.org). Write of 366 bytes got -1.
```anarcatanarcat2021-12-02https://gitlab.torproject.org/tpo/tpa/team/-/issues/40541Firewall rule updates cause Docker to restart on gitlab runners2023-01-27T02:14:24ZJim NewsomeFirewall rule updates cause Docker to restart on gitlab runnersFrom https://gitlab.torproject.org/jnewsome/sponsor-61-sims/-/issues/6
When this happens, processes inside the container receive SIGKILL as Docker is restarting, which can cause gitlab jobs to fail with code 137 (128 + SIGKILL=9), as ha...From https://gitlab.torproject.org/jnewsome/sponsor-61-sims/-/issues/6
When this happens, processes inside the container receive SIGKILL as Docker is restarting, which can cause gitlab jobs to fail with code 137 (128 + SIGKILL=9), as happened here: https://gitlab.torproject.org/jnewsome/sponsor-61-sims/-/jobs/63872#L5781
Related Docker bug: https://github.com/moby/moby/issues/12294Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.org2021-12-14https://gitlab.torproject.org/tpo/tpa/team/-/issues/40437prevent Puppet from restarting docker (and gitlab-runner?)2021-12-15T16:49:49ZJim Newsomeprevent Puppet from restarting docker (and gitlab-runner?)I had a job die mysteriously this morning:
https://gitlab.torproject.org/jnewsome/sponsor-61-sims/-/jobs/39943#L7771
```
ERROR: Job failed (system failure): aborted: terminated
```
And at the top of the page:
```
There has been a runne...I had a job die mysteriously this morning:
https://gitlab.torproject.org/jnewsome/sponsor-61-sims/-/jobs/39943#L7771
```
ERROR: Job failed (system failure): aborted: terminated
```
And at the top of the page:
```
There has been a runner system failure, please try again
```
@anarcat mentioned this might have been related to @lavamind doing some puppet work, triggering a restart of gitlab-runner or docker.
If possible could we confirm this is what happened? Is there some safeguard we could put in place to prevent such restarts while a job is running? I feel like this might be another pain point of shoe-horning shadow sims into CI jobs - for most CI jobs it's probably no big deal to get killed and have to restart, but in this case we lost 20h of computation.Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.org2021-12-14https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/41Get rid of internal services for s28 Snowflake plugin2021-12-14T23:18:22ZCecylia BocovichGet rid of internal services for s28 Snowflake pluginThe scrimmage environment is not supporting internal services anymore. We should make sure we are starting the Snowflake proxy some other way.The scrimmage environment is not supporting internal services anymore. We should make sure we are starting the Snowflake proxy some other way.Sponsor 28: End of phase 22021-12-17https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/29Update plugins for RACE 1.6.02021-12-14T23:19:22ZCecylia BocovichUpdate plugins for RACE 1.6.0This version of RACE will be released sometime in November.This version of RACE will be released sometime in November.Sponsor 28: End of phase 2Cecylia BocovichCecylia Bocovich2021-12-17https://gitlab.torproject.org/tpo/tpa/team/-/issues/40409fsn-node-08 setup2021-12-13T21:56:58Zanarcatfsn-node-08 setupit seems we would greatly benefit from a new node at Hetzner. we don't have the budget for this now, so we'd need approval, but it might help alleviate some pressing matters we have namely the load problems (#40100) and extra VM requests...it seems we would greatly benefit from a new node at Hetzner. we don't have the budget for this now, so we'd need approval, but it might help alleviate some pressing matters we have namely the load problems (#40100) and extra VM requests we cannot really comply with right now (#40392).
I am also hoping such a machine would make rebalancing the cluster easier, especially if we get one with extra storage, as this is currently a painful operation that wastes a lot of human resources.
