Snowflake Broker Deployment 22-10-03

We are going to deploy a new version of snowflake broker configuration to snowflake broker. The broker binary isn't updated, and remain v2.3.1.

Deployment Script

sv stop snowflake-broker
cp /etc/service/snowflake-broker/run ./snowflake-broker-run-22-10-03-backup-$(date +%N)

install --owner root ./snowflake-broker-run-22-10-03-candidcate /etc/service/snowflake-broker/run

sv start snowflake-broker

Rollback Script(will be located at /home/shelikhoo/deployment-22-10-03)

sv stop snowflake-broker

install --owner root ./snowflake-broker-run-22-10-03-backup-???? /etc/service/snowflake-broker/run

sv start snowflake-broker

New Run File

(the difference is at --allowed-relay-pattern)

(-ip-count-mask's value is not real value used on the production system)

#!/bin/sh -e
setcap 'cap_net_bind_service=+ep' /usr/local/bin/broker
export GOMAXPROCS=1
exec chpst -u snowflake-broker -o 32768 /usr/local/bin/broker --metrics-log /home/snowflake-broker/metrics.log --acme-hostnames snowflake-broker.bamsoftware.com,snowflake-broker.freehaven.net,snowflake-broker.torproject.net --acme-email dcf@torproject.org --acme-cert-cache /home/snowflake-broker/acme-cert-cache --bridge-list-path /home/snowflake-broker/bridge_lists.json --default-relay-pattern ^snowflake.torproject.net$ --allowed-relay-pattern snowflake.torproject.net$ -ip-count-log /home/snowflake-broker/metrics-ip-salted.jsonl -ip-count-interval 1h -ip-count-mask ****** 2>&1

Old Run File

#!/bin/sh -e
setcap 'cap_net_bind_service=+ep' /usr/local/bin/broker
export GOMAXPROCS=1
exec chpst -u snowflake-broker -o 32768 /usr/local/bin/broker --metrics-log /home/snowflake-broker/metrics.log --acme-hostnames snowflake-broker.bamsoftware.com,snowflake-broker.freehaven.net,snowflake-broker.torproject.net --acme-email dcf@torproject.org --acme-cert-cache /home/snowflake-broker/acme-cert-cache --bridge-list-path /home/snowflake-broker/bridge_lists.json --default-relay-pattern ^snowflake.torproject.net$ --allowed-relay-pattern ^snowflake.torproject.net$ -ip-count-log /home/snowflake-broker/metrics-ip-salted.jsonl -ip-count-interval 1h -ip-count-mask ****** 2>&1

Side effect to be watched

The network capacity of the snowflake may be decreased. However, if we can take this hit, we should be able to roll out distributed snowflake support.