... | @@ -225,7 +225,7 @@ This service should be highly available. It should support failure |
... | @@ -225,7 +225,7 @@ This service should be highly available. It should support failure |
|
from one or all point of presence: if all fail, it should be easy to
|
|
from one or all point of presence: if all fail, it should be easy to
|
|
deploy it to a third-party provider.
|
|
deploy it to a third-party provider.
|
|
|
|
|
|
## Design
|
|
## Design and architecture
|
|
|
|
|
|
The status site is part of the [static mirror system](howto/static-component) and is built
|
|
The status site is part of the [static mirror system](howto/static-component) and is built
|
|
with [cstate](https://github.com/cstate/cstate/), which is a theme for the [Hugo](https://gohugo.io/) static site
|
|
with [cstate](https://github.com/cstate/cstate/), which is a theme for the [Hugo](https://gohugo.io/) static site
|
... | @@ -237,6 +237,35 @@ mirror system](howto/static-component) for high availability. |
... | @@ -237,6 +237,35 @@ mirror system](howto/static-component) for high availability. |
|
See the [static-gitlab-shim service design document](service/static-gitlab-shim#design) for more
|
|
See the [static-gitlab-shim service design document](service/static-gitlab-shim#design) for more
|
|
information.
|
|
information.
|
|
|
|
|
|
|
|
## Services
|
|
|
|
|
|
|
|
No service other than the above external services are required to run
|
|
|
|
this service.
|
|
|
|
|
|
|
|
## Queues
|
|
|
|
|
|
|
|
There are no queues or schedulers for that service, although
|
|
|
|
[renovate-cron][] will pass by the project to check for updates once
|
|
|
|
in a while.
|
|
|
|
|
|
|
|
[renovate-cron]: https://gitlab.torproject.org/tpo/tpa/renovate-cron/
|
|
|
|
|
|
|
|
## Interfaces
|
|
|
|
|
|
|
|
## Authentication
|
|
|
|
|
|
|
|
## Implementation
|
|
|
|
|
|
|
|
Status is mostly written in Markdown, but the upstream code is written
|
|
|
|
in Golang and its templating language.
|
|
|
|
|
|
|
|
## Related services
|
|
|
|
|
|
|
|
* [static mirror system](howto/static-component)
|
|
|
|
* [GitLab](howto/gitlab)
|
|
|
|
* [GitLab CI](service/ci)
|
|
|
|
* [static-gitlab-shim service](service/static-gitlab-shim)
|
|
|
|
|
|
## Issues
|
|
## Issues
|
|
|
|
|
|
[File][] or [search][] for issues in the [status-site tracker][search].
|
|
[File][] or [search][] for issues in the [status-site tracker][search].
|
... | @@ -246,17 +275,48 @@ information. |
... | @@ -246,17 +275,48 @@ information. |
|
|
|
|
|
Upstream issues can be found and filed in the [GitHub issue tracker](https://github.com/cstate/cstate/issues).
|
|
Upstream issues can be found and filed in the [GitHub issue tracker](https://github.com/cstate/cstate/issues).
|
|
|
|
|
|
## Monitoring and testing
|
|
## Users
|
|
|
|
|
|
|
|
TPA is the main maintainer of this service and therefore its most
|
|
|
|
likely user, but the network health team are frequent users as well.
|
|
|
|
|
|
|
|
Naturally, any person interested in the Tor project and the health of
|
|
|
|
the services is also a potential user.
|
|
|
|
|
|
|
|
## Upstream
|
|
|
|
|
|
|
|
[cState](https://github.com/cstate/cstate/) is a pretty collaborative and active upstream. It is
|
|
|
|
seeing regular releases and is considered healthy, especially since
|
|
|
|
most of the implementation is actually in [hugo][], another healthy
|
|
|
|
project.
