ATOR-173 - Extract relay to separate container and connect through co…

…ntrol port

.gitignore

@@ -14,3 +14,4 @@ build
 *.lockfile
 chutney
 .idea
+docker/data

docker/docker-compose.yml

@@ -1,15 +1,42 @@
 version: '2.2'
 services:
+  sbws-relay:
+    image: svforte/anon-dev
+    restart: always
+    expose:
+      - "9051"
+    volumes:
+      - ./data/:/var/lib/anon
+      - ./relay/anonrc:/etc/anon/anonrc
+    networks:
+      local:
+        ipv4_address: 172.18.0.2
   sbws-scanner:
     image: sbws-scanner
     restart: always
+    depends_on:
+      - sbws-relay
     volumes:
       - ./scanner/.sbws.ini:/root/.sbws.ini
-      - ./scanner/anonrc:/etc/anon/anonrc
+      - ./data:/root/.sbws
+    networks:
+      local:
+        ipv4_address: 172.18.0.3
   sbws-destination:
     image: sbws-destination
     restart: always
     ports:
       - "8888:80"
     volumes:
       - ./destination/default.conf:/etc/nginx/conf.d/default.conf
+    networks:
+      local:
+        ipv4_address: 172.18.0.4
+
+networks:
+  local:
+    ipam:
+      driver: default
+      config:
+        - subnet: "172.18.0.0/24"
+          gateway: "172.18.0.1"

docker/relay/anonrc

@@ -0,0 +1,10 @@
+User anond
+
+Nickname AnonSBWS
+
+DataDirectory /var/lib/anon
+
+ControlPort 0.0.0.0:9051
+HashedControlPassword 16:3ACE689A3BC1B7D06025EA6BC9CB1C9B99EB21FE4877ECD803E6EAD9BE
+
+FetchUselessDescriptors 1

docker/scanner/.sbws.ini

@@ -2,7 +2,7 @@
 [scanner]
 # ISO 3166-1 alpha-2 country code where the scanner is located.
 # Default AA, to detect it was not edited.
-country = DE
+country = ZZ
 # A human-readable string with chars in a-zA-Z0-9 to identify the dirauth
 # nickname that will publish the BandwidthFiles generated from this scanner.
 # Default to a non existing dirauth_nickname to detect it was not edited.
@@ -19,45 +19,14 @@ foo = on
 
 [destinations.foo]
 # the domain and path to the 1GB file or POST URL.
-url = http://host.docker.internal:8888/1GiB
+url = http://5.78.90.106:8888/1GiB
 # Whether to verify or not the TLS certificate. Default True
 verify = False
 # ISO 3166-1 alpha-2 country code where the Web server destination is located.
 # Default AA, to detect it was not edited.
 # Use ZZ if the location is unknown (for instance, a CDN).
 country = ZZ
 
-## The following logging options are set by default.
-## There is no need to change them unless other options are preferred.
-; [logging]
-; # Whether or not to log to a rotating file the directory paths.log_dname
-; to_file = yes
-; # Whether or not to log to stdout
-; to_stdout = yes
-; # Whether or not to log to syslog
-; # NOTE that when sbws is launched by systemd, stdout goes to journal and
-; # syslog.
-; to_syslog = no
-
-; # Level to log at. Debug, info, warning, error, critical.
-; # `level` must be set to the lower of all the handler levels.
-; level = debug
-; to_file_level = debug
-; to_stdout_level = info
-; to_syslog_level = info
-; # Format string to use when logging
-; format = %(module)s[%(process)s]: <%(levelname)s> %(message)s
-; # verbose formatter useful for debugging
-; to_file_format = %(asctime)s %(levelname)s %(threadName)s %(filename)s:%(lineno)s - %(funcName)s - %(message)s
-; # Not adding %(asctime)s to to stdout since it'll go to syslog when using
-; # systemd, and it'll have already the date.
-; to_stdout_format = ${format}
-; to_syslog_format = ${format}
-
-# To disable certificate validation, uncomment the following
-# verify = False
-
 [tor]
-control_socket = /var/lib/anon/control
-;external_control_host = 127.0.0.1
-;external_control_port = 9051
+external_control_ip = 172.18.0.2
+external_control_port = 9051

docker/scanner/Dockerfile

@@ -14,12 +14,4 @@ RUN cd temp && ls -la && \
     cd .. && \
     rm -rf temp
 
-RUN apt-get -y update && \
-    apt-get -y install wget apt-transport-https && \
-    . /etc/os-release && \
-    wget -qO- https://deb.dmz.ator.dev/anon.asc | tee /etc/apt/trusted.gpg.d/anon.asc && \
-    echo "deb [signed-by=/etc/apt/trusted.gpg.d/anon.asc] https://deb.dmz.ator.dev anon-dev-$VERSION_CODENAME main" > /etc/apt/sources.list.d/anon.list && \
-    apt-get -y update && \
-    apt-get -y install anon
-
 ENTRYPOINT [ "sh", "docker-entrypoint.sh" ]

docker/scanner/docker-entrypoint.sh

@@ -1,8 +1,8 @@
-anon
+mkdir -p /app/scanner/data/logs
 
-#mkdir -p /app/scanner/data/logs
-#
-#crontab -l | { cat; echo "*/5 * * * * sbws generate >> /app/scanner/data/logs/generate.log  2>&1"; } | crontab -
-#crontab -l | { cat; echo "30  0 * * * sbws cleanup >> /app/scanner/data/logs/cleanup.log  2>&1"; } | crontab -
-#
-#cron -f
+crontab -l | { cat; echo "*/5 * * * * sbws generate >> /app/scanner/data/logs/generate.log  2>&1"; } | crontab -
+crontab -l | { cat; echo "30  0 * * * sbws cleanup >> /app/scanner/data/logs/cleanup.log  2>&1"; } | crontab -
+
+cron -f
+
+#sbws scanner

