You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In securedrop-admin install when a user runs with v3_onion_services=True, we should:
check for existing client auth files
check for existing tor keypairs JSON file
fail if one-but-not-both are found
The goal is to provide a fail-fast mechanism that prevents breaking v3 services for orgs with multiple Administrators. See discussion #4652 (comment) for context. The "validate" role seems like the best place to run this logic, since that'll catch misconfigurations even if securedrop-admin sdconfig was not run.
The text was updated successfully, but these errors were encountered:
If a playbook run bails after the tor keypairs JSON fail is generated but before the ths/client auth files exist, we probably shouldn't start failing subsequent attempts to run the playbook since it won't actually be due to this multiple administrator situation, it's due to a playbook failure which can happen pretty often because Tor (this happened to me while testing the other day and I thought of this ticket).
However in the scenario where the admin does have ths/client auth files but not the tor keypairs JSON file, we should fail because it means they only fetched half the secrets they need from the other admin. Lmk if you disagree @conorsch@kushaldas
Description
In
securedrop-admin install
when a user runs withv3_onion_services=True
, we should:The goal is to provide a fail-fast mechanism that prevents breaking v3 services for orgs with multiple Administrators. See discussion #4652 (comment) for context. The "validate" role seems like the best place to run this logic, since that'll catch misconfigurations even if
securedrop-admin sdconfig
was not run.The text was updated successfully, but these errors were encountered: