deprecation of BridgeDB

We have implemented all the pieces to replace BridgeDB by rdsys and want to deploy it in production so we can retire BridgeDB. BridgeDB currently runs three distributors: moat, https and email.

moat will be integrated in the current circumvention settings deployment in polyanthum and will require:

• https://bridges.torproject.org/moat pointing to it (curretly https://bridges.torproject.org/moat/circumvention is pointing to it but the rest of /moat points to BridgeDB)
• a way to expose the prometheus metrics of this distributor.

https will require:

• https://bridges.torproject.org pointing to it, except for /moat
• a way to expose prometheus metrics

email will require:

• an imap and smtp account for bridges@torproject.org (currently is not imap based but directly sent emails to BridgeDB smtp server)
• DKIM verification for that email address, so emails without DKIM or invalid signature for the from, subject and body will be rejected.
• a way to expose prometheus metrics

rdsys collector exporter will be an extra service that will fetch prometheus metrics from all distributors and produce collector files with the same format than BridgeDB does, so current metrics setup keep working after the changes. This piece is still under development. For it will need:

• a http(s) endpoint where collector can pull metrics from. It can be a path inside bridges.tpo or it's own domain.

I heard TPA has a new flashy environment to run containers. I wonder if it makes sense to use it to deploy https, email and the collector exporter (in the future we could do the rest of rdsys, but step by step). Or if deploy all those pieces using systemd in our VMs like the rest of the infra we already have. Any opinions here?

Ideally we'll like to do this deployment over the month of June.

update, task list, assigned to @anarcat or TPA unless otherwise noted:

• move rdsys-backend metrics to a normal vhost, adding this exception:
  • (@meskio) add https://rdsys-backend.torproject.org/metrics target to prometheus and remove https://bridges.torproject.org/rdsys-backend-metrics
• add bridges-email UNIX user to rdsys-frontend-01
• add bridges-email.torproject.org pointing localhost:8000 on rdsys-frontend-01
• add bridges mailbox for email distributor on rdsys-frontend-01
• add DKIM configuration for above
• (@meskio) deploy and test all services
• (@meskio) test email configuration
• add rdsys-moat.torproject.org to point to localhost:7500 on polyanthum
• switch MX record change bridges@ to point at bridges@rdsys-frontend.torproject.org
• switch bridges.torproject.org to point to localhost:7200 on polyanthum
• switch bridges.torproject.org/moat to point to localhost:7500 on polyanthum
• (@meskio) configure the new exporters in prometheus
  • https://bridges.torproject.org/metrics
  • https://rdsys-moat.torproject.org/metrics
  • https://bridges-email.torproject.org/metrics
• open an issue to retire bridgedb, after a month or so (#41754 (closed))
• (@meskio) test everything