operations/deploy-dev.hcl

@@ -6,11 +6,11 @@ job "sbws-dev" {
   group "sbws-dev-group" {
     count = 1
 
-    #    volume "sbws-data" {
-    #       type      = "host"
-    #       read_only = false
-    #       source    = "sbws-dev"
-    #    }
+#    volume "dir-auth-dev" {
+#      type      = "host"
+#      read_only = false
+#      source    = "dir-auth-dev"
+#    }
 
     network {
       #      mode = "bridge"
@@ -26,12 +26,48 @@ job "sbws-dev" {
       sticky  = true
     }
 
-    task "sbws-scanner-dev-task" {
+    task "sbws-relay-dev-task" {
       driver = "docker"
 
-      #      env {
-      #        LOGBASE = "data/logs"
-      #      }
+#      volume_mount {
+#        volume      = "anon-check-data"
+#        destination = "/var/lib/anon"
+#        read_only   = false
+#      }
+
+      config {
+        image      = "svforte/anon-dev"
+        force_pull = true
+        volumes    = [
+          "local/anonrc:/etc/anon/anonrc"
+        ]
+      }
+
+      resources {
+        cpu    = 256
+        memory = 256
+      }
+
+      template {
+        change_mode = "noop"
+        data        = <<EOH
+User anond
+
+Nickname AnonSBWS
+
+DataDirectory /var/lib/anon
+
+ControlPort 0.0.0.0:9051
+HashedControlPassword 16:3ACE689A3BC1B7D06025EA6BC9CB1C9B99EB21FE4877ECD803E6EAD9BE
+
+FetchUselessDescriptors 1
+        EOH
+        destination = "local/anonrc"
+      }
+    }
+
+    task "sbws-scanner-dev-task" {
+      driver = "docker"
 
       #      volume_mount {
       #         volume      = "sbws-data"
@@ -44,7 +80,6 @@ job "sbws-dev" {
         force_pull = true
         volumes = [
           "local/.sbws.ini:/root/.sbws.ini:ro",
-          "local/anonrc:/etc/anon/anonrc:ro",
           "local/data:/root/.sbws"
         ]
       }
@@ -82,22 +117,12 @@ verify = False
 country = ZZ
 
 [tor]
-control_socket = /var/lib/anon/control
+external_control_ip = 127.0.0.1
+external_control_port = 9051
         EOH
         destination = "local/.sbws.ini"
       }
 
-      template {
-        change_mode = "noop"
-        data        = <<EOH
-User debian-anon
-DataDirectory /var/lib/anon
-ControlSocket /var/lib/anon/control
-Nickname AnonSBWS
-FetchUselessDescriptors 1
-        EOH
-        destination = "local/anonrc"
-      }
     }
 
     task "sbws-destination-dev-task" {

sbws/globals.py

@@ -23,7 +23,7 @@
     # means a lower chance of conflict
     "SocksPort": "auto",
     # Easier than password authentication
-    "CookieAuthentication": "1",
+    "CookieAuthentication": "0",
     # To avoid path bias warnings
     "UseEntryGuards": "0",
     # Because we need things from full server descriptors (namely for now: the

sbws/util/stem.py

@@ -166,7 +166,7 @@ def is_bootstrapped(c):
 def _init_controller_port(port):
     try:
         c = Controller.from_port(port=port)
-        c.authenticate()
+        c.authenticate(password="password")
     except (IncorrectSocketType, SocketError):
         fail_hard("Unable to connect to control port %s.", port)
     # TODO: Allow for auth via more than just CookieAuthentication
@@ -177,7 +177,7 @@ def _init_controller_port(port):
 def _init_controller_socket(socket):
     try:
         c = Controller.from_socket_file(path=socket)
-        c.authenticate()
+        c.authenticate(password="password")
     except (IncorrectSocketType, SocketError):
         log.debug("Error initting controller socket: socket error.")
         return None
@@ -305,15 +305,15 @@ def launch_tor(conf):
 
     torrc = parse_user_torrc_config(torrc, conf["tor"]["extra_lines"])
     # Finally launch Tor
-    # todo - do not launch own tor (anon)
-    # try:
-    #     # If there is already a tor process running with the same control
-    #     # socket, this will exit here.
-    #     stem.process.launch_tor_with_config(
-    #         torrc, init_msg_handler=log.debug, take_ownership=True
-    #     )
-    # except Exception as e:
-    #     fail_hard("Error trying to launch tor: %s", e)
+    log.info(torrc)
+    try:
+        # If there is already a tor process running with the same control
+        # socket, this will exit here.
+        stem.process.launch_tor_with_config(
+            torrc, tor_cmd="anon", init_msg_handler=log.debug, take_ownership=True
+        )
+    except Exception as e:
+        fail_hard("Error trying to launch tor: %s", e)
     log.info("Started own tor.")
     # And return a controller to it
     cont = _init_controller_socket(conf.getpath("tor", "control_socket"))

scripts/tools/get-per-relay-budget.py

@@ -37,7 +37,7 @@ def print_regular(bws):
 
 def main(args):
     cont = get_controller(args)
-    cont.authenticate()
+    cont.authenticate(password="password")
     bws = [ns.bandwidth for ns in cont.get_network_statuses()]
     if args.quiet:
         print_quiet(bws)