|
|
|
|
|
|
|
|
[hugo]: https://gohugo.io/
|
|
|
|
|
|
|
|
## Monitoring and metrics
|
|
|
|
|
|
The site, like other static mirrors, is monitored by [Nagios](howto/nagios) with
|
|
The site, like other static mirrors, is monitored by [Nagios](howto/nagios) with
|
|
the `dsa_check_staticsync` check, which ensures all mirrors are up to
|
|
the `dsa_check_staticsync` check, which ensures all mirrors are up to
|
|
date.
|
|
date.
|
|
|
|
|
|
## Logs and metrics
|
|
No metrics for this service are currently defined in Prometheus.
|
|
|
|
|
|
|
|
## Tests
|
|
|
|
|
|
|
|
New changes to the site are manually checked by browsing a rendered
|
|
|
|
version of the site and clicking around.
|
|
|
|
|
|
|
|
This can be done on a local copy before even committing, or it can be
|
|
|
|
done with a review site by pushing a branch and opening a merge
|
|
|
|
request.
|
|
|
|
|
|
|
|
## Logs
|
|
|
|
|
|
There are no logs or metrics specific to this service, see the [static
|
|
There are no logs or metrics specific to this service, see the [static
|
|
site service](howto/static-component) for details.
|
|
site service](howto/static-component) for details.
|
|
|
|
|
|
|
|
A history of deployments and past version of the code is of course
|
|
|
|
available in the Git repository history and the GitLab job logs.
|
|
|
|
|
|
## Backups
|
|
## Backups
|
|
|
|
|
|
Does not need special backups: backed up as part of the regular [static
|
|
Does not need special backups: backed up as part of the regular [static
|
... | @@ -289,6 +349,49 @@ stakeholders. The general idea is to have a site (say |
... | @@ -289,6 +349,49 @@ stakeholders. The general idea is to have a site (say |
|
status.torproject.org) that simply shows users how things are going,
|
|
status.torproject.org) that simply shows users how things are going,
|
|
in an easy to understand form.
|
|
in an easy to understand form.
|
|
|
|
|
|
|
|
## Security and risk assessment
|
|
|
|
|
|
|
|
<!--
|
|
|
|
|
|
|
|
5. When was the last security review done on the project? What was
|
|
|
|
the outcome? Are there any security issues currently? Should it
|
|
|
|
have another security review?
|
|
|
|
|
|
|
|
6. When was the last risk assessment done? Something that would cover
|
|
|
|
risks from the data stored, the access required, etc.
|
|
|
|
|
|
|
|
-->
|
|
|
|
|
|
|
|
No security audit was performed of this service, but considering it
|
|
|
|
only manages static content accessed by trusted users, its exposure
|
|
|
|
is considered minimal.
|
|
|
|
|
|
|
|
It might be the target of denial of service attacks, as the rest of
|
|
|
|
the static mirror system. A compromise of the GitLab infrastructure
|
|
|
|
would also naturally give access to the status site.
|
|
|
|
|
|
|
|
Finally, if an outage affects the main domain name (`torproject.org`)
|
|
|
|
this site could suffer as well.
|
|
|
|
|
|
|
|
## Technical debt and next steps
|
|
|
|
|
|
|
|
<!--
|
|
|
|
|
|
|
|
7. Are there any in-progress projects? Technical debt cleanup?
|
|
|
|
Migrations? What state are they in? What's the urgency? What's the
|
|
|
|
next steps?
|
|
|
|
|
|
|
|
8. What urgent things need to be done on this project?
|
|
|
|
|
|
|
|
-->
|
|
|
|
|
|
|
|
The service should probably be moved onto an entirely different
|
|
|
|
domain, managed on a different registrar, using keys stored in a
|
|
|
|
different password manager.
|
|
|
|
|
|
|
|
There used to be no upgrades performed on the site, but that was fixed
|
|
|
|
in November 2023, during the Hackweek.
|
|
|
|
|
|
## Goals
|
|
## Goals
|
|
|
|
|
|
In general, the goal is to provide a simple interface to provide users
|
|
In general, the goal is to provide a simple interface to provide users
|
... | | ... | |