ansible-role-hidden-service
ansible-role-hidden-service copied to clipboard
systemli
Cannot restart tor when connected over tor
The role by default configures an Onion Service listening on port 22, presumably for use via SSH. If the Ansible connection is over Tor, and configuration changes are made to /etc/tor/torrc, the handler for restarting tor will fail, breaking the SSH connection and causing the playbook to fail.
There's a solution! We can detect whether the Ansible connection is going over tor by inspecting the ansible_host (default to ansible_ssh_host for backwards-compatibility) and bounce tor via an async-and-wait approach. Doing so ensures the connection is reestablished after tor comes back up, and the playbook can proceed.
I've already written an implementation and merged it over here: https://github.com/freedomofpress/securedrop/pull/1707/files Would y'all be interested in the same functionality here? I'd rather upstream this functionality to systemli.hidden-services and pull in your excellent role in the SecureDrop project, but I need sane handling of the tor restart logic before I can do that. I'm happy to create the PR myself, of course.
Hi @conorsch, thank you for asking. That's a good idea and a PR would be very welcome.
Hey @conorsch, I just integrated your code. Works as expected. Pls recheck on your .onion ssh services, then I will merge your proposal.
Branch: restart-tor-carefully
Hey @conorsch, I just integrated your code. Works as expected. Pls recheck on your .onion ssh services, then I will merge your proposal.
Branch: restart-tor-carefully
Bump :)