According to [this page](https://www.hetzner.com/dedicated-rootserver/px62-nvme/configurator?country=us), prices actually went down from 79EUR to 74EUR/mth for the same servers we currently have. There are no 10TB HDDs anymore, but we might be able to get away with 6TB ones, considering no node uses nearly as much storage as we'd expected:
```
root@fsn-node-01:~# gnt-node list-storage
Node Type Name Size Used Free Allocatable
fsn-node-07.torproject.org lvm-vg vg_ganeti 893.6G 567.1G 326.5G Y
fsn-node-03.torproject.org lvm-vg vg_ganeti 893.6G 391.3G 502.3G Y
fsn-node-03.torproject.org lvm-vg vg_ganeti_hdd 9.1T 3.4T 5.7T Y
fsn-node-04.torproject.org lvm-vg vg_ganeti 893.6G 560.8G 332.8G Y
fsn-node-04.torproject.org lvm-vg vg_ganeti_hdd 9.1T 2.4T 6.6T Y
fsn-node-02.torproject.org lvm-vg vg_ganeti 893.1G 586.6G 306.5G Y
fsn-node-02.torproject.org lvm-vg vg_ganeti_hdd 9.1T 4.2T 4.9T Y
fsn-node-06.torproject.org lvm-vg vg_ganeti 893.6G 569.2G 324.4G Y
fsn-node-05.torproject.org lvm-vg vg_ganeti 893.6G 571.3G 322.3G Y
fsn-node-01.torproject.org lvm-vg vg_ganeti 893.1G 568.8G 324.4G Y
fsn-node-01.torproject.org lvm-vg vg_ganeti_hdd 9.1T 2.3T 6.8T Y
```
install checklist:
- [x] burn-in
- [x] fabric install (IN BUSTER!)
- [x] partitions check
- [x] security upgrades
- [x] hostname check
- [x] IP addresses configuration
- [x] reverse DNS
- [x] working DNS
- [x] root password set
- [x] nextcloud spreadsheet
- [x] tsa-misc
- [x] bootstrap puppet
- [x] nagios
- [x] add to vswitch
- [x] disable modules
- [x] install vswitch
- [x] private IP allocation
- [x] bridge configuration
- [x] mandos
- [x] reboot
- [x] add roles::ganeti::fsn class
- [x] run puppet everywhere
- [x] gnt-node-add
- [ ] cluster verifyanarcatanarcat2021-12-21https://gitlab.torproject.org/tpo/network-health/team/-/issues/121Reduce amount of overloaded relays by 25% until the end of 20212022-03-03T14:54:36ZGeorg KoppenReduce amount of overloaded relays by 25% until the end of 2021We have stats for a while about a diverse set of overload indicators. We should try to reduce the amount of overloaded relays by 25% until the end of the year. I started with `overload-fd-exhausted` relays and will continue until that bu...We have stats for a while about a diverse set of overload indicators. We should try to reduce the amount of overloaded relays by 25% until the end of the year. I started with `overload-fd-exhausted` relays and will continue until that bucket is empty.Sponsor 61 - Making the Tor network faster & more reliable for users in Internet-repressive placesGeorg KoppenGeorg Koppen2021-12-31https://gitlab.torproject.org/tpo/tpa/team/-/issues/40570Gitlab TLS web certificate expiring soon2022-01-05T19:34:28ZJérôme Charaouilavamind@torproject.orgGitlab TLS web certificate expiring soonThe TLS web certificate renewal process appears to have hit a snag.
WARNING - Certificate 'gitlab-02.torproject.org' expires in 9 day(s) (Thu Jan 13 00:00:02 2022 +0000).
This is the certificate used for `gitlab.torproject.org`.The TLS web certificate renewal process appears to have hit a snag.
WARNING - Certificate 'gitlab-02.torproject.org' expires in 9 day(s) (Thu Jan 13 00:00:02 2022 +0000).
This is the certificate used for `gitlab.torproject.org`.Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.org2022-01-08https://gitlab.torproject.org/tpo/community/relays/-/issues/24Run a bridge campaign2022-03-16T20:14:19ZGusRun a bridge campaignAs part of Sponsor 96, we will run a bridge campaign in November.
## Run a Bridge campaign - 2021 version
In the last bridge campaign, in 2019, we got almost 100 bridges running during one month of campaign. But, as @phw noted, some of...As part of Sponsor 96, we will run a bridge campaign in November.
## Run a Bridge campaign - 2021 version
In the last bridge campaign, in 2019, we got almost 100 bridges running during one month of campaign. But, as @phw noted, some of these bridges disappeared (almost 40%) after the campaign ended and other bridges didn't have obfs4. We rewarded ten new random bridge operators with a Tor T-shirt. Read more: [Bridge campaign 2019 blog post](https://blog.torproject.org/run-tor-bridges-defend-open-internet).
In November, we have a planned activity to run a new bridge campaign to get new 200 obfs4 bridges. In this edition, I want to increase the rewards, where running more bridges will give more significant rewards to the operator.
