Page MenuHomePhabricator

Retire the Tor relay
Open, MediumPublic

Description

It has been decided to retire the Tor relay (currently running on torrelay1001.wikimedia.org).

It's an outlier in our technical infrastructure and there is a range of issues with it, including technical debt (such as a lack of data center redundancy, inadequate observability support, need for improved hardening/isolation et. al.) that we can't address with our current resources/staffing.

Overall our role in the Tor network is fairly small, which doesn't warrant to increase or extend our current participation: We operate just one relatively small exit node (of the ~ 6000 nodes in the total network) with a typical average of 25-30 MB/s traffic (out of the ~ 200 GB/s of the typical average bandwidth of the Tor network at large).

This task tracks the removal of the service and the later decommission/repurpose of the hardware.

Details

Related Gerrit Patches:
operations/puppet : productionRemove tor relay profile/role

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 21 2020, 2:25 PM
MoritzMuehlenhoff triaged this task as Medium priority.Jan 21 2020, 2:25 PM

Mentioned in SAL (#wikimedia-operations) [2020-01-21T14:39:22Z] <moritzm> stopping/masking tor on torrelay1001 T243288

It's an outlier in our technical infrastructure and there is a range of issues with it

Are these documented somewhere so that these could be fixed?

such as a lack of data center redundancy, inadequate observability support, need for improved hardening/isolation et. al.

I thought the tor relay was a nice thing to show our support for the tor project, and more in the "nice-to-have" category, so if it went down due to lack of data center redundancy, that wasn't an actual problem.

that we can't address with our current resources/staffing.

maybe getting them fixed in a cloud project would be a start before moving it back into production?

To your last point: the WMCS Terms of Use explicitly lists "network proxy" in the "prohibited activities" section -and even names Tor specifically as the first example of such an activity- so running a node in a Cloud VPS is not an option here. This policy has been there since the inception of the Labs/WMCS ToS, and while I can't speak to the rationale behind it, I can say that prohibiting remains a good idea today: running proxies, whether in WMCS or in the production realm can be a messy business, and one that we don't have the capacity to support as an org.

To your last point: the WMCS Terms of Use explicitly lists "network proxy" in the "prohibited activities" section -and even names Tor specifically as the first example of such an activity- so running a node in a Cloud VPS is not an option here. This policy has been there since the inception of the Labs/WMCS ToS, and while I can't speak to the rationale behind it, I can say that prohibiting remains a good idea today: running proxies, whether in WMCS or in the production realm can be a messy business, and one that we don't have the capacity to support as an org.

I'm aware :) It also says that exceptions can be granted by permission of the Cloud Services team, and *if* it were being done in service of ironing out production bugs (the first bullet point under "What uses of Cloud Services do we like?"), then I would hope an exception could be granted.

running proxies, whether in WMCS or in the production realm can be a messy business, and one that we don't have the capacity to support as an org.

Can you expand on this? The only relay related ticket in Tor is T148614, which seemingly looks fixed. I think it's important for our movement to support likeminded movements and this seemed like a small but meaningful gesture of our support plus I have some experience running a relay, so HTH.

torrelay1001 is being reclaimed to the spare pool via https://phabricator.wikimedia.org/T243390 (only pending DC ops steps like disk wipe)

Change 566687 had a related patch set uploaded (by Muehlenhoff; owner: Muehlenhoff):
[operations/puppet@production] Remove tor relay profile/role

https://gerrit.wikimedia.org/r/566687

Change 566687 merged by Muehlenhoff:
[operations/puppet@production] Remove tor relay profile/role

https://gerrit.wikimedia.org/r/566687