allow up to 8 relays per IPv4

The number of default tor instances we generate per IP is not changed. If you want to make use of this new limit you have to set tor_ports accordingly. add kitchen test cases with 4 relays per IP Tor directory authorities currently allow up to 4 relay per IPv4 and will increase the limit to 8. This commit breaks the tor_dedicatedExitIP feature for servers with more than two tor instances per IPv4. https://lists.torproject.org/pipermail/tor-relays/2023-February/020999.html https://gitlab.torproject.org/tpo/core/tor/-/issues/40744
nusenu · Feb 2, 2023 · 4142c88 · 4142c88
1 parent 68bad61
commit 4142c88
Show file tree

Hide file tree

Showing 6 changed files with 101 additions and 3 deletions.
diff --git a/.kitchen.yml b/.kitchen.yml
@@ -39,9 +39,15 @@ suites:
   - name: t-guard
     provisioner:
       playbook: "test/integration/default/guard-node.yml"
+  - name: t-guard4
+    provisioner:
+      playbook: "test/integration/default/guard-node4.yml"
   - name: t-exit
     provisioner:
       playbook: "test/integration/default/exit-node.yml"
+  - name: t-exit4
+    provisioner:
+      playbook: "test/integration/default/exit-node4.yml"
   - name: t-guard-alpha
     provisioner:
       playbook: "test/integration/default/guard-alpha-node.yml"
@@ -91,6 +97,13 @@ suites:
       - ["private_network", {ip: "198.51.100.10"}]
     provisioner:
       playbook: "test/integration/default/2publicIPs-guard-metricsport.yml"
+  - name: t-guard4-2publicIPs-metricsport
+    driver:
+      network:
+      - ["private_network", {ip: "192.0.2.10"}]
+      - ["private_network", {ip: "198.51.100.10"}]
+    provisioner:
+      playbook: "test/integration/default/2publicIPs-guard4-metricsport.yml"
   - name: t-guard-2publicIPs
     driver:
       network:
@@ -138,3 +151,14 @@ suites:
       - ["private_network", {ip: "198.51.100.14"}]
     provisioner:
       playbook: "test/integration/default/6publicIPs-dedicatedExitIP-singleInstPerIP-exit-node.yml"
+  - name: t-exit4-6publicIPs-dedicatedExitIP
+    driver:
+      network:
+      - ["private_network", {ip: "192.0.2.10"}]
+      - ["private_network", {ip: "198.51.100.10"}]
+      - ["private_network", {ip: "198.51.100.11"}]
+      - ["private_network", {ip: "198.51.100.12"}]
+      - ["private_network", {ip: "198.51.100.13"}]
+      - ["private_network", {ip: "198.51.100.14"}]
+    provisioner:
+      playbook: "test/integration/default/6publicIPs-dedicatedExitIP-exit4-node.yml"
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -30,12 +30,12 @@
   tags:
     - always
 
-- name: Ensure we do not create more than two instances per IP
+- name: Ensure we do not create more than 8 instances per IP
   assert:
     that:
       - "tor_ports | length > 0"
-      - "tor_ports | length < 3"
-    msg: "You can not run more than 2 instances per IP address, please update your tor_ports configuration."
+      - "tor_ports | length < 9"
+    msg: "You can not run more than 8 instances per IP address, please update your tor_ports configuration."
   tags:
     - always
 

diff --git a/test/integration/default/2publicIPs-guard4-metricsport.yml b/test/integration/default/2publicIPs-guard4-metricsport.yml
@@ -0,0 +1,22 @@
+---
+- hosts: all
+  vars_files:
+    - vars/dry-run-vars.yml
+  vars:
+    tor_maxPublicIPs: 2
+    tor_enableMetricsPort: True
+    tor_gen_metricsport_htpasswd: True
+    tor_metricsport_nginx_config_file: /tmp/web-reverse-proxy-{{ inventory_hostname }}
+    tor_prometheus_scrape_file: /tmp/tor-prometheus-{{ inventory_hostname }}
+    tor_gen_blackbox_scrape_config: True
+    tor_ports:
+      - orport: 9000
+        dirport: 9001
+      - orport: 9100
+        dirport: 9101
+      - orport: 9200
+        dirport: 9201
+      - orport: 9300
+        dirport: 9301
+  roles:
+    - "{{ playbook_dir | regex_replace('test/integration/default$') }}"
diff --git a/test/integration/default/6publicIPs-dedicatedExitIP-exit4-node.yml b/test/integration/default/6publicIPs-dedicatedExitIP-exit4-node.yml
@@ -0,0 +1,19 @@
+---
+- hosts: all
+  vars_files:
+    - vars/dry-run-vars.yml
+  vars:
+    tor_maxPublicIPs: 3
+    tor_dedicatedExitIP: True
+    tor_ExitRelay: True
+    tor_ports:
+      - orport: 9000
+        dirport: 9001
+      - orport: 9100
+        dirport: 9101
+      - orport: 9200
+        dirport: 9201
+      - orport: 9300
+        dirport: 9301
+  roles:
+    - "{{ playbook_dir | regex_replace('test/integration/default$') }}"
diff --git a/test/integration/default/exit-node4.yml b/test/integration/default/exit-node4.yml
@@ -0,0 +1,17 @@
+---
+- hosts: all
+  vars_files:
+    - vars/dry-run-vars.yml
+  vars:
+    tor_ExitRelay: True
+    tor_ports:
+      - orport: 9000
+        dirport: 9001
+      - orport: 9100
+        dirport: 9101
+      - orport: 9200
+        dirport: 9201
+      - orport: 9300
+        dirport: 9301
+  roles:
+    - "{{ playbook_dir | regex_replace('test/integration/default$') }}"
diff --git a/test/integration/default/guard-node4.yml b/test/integration/default/guard-node4.yml
@@ -0,0 +1,16 @@
+---
+- hosts: all
+  vars_files:
+    - vars/dry-run-vars.yml
+  vars:
+    tor_ports:
+      - orport: 9000
+        dirport: 9001
+      - orport: 9100
+        dirport: 9101
+      - orport: 9200
+        dirport: 9201
+      - orport: 9300
+        dirport: 9301
+  roles:
+    - "{{ playbook_dir | regex_replace('test/integration/default$') }}"