## Technical requirements
- Static IPv4 address
- OBFS4 pluggable transport configured
- Uptime 24/7
- Only 2 bridges per IPv4 address
- Operators running more than 2 bridges should avoid sequential IP addresses
- Avoid running bridges on the same IP address of your relay
**Note:** Based on the previous campaign [retrospective](https://gitlab.torproject.org/tpo/community/outreach/-/issues/30777#note_2560560), we should list the technical requirements on the blog post.
## Claim your reward
Bridge operators will be rewarded:
* 1. Golden Gate kit (limited to 10 kits)
- Run 10 bridges for 1 year.
- Reward: 1 Tor hoodie + 2 Tor T-shirt + stickers pack.
* 2. Helix bridge kit (limited to 20 kits)
- Run 5 bridges for 1 year.
- Reward: 1 Tor T-shirt + stickers pack.
* 3. Rialto bridge kit
- Run 1 bridge for 1 year and you will be part of the 'reward lottery'.
- Reward: we will randomly select 10 new bridge operators to receive a metallic roots Tor t-shirt as a token of our gratitude for your help defending the open internet.
* 4. University bridge kit
- Run a bridge for 1 year in your university.
- Reward: 1 Tor T-shirt + stickers pack.
## Campaign Rules
1. Participants should claim their award by commenting on the Bridge's topic on the Tor Forum and sending an email with their full bridge line to frontdesk@torproject.org.
2. Bridges will be tested and validated by the Tor Project staff.
3. Rewards for the Golden Gate kit will follow this timeline:
- 1 month - Tor Stickers
- 3 months - Tor T-shirt
- 6 months - 2nd Tor T-shirt
- 9 months - Hoodie
4. Rewards for Helix kit will follow this timeline:
- 1 month - Tor Stickers
- 3 months - Tor T-shirt
5. Participants should subscribe to the Tor Forum <forum.torproject.net>.
6. New bridges operators must follow the Tor relay good practices.
7. Due our limited staff capacity at the end of year, expect to receive your first reward on January 2022.
## Campaign timeline
November Monday 15 - December 15, 2021
- Monday 15: Campaign blog post release
- November 29: Cybermonday
- December 15: End of the campaign
- Team retrospective: January 15
## To-Do list
- [x] Review rewards names. Maybe we find more interesting bridges
- [x] Design rewards graphs for the blog post and social media cards
- [x] Confirm with AC-Team the requirements
- [x] Check with Erin if the rewards timeline is feasible
- [x] Check with some relay operators, network health and AC teams if the rewards requirements are compatible or if we're over estimating.
- [x] Evaluate if we should extend the campaign periodSponsor 96: Rapid Expansion of Access to the Uncensored Internet through Tor in China, Hong Kong, & TibetGusGus2022-01-15https://gitlab.torproject.org/tpo/tpa/team/-/issues/40218retire jenkins by December 1st 20212022-01-12T21:34:15Zanarcatretire jenkins by December 1st 2021following #40167 (TPA-RFC-10), it was decided in April 2021 that Jenkins should be retired in 2021. specifically, the host (`rouyi`) will be retired on December 1st, if all goes well.
This ticket is set to track that progress. The due d...following #40167 (TPA-RFC-10), it was decided in April 2021 that Jenkins should be retired in 2021. specifically, the host (`rouyi`) will be retired on December 1st, if all goes well.
This ticket is set to track that progress. The due date is set 3 months before the actual retirement date (September) so that we get a heads up to check the status before the retirement.
In the meantime, teams are expected to start migrating their jobs to GitLab CI progressively. Reminders may be sent in the meantime if people need prodding.
Those are the configured jobs in [jenkins/jobs.git](https://gitweb.torproject.org/project/jenkins/jobs.git/tree):
* [x] `hugo-website.yaml` #40364
* [x] `lektor-website.yaml` - see %"Retire Jenkins" for the per-site tickets, only https://gitlab.torproject.org/tpo/web/dev/-/issues/13 (dev.tpo) remains, but it's not really deployed by jenkins anyways, so not a blocker
* [x] `onionperf-docs.yaml` - obsolete (https://gitlab.torproject.org/tpo/metrics/onionperf/-/issues/40028)
* [x] `stem.yaml` - obsolete
* [x] `tor-extra-libs-windows.yaml` - https://gitlab.torproject.org/tpo/tpa/team/-/issues/40225
* [x] `tor.yaml`
* [x] most tor builds https://gitlab.torproject.org/tpo/tpa/team/-/issues/40225
* [x] doxygen builds https://gitlab.torproject.org/tpo/core/tor/-/issues/40384
* [x] Debian packages https://gitlab.torproject.org/tpo/tpa/team/-/issues/40241
* [x] `torsocks.yaml` - retired after approval from dgoulet
* [x] `website.yaml` - to retire, see tpo/web/team#13
The above list might be expanded to explicitly cover all individual jobs if people have trouble migrating.
