Question 1

How to migrate Tor instances to a new server with ansible-relayor?

Accepted Answer

Refer to the wiki documentation; it involves moving the offline master key directory (~/.tor/offlinemasterkeys) and updating inventory, but requires careful handling to maintain key integrity and avoid service disruption.

Question 2

What is the default key renewal period and how can I change it?

Accepted Answer

Default Ed25519 signing key lifetime is 30 days, set by tor_signingkeylifetime_days. Lower values like 7 days improve security but require more frequent playbook runs to prevent relay downtime from expired keys.

Question 3

Does ansible-relayor support IPv6 configuration automatically?

Accepted Answer

Yes, it autodetects IPv6 IPs and enables IPv6 ORPorts by default with tor_IPv6, and allows IPv6 exit traffic for exit relays via tor_IPv6Exit, though you can opt-out by setting variables to false.

Question 4

ansible-relayor vs manual Tor relay setup: which is better for scaling?

Accepted Answer

ansible-relayor excels for scaling with automation and security features like offline keys, but manual setup might be simpler for one-off relays or teams avoiding Ansible overhead.

Question 5

How to set up Prometheus monitoring with ansible-relayor?

Accepted Answer

Enable tor_enableMetricsPort, set tor_prometheus_host, and ensure nginx and blackbox exporter are installed separately; relayor generates configs but doesn't install all components, requiring additional setup steps.

Question 6

Can I use ansible-relayor to manage Tor bridges?

Accepted Answer

No, the README explicitly states it does not aim to support Tor bridges; it's focused solely on relay operators, so alternative tools are needed for bridge deployment.

ansible-relayor

What is ansible-relayor?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions