Skip to content
GitLab
Closed
Issue created by shelikhoo@shelikhooOwner

Snowflake Broker Deployment 22-10-25

We are going to deploy a new version of snowflake broker configuration to snowflake broker. The broker binary isn't updated, and remain v2.3.1.

This will rollout the change we did in Snowflake Broker Deployment 22-10-03 plus include secondary bridge definition, and Remove GOMAXPROCS=1.

Deployment Script

sv stop snowflake-broker
cp /etc/service/snowflake-broker/run ./snowflake-broker-run-22-10-25-backup-$(date +%N)
cp /home/snowflake-broker/bridge_lists.json ./bridge_lists_json-22-10-25-backup-$(date +%N)

install --owner root ./snowflake-broker-run-22-10-25-candidcate /etc/service/snowflake-broker/run
install --owner root ./bridge_lists_json-22-10-25-candidcate /home/snowflake-broker/bridge_lists.json

sv start snowflake-broker

New Run File

(the difference is at --allowed-relay-pattern)

(-ip-count-mask's value is not real value used on the production system)

#!/bin/sh -e
setcap 'cap_net_bind_service=+ep' /usr/local/bin/broker
exec chpst -u snowflake-broker -o 32768 /usr/local/bin/broker --metrics-log /home/snowflake-broker/metrics.log --acme-hostnames snowflake-broker.bamsoftware.com,snowflake-broker.freehaven.net,snowflake-broker.torproject.net --acme-email dcf@torproject.org --acme-cert-cache /home/snowflake-broker/acme-cert-cache --bridge-list-path /home/snowflake-broker/bridge_lists.json --default-relay-pattern ^snowflake.torproject.net$ --allowed-relay-pattern snowflake.torproject.net$ -ip-count-log /home/snowflake-broker/metrics-ip-salted.jsonl -ip-count-interval 1h -ip-count-mask ****** 2>&1

Old Run File

#!/bin/sh -e
setcap 'cap_net_bind_service=+ep' /usr/local/bin/broker
export GOMAXPROCS=1
exec chpst -u snowflake-broker -o 32768 /usr/local/bin/broker --metrics-log /home/snowflake-broker/metrics.log --acme-hostnames snowflake-broker.bamsoftware.com,snowflake-broker.freehaven.net,snowflake-broker.torproject.net --acme-email dcf@torproject.org --acme-cert-cache /home/snowflake-broker/acme-cert-cache --bridge-list-path /home/snowflake-broker/bridge_lists.json --default-relay-pattern ^snowflake.torproject.net$ --allowed-relay-pattern ^snowflake.torproject.net$ -ip-count-log /home/snowflake-broker/metrics-ip-salted.jsonl -ip-count-interval 1h -ip-count-mask ****** 2>&1

New bridge_lists.json

{"displayName":"default", "webSocketAddress":"wss://snowflake.torproject.net/", "fingerprint":"2B280B23E1107BB62ABFC40DDCC8824814F80A72"}
{"displayName":"Bridge02", "webSocketAddress":"wss://02.snowflake.torproject.net/", "fingerprint":"8838024498816A039FCBBAB14E6F40A0843051FA"}

Old bridge_lists.json

{"displayName":"default", "webSocketAddress":"wss://snowflake.torproject.net/", "fingerprint":"2B280B23E1107BB62ABFC40DDCC8824814F80A72"}

Side effect to be watched

The network capacity of the snowflake may be decreased(again).

Edited by shelikhoo