Update: as of 2021-08-30, only Debian packages and websites are left to migrate out of Jenkins. The plan for those is to deploy static components from GitLab CI (#40364) with a ~~"web hook" to trigger the~~ deployment on the static mirror system. The timeline is generally like this:
1. [x] setup a webhook system
2. [x] test deployment of status.torproject.org
3. [x] ~~launch blog.torproject.org~~ migrate research.torproject.org (tpo/web/research#40005)
4. [x] migrate the rest of the websites (we are here, see %"Retire Jenkins" for all the tickets
Details of the deployment mechanism in #40364.
The following task list was set in #40167, to be executed once all (or some?) the above jobs are migrated or retired:
* [x] windows build boxes retirement:
* [x] winklerianum ("not configured")
* [x] weissii
* [x] woronowii
* [x] NAT box retirement (`nat-fsn-01.torproject.org`, when all `Windows buildbox` are retired)
* [x] Linux build boxes retirement (`build-$ARCH-$NN.torproject.org`, `build box` purpose in LDAP)
* [x] build-x86-05 (moly)
* [x] build-x86-06 (moly)
* [x] build-x86-11 (gnt-fsn)
* [x] build-x86-13 (gnt-chi)
* [x] ci-runner-arm64-02.torproject.org (NOT the entire machine, but a `buildbox` role was added to the CI runner, and should be cleaned up)
* [x] Jenkins box retirement (`rouyi.torproject.org`)
* [x] Puppet code cleanup (retire buildbox and Jenkins code)
* [x] git code cleanup (archive Jenkins repositories)
This ticket used to track all the work for the jenkins retirement, but there is now a milestone (%"Retire Jenkins") to collect all those tickets, because it has grown to cover a lot of things. Therefore this ticket is just the retirement of Jenkins itself (and its associated servers listed right above), not the migration of sites themselves, which is covered by the milestone.Retire Jenkinsanarcatanarcat2022-01-19https://gitlab.torproject.org/tpo/web/tpo/-/issues/269Add donuts & nicob to about/people2022-01-29T00:45:09ZdonutsAdd donuts & nicob to about/peopleI never got round to adding myself to [about/people](https://www.torproject.org/about/people/) either, so let's do both at once.
@nicob, if you'd like to be added to the website (which is totally optional, but good to do if you ever eng...I never got round to adding myself to [about/people](https://www.torproject.org/about/people/) either, so let's do both at once.
@nicob, if you'd like to be added to the website (which is totally optional, but good to do if you ever engage with the wider community), could you add the following details in this ticket please? I'll do the rest.
```
_model: person
---
_hidden: yes
---
role: core
---
name: <your name goes here>
---
twitter_handle: <twitter handle goes here>
---
mastodon_url: <mastodon profile url goes here>
---
nickname: <your IRC handle goes here>
---
pronoun: <choose from list at https://pronoun.is/>
---
gpg: <pgp key goes here>
---
image: /static/images/people/image.png
---
description:
<short one sentence bio/description goes here>
```
Name and bio are required, but everything else is optional I believe. Please leave anything you don't need or would prefer not to include blank.
