Configuration variable for handler

[ghost]

Previous PR from #205.

Added a default variable for the handler state which reloads tor instance after the torrc configuration file is changed. Now this behavior can be changed from "reloaded" to "restarted" if wanted.

"Reloaded" caused errors on the controll machine because of the instance could not be reloaded correctly on the target machine (Debian 10 & Ubuntu 18.04). The logs showed that the service failed, but it was started later. This caused long runtimes of the playbook on the ansible machine.

[nusenu]

thanks for your PR, it would be great if we could enhance the README with more specific information about what torrc option requires a restart [2].

Your answer to [1] would also be valuable.

thanks

[1] https://github.com/nusenu/ansible-relayor/issues/189#issuecomment-552606609 [2] https://lists.torproject.org/pipermail/tor-dev/2018-July/013258.html

[nusenu]

Hi @Klauerstoff

according to the tor documentation only the following torrc settings can not be changed without a restart (ignoring those that relayor does not support):

tor_DisableDebuggerAttachment tor_Sandbox tor_AccelName tor_AccelDir tor_HardwareAccel

Can you confirm that you tried to change one of these when you did run into this issue?

thanks!

[ghost]

Hi,

tor_Sandbox seems to be a default value set to 1 am I right? My Playbook does not contain this as a configured variable but it is set in torrc. If its set to 1 in torrc by default everytime you reconfigure your relays this option can cause problems with "reload". None of the other options is used by one of my relays.

greetings

[nusenu]

tor_Sandbox seems to be a default value set to 1 am I right?

It depends on your OS and kernel and it is set to 1 if the following evaluates to true:

ansible_os_family == 'Debian' and ansible_kernel is version_compare('3.5', '>=')

but if your playbook has it set it will honor your setting regardless of OS and kernel version.

My Playbook does not contain this as a configured variable. If its set to 1 in torrc by default everytime you reconfigure your relays this option can cause problems with "reload".

It is correct that "Sandbox 1" will restrict tor from changing certain things on reload.

None of the other options is set in one of my torrc config files. Only tor_sandbox.

I realized that other settings (in addition to the once mentioned above) can also trigger an issue with reload. For example if you change tor_ExitRelay to true a reload will fail because additional listeners (DirPort for DirPortFrontPage) will be added - which is not possible

To better understand the actual specific issue in your case it would be great if you could paste your ansible playbooks (and if relevant host_vars/group_vars files) so I can try to reproduce your problem.

If an ansible-playbook run triggers a reload on consecutive playbook runs without any changes to the playbook or vars this is an issue I'd like to know about - regardless of the reload/restart selection.

Please also make sure you mention your target OS/version and ansible-relayor commit ID and ansible version.

thanks!

[ghost]

Hey,

It depends on your OS and kernel and it is set to 1 if the following evaluates to true: ansible_os_family == 'Debian' and ansible_kernel is version_compare('3.5', '>=') but if your playbook has it set it will honor your setting regardless of OS and kernel version.

I am using Debian 10 and Ubuntu 18.04 LTS so that should be true for me.

To better understand the actual specific issue in your case it would be great if you could paste your ansible playbooks.

That's my playbook I am using. I am limiting to one Instance per Host with "tor_ports" because they do not have as much CPU and RAM capacity for two. The other options are fine I guess.

 - name: Configure Tor-Relay Server
    hosts: #######
    vars:
      tor_nickname: "{{ ansible_hostname }}"
      tor_AccountingMax: ## TB
      tor_ports:
       - { orport: 443, dirport: 9000}
    gather_facts: true
    remote_user: ####
    roles:
      - nusenu.relayor

Maybe my issue is that I am using a dirport on a NoExit-Relay? But I checked some ressources and this Feature does not seem to be limited to exit relays? Correct me if I am wrong. Otherwise the DirPort is not recognized by tor metrics.

I tried Debian 10 and Ubuntu 18.04.3 LTS Releases. Both OS showed the same error. My ansible version is ansible 2.8.6. I am not sure what you mean with ansible-relayor commit ID.

Regards

[nusenu]

thanks for your reply!

so you are saying that if you run this playbook twice it tries to reload the tor daemons even though you did not change anything between the two ansible-playbook runs?

could you paste the full output of your playbook runs?

[nusenu]

We switched to always use restarted since it works reliably 4f92628