As a reminder to myself:
- Images go here: https://gitlab.torproject.org/tpo/web/tpo/-/tree/main/assets/static/images/people
- Other content goes here: https://gitlab.torproject.org/tpo/web/tpo/-/tree/main/content/about/peopledonutsdonuts2022-01-21https://gitlab.torproject.org/tpo/tpa/team/-/issues/40599Renew self-signed LDAP TLS certificate for db.torproject.org2024-01-18T17:16:16ZJérôme Charaouilavamind@torproject.orgRenew self-signed LDAP TLS certificate for db.torproject.orgThis morning Nagios started complaining about a `db.torproject.org` certificate:
gitlab-02] SSL cert - db.torproject.org is WARNING: Certificate will expire
This certificate is managed in Puppet, however it's not immediately clear ...This morning Nagios started complaining about a `db.torproject.org` certificate:
gitlab-02] SSL cert - db.torproject.org is WARNING: Certificate will expire
This certificate is managed in Puppet, however it's not immediately clear how to renew it, especially since there seem to be two versions of the private key around.Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.org2022-02-04https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/55Update s28 plugins for v2.0.02022-02-10T00:42:44ZCecylia BocovichUpdate s28 plugins for v2.0.0We'll have to update our plugins from v1.6.0 to v2.0.0. The new version will be released on January 27th. It shouldn't be too difficult to do this update from v1.6.0 but we should make sure we read the [release notes](https://wiki.race.t...We'll have to update our plugins from v1.6.0 to v2.0.0. The new version will be released on January 27th. It shouldn't be too difficult to do this update from v1.6.0 but we should make sure we read the [release notes](https://wiki.race.twosixlabs.com/display/RACE2/v2.0.0+Changes+Walkthrough).Sponsor 28: ONLY PHASE 3 Reliable Anonymous Communication Evading Censors and Repressors (RACECAR)Cecylia BocovichCecylia Bocovich2022-02-05https://gitlab.torproject.org/tpo/ux/research/-/issues/73Design graphic to support call for participation in Brazil & Mexico2022-02-07T22:44:57ZNahDesign graphic to support call for participation in Brazil & MexicoWe are organizing a training cycle with The Guardian Project and Tails in March. The training agenda will present an Introduction to Tor Browser Desktop, Tor Browser Android and Onion Browser, Orbot and Tails in different dates. It will ...We are organizing a training cycle with The Guardian Project and Tails in March. The training agenda will present an Introduction to Tor Browser Desktop, Tor Browser Android and Onion Browser, Orbot and Tails in different dates. It will happen in Brazil and Mexico, both remotely, for participants that apply for the Call for Participation (CFP).
The CFP will be shared online through communication channels (such as Twitter) during February. We need a visual art to go with it, to make it more attractive to recruit participants.
Some elements to this visual art:
- Tor, Tails, Orbot, Onion Browser icons;
- Usability and Training illustration
- Privacy /Anonymity illustration
It doesn't need all these elements together, this is just a suggestion.Sponsor 30 - Objective 3.4nicobnicob2022-02-07https://gitlab.torproject.org/tpo/tpa/team/-/issues/40615gitlab-02 running out of disk space2023-11-22T17:36:06Zanarcatgitlab-02 running out of disk spacewe're eating 10GB a day, 14GB left, from my calculation.
checklist:
* [x] quickfix: grow disk by 30GB
* [x] document big users @lavamind
* [ ] talk with big users, here's the top 5:
* [x] [jnewsome/sponsir-61-sims](https://gitlab...we're eating 10GB a day, 14GB left, from my calculation.
checklist:
* [x] quickfix: grow disk by 30GB
* [x] document big users @lavamind
* [ ] talk with big users, here's the top 5:
* [x] [jnewsome/sponsir-61-sims](https://gitlab.torproject.org/jnewsome/sponsor-61-sims): 56GB https://gitlab.torproject.org/jnewsome/sponsor-61-sims/-/issues/13 @lavamind
* [x] [tor/core/debian/tor](https://gitlab.torproject.org/tpo/core/debian/tor/-/blob/debian-main/.gitlab-ci.yml) : 27.5GB, https://gitlab.torproject.org/tpo/tpa/team/-/issues/40616 @anarcat
* [x] l10n: 13GB, may be fixed in ci-templates@64f6d588
* [x] community: 11.8GB https://gitlab.torproject.org/tpo/web/lego/-/merge_requests/51
* [x] dgoulet/tor: 9.2GB tpo/core/tor#40562
* [x] arti: ~4GB tpo/core/arti#327
* [x] ~~draft rfc for reduced period @anarcat~~ probably not necessary?
* [x] decide if we reduce retention period. let's keep it like this for now (2022-02-10, 55GB left, 6GB/day, expected to flatten)
* [x] document how to figure out which project is a big user (e.g. around here: https://gitlab.torproject.org/tpo/tpa/team/-/wikis/service/ci#finding-largest-volumes-users) @lavamind
* [x] relate to larger storage problems (#40518, #40478)Jérôme Charaouilavamind@torproject.orgJérôme Charaouilavamind@torproject.org2022-02-14https://gitlab.torproject.org/tpo/applications/tor-browser/-/issues/40816Prepare stable release 11.0.72022-03-07T21:16:07ZrichardPrepare stable release 11.0.7richardrichard2022-02-28https://gitlab.torproject.org/tpo/community/relays/-/issues/26Outreachy project - Mapping values and motivations of the Tor network2022-02-28T17:54:33ZGusOutreachy project - Mapping values and motivations of the Tor network## Project
- Research about relay operators' motivations, community core values, relay flags, the biggest relay families, and other Tor metrics that can be used for gamification. This research should include all types of relays: Guards,...## Project
- Research about relay operators' motivations, community core values, relay flags, the biggest relay families, and other Tor metrics that can be used for gamification. This research should include all types of relays: Guards, middle nodes, bridges, and exit nodes.
- Learn from the previous gamification efforts, and use research to imagine how we can improve and create a new gamification project.
- Build a classification system to organize the different motivations and values expressed by relay operators, including highlighting any "don'ts" for a potential gamification experience.
- Produce a report analyzing the findings and highlighting the most promising paths to be used as part of the gamification project.
- Build a prototype project brief with suggestions of possible gamification methods with realistic mockups.
- Produce a blog post summarizing the project, including its findings and the project brief.
## Timeline
### Week 1 and 2
Dec 6 - Dec 19
- Study: Understand Tor relays
- Passive UX research: Research about relay operators' motivations, community core values, relay flags, the biggest relay families
### Week 3 and 4
Dec 20 - Jan 2
- Data analysis: Understand Tor metrics that can be used for gamification.
- Study: Learn from the previous gamifications efforts
- Study: Other gamification examples from other projects or open source communities
### Week 5 and 6
Jan 3 - Jan 16
- Refining: Build a classification system to organize the different motivations and values expressed by relay operators
- Testing: Filtering factors the classification system with due constraints
- Ideation: Brainstorming all possible ways of gamifying the relay operator experience
- Report: Reporting the most promising paths for gamification
### Week 7 and 8
Jan 17 - Jan 30
- Building Mockups: Build a prototype project brief with suggestions of possible gamification methods with realistic mockups.
### Week 9 and 10
Jan 31 - Feb 13
- Continued from above: Continue building mockups
- Testing: possibly A/B test or simulate mockups with relay operators.
### Week 11 and 12
Feb 14 - Feb 27
- Deploy: Possibly deploy the finished gamification experience / High-fidelity mockup
- Test: Test the live mockup as it is seen across a bigger pool of users
- Feedback gathering
### Last 5 days
Feb 28 - Mar 4
- Propose improvements / future work from feedback gathered.
- Produce a blog post summarizing the project, including its findings and the project brief.mikomiko2022-03-04https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40455Prepare alpha release 11.5a7 (Android)2022-03-09T22:37:27ZrichardPrepare alpha release 11.5a7 (Android)## Tasks
### **geckoview**
- [x] merge chemspill fixes in tor-browser#40829
- [x] Sign/Tag `geckoview-96.0-11.5-1-build2`
### tor-browser-build
- [x] Update `rbm.conf`
- [x] `var/torbrowser_version` : update to next version
-...## Tasks
### **geckoview**
- [x] merge chemspill fixes in tor-browser#40829
- [x] Sign/Tag `geckoview-96.0-11.5-1-build2`
### tor-browser-build
- [x] Update `rbm.conf`
- [x] `var/torbrowser_version` : update to next version
- [x] `var/torbrowser_build`: update to $(BUILD_N)
- [x] Update `projects/geckoview/config`
- [x] `git_hash`: update the $(BUILD_N) section to match tor-browser tag
- [x] Update allowed_addons.json by running (from `tor-browser-build` root)`./tools/fetch_allowed_addons.py > projects/tor-browser/allowed_addons.json`
- [x] Check for NoScript updates here: https://addons.mozilla.org/en-US/firefox/addon/noscript
- None since 11.5a6 Desktop
- [x] Check for openssl updates here: https://github.com/openssl/openssl/tags
- None since 11.5a6 Desktop
- [x] Check for tor updates here: http://eweiibe6tdjsdprb4px6rqrzzcsi22m4koia44kc5pcjr7nec2rlxyad.onion/tpo/core/tor/-/tags
- None since 11.5a6 Desktop
- [x] Check for go updates here: https://golang.org/dl
- None since 11.5a6 Desktop
- [x] Update `ChangeLog.txt`
- [x] Sign/Tag `tbb-11.5a7-build1`:
- PENDING: merge of tor-browser-build!421
### distro
- [x] upload to dist.torproject.org (via jump-host ssh session to statisticiforme.tpo)
- [x] add to downloads page
- [x] announce in blog postaguestuseraguestuser2022-03-09https://gitlab.torproject.org/tpo/applications/tor-browser-build/-/issues/40454Prepare stable release 11.0.8 (Android)2022-03-14T14:54:56ZrichardPrepare stable release 11.0.8 (Android)### fenix
- [x] Backport any required patches (forked from last alpha)
- [x] Sign/Tag commit: `tor-browser-96.3.0-11.0-1-build1`
- [x] Push tag to origin
### android-components
- [x] Backport any required patches
- [x] Sign/Tag commit: ...### fenix
- [x] Backport any required patches (forked from last alpha)
- [x] Sign/Tag commit: `tor-browser-96.3.0-11.0-1-build1`
- [x] Push tag to origin
### android-components
- [x] Backport any required patches
- [x] Sign/Tag commit: `android-components-96.0.15-11.0-1-build1`
- [x] Push tag to origin
### geckoview
- [x] Backport any required patches
- [x] Sign/Tag commit: `geckoview-96.0-11.0-1-build1`
- [x] Push tag to origin
### tor-browser-build
- [x] Backport any required patches
- [x] Update `rbm.conf`
- [x] `var/torbrowser_version` : update to next version
- [x] `var/torbrowser_build` : update to `$(TOR_BROWSER_BUILD_N)`
- [x] ***(Android Only)*** Update allowed_addons.json by running (from `tor-browser-build` root)`./tools/fetch_allowed_addons.py > projects/tor-browser/allowed_addons.json
- [x] Check for NoScript updates here : https://addons.mozilla.org/en-US/firefox/addon/noscript
- NONE
- [x] Check for openssl updates here : https://github.com/openssl/openssl/tags
- NONE
- [x] Check for tor updates here : http://eweiibe6tdjsdprb4px6rqrzzcsi22m4koia44kc5pcjr7nec2rlxyad.onion/tpo/core/tor/-/tags ; Tor Browser Alpha uses `-alpha` tagged tor, while stable uses the stable series
- [x] If new tor version is available, update `projects/tor/config.version` -> 0.4.7.4-alpha
- [x] Check for go updates here : https://golang.org/dl (Tor Browser Alpha uses the latest Stable go version, while Tor Browser Stable uses the latest of the previous Stable major series version (eg: if Tor Browser Alpha is on the go1.17 series, Tor Browser Stable is on the go1.16 series)
- [x] If new go version is available, update `projects/go/config`
- [x] `version` -> 1.16.15
- [x] `input_files/sha256sum` for `go` -> 90a08c689279e35f3865ba510998c33a63255c36089b3ec206c912fc0568c3d3
- [x] Update `ChangeLog.txt`
- [x] Open MR with above changes
- [x] Sign/Tag commit : `make signtag-(alpha|release)`
- [x] Push tag to origin
### blog
- [x] Duplicate previous Stable or Alpha release blog post as appropriate to new directory under `content/blog/new-release-tor-browser-$(TOR_BROWSER_VERSION)` and update with info on release :
- [x] Update Tor Browser version numbers
- [x] Note any ESR rebase
- [x] Link to any Firefox security updates
- [x] Note any updates to :
- [x] tor
- [x] openssl
- [x] go
- [x] noscript
- [x] Convert ChangeLog.txt to markdown format used here by : `tor-browser-build/tools/changelog-format-blog-post`
- [x] Push to origin as new branch, open 'Draft :' MR
- [ ] Remove draft from MR once signed-packages are uploaded
### website
- [x] `databags/versions.ini` : Update the downloads versions
- `torbrowser-stable/version` : sort of a catch-all for latest stable version
- `torbrowser-stable/win32` : tor version in the expert bundle
- `torbrowser-*-stable/version` : platform-specific stable versions
- `torbrowser-*-alpha/version` : platform-specific alpha versions
- `tor-stable`,`tor-alpha` : set by tor devs, do not touch
- [x] Push to origin as new branch, open 'Draft :' MR
- [ ] Remove draft from MR once signed-packages are uploaded
### unsigned build uploads
- [x] Upload unsigned builds to people.torproject.org
- [ ] Email tor-qa@lists.torproject.org with links to unsigned builds
### signing
_TODO_
### signed build uploads
_TODO_aguestuseraguestuser2022-03-10