Changes
no edit summary
Tahoe-LAFS is a distributed filesystem which provides redundancy and security for files.Our most recent incarnation was run on [[Infrastructure:Crashoverride|Crashoverride]]
==Connecting to VTLUUG's Tahoe Grid==
** Available in Arch's community repo
* Install various dependencies.
** On CentOS 6Debian 9, install <code>python-txtorcon tahoe-lafs tor</code>** On Debian 8, the distro packages are too old so you'll need to install things manually.*** <code>yum -y pip2 install libffi libffi-devel pythonU pyopenssl txtorcon tahoe-devel openssl-devellafs</code>* Get ** Follow the latest version of Tahoe-LAFS. Until [[User:Mjh|mhazinskTor Project's]] patch for Torsocks 2.x gets merged, clone it from [https://githubwww.torproject.comorg/matthazinskidocs/tahoe-lafs his githubdebian.html.en instructions]for installing the latest stable version of tor on Debian Jessie.* Create a hidden service by editing the <code>torrc</code> file* CentOS 6 is unsupported, usually found at <code>/etc/tor/torrc</code>as Tahoe-LAFS now requires Python 2. Add the following: HiddenServiceDir /var/lib/tor/tahoe_storage/ HiddenServicePort 4456 1277.0.0.1:4456* Get the hostname for the hidden service by restarting tor and running Edit <code>cat /var/libetc/tor/tahoe_storage/hostnametorrc</code>* cd to where you cloned the Tahoe-LAFS repo and do uncomment the following:** <code>python setup.py buildControlPort 9051</code> to build the necessary binaries line, then restart tor.** Edit the tahoe defaults file (<code>bin/etc/defaults/tahoe create-node ''path''lafs</code> ) to create a Tahoe directory in the given ''path''start your nodes along with tahoe-lafs startup. Note that your in this will be used example, I have two node directories underneath "/srv/tahoe-storage", "introducer" and "tor-storage". For most users you should only have one node directory for both configuration data and encrypted blob storage.** <codepre>vim ''path''/# Start only these tahoe-lafs nodes automatically via init script.cfg</code> and make it look like the following: Allowed [node] # Nicknames values are optional but useful nickname = mhazinsk"all", "none" or space separated list of tahoe-2 lafs nodes. If # Optional web interfaceempty, "none" is assumed. web.port ##AUTOSTART= tcp:3456:interface"all"AUTOSTART=127.0.0.1 "introducer tor-storage" web.static #AUTOSTART= public_html"home office" # This is what what you defined in torPass arguments to tahoe start. tubDefault to "--syslog".port = tcp:4456:interface=127.0.0.1 tub.location DAEMONARGS= yourhiddenservicehostname.onion:4456 [client]"--syslog" introducer.furl CONFIG_DIR= pb:"/srv/getthisstringfromanofficer@hiddenservice.onion:37204/otherstuff [tahoe-storage]" enabled = true</pre> # You can change this if you have less space, but less than * Create a # few 10's of GB is not useful reserved_space = 100G expire.enabled = false # Read tahoe's docs if you want Tahoe user and add it to use the other optionstor group [helper]** <code>useradd tahoe-lafs</code> enabled = false** <code>usermod -aG debian-tor tahoe-lafs</code> * Create the appropriate tahoe services, and start them: [drop_upload] enabled ** <code>sudo -u tahoe-lafs tahoe create-node --listen= false tor -n YOUR_NODE_NAME -C /srv/tahoe-storage/vtluug-tor-storage -i GET_THIS_STRING_FROM_AN_OFFICER</code>* Finally, run * <code>torify bin/systemctl start tahoe start ''path''-lafs</code>. This will daemonize.
=== Tuning ===
=== Tahoe daemonized and then terminated immediately ===
This can be caused by several factors when running with torsocks.
* You're trying to bind to an IP other than localhost and torsocks blocked this** For the introducer '''only''', it doesn't appear to be possible to restrict the interfaces it binds to. Instead, modify <code>/etc/tor/torsocks.conf</code> and add <code>AllowInbound 1</code>. Then use iptables to deny inbound connections to non-localhost on that port.** For all other nodes (including storage nodes), modify Ensure the tub.port or and web.port lines in tahoeare set to restrict traffic to localhost.cfg* Tahoe is attempting to establish a UDP connection to identify its local IP address. Torsocks restricts UDP connections, causing Tahoe to throw exceptions and terminate. Use Ensure you are using the [https://github.com/matthazinskitahoe-lafs/tahoe-lafs mhazinsk's forklatest trunk version] until this is merged upstreamrather than the version supplied by your OS.
=== Can't connect to introducer ===
* Ensure tor is running and that Tahoe is started through torify.
* Ensure the <code>introducer.furl</code> parameter is not enclosed with quotes in <code>tahoe.cfg</code>. For some reason this has caused connection issuesfor me.
==FAQs==
Technical documentation on tahoe Tahoe can be found at on its website. However, for the prospective user, here's a simple explanation in Q&A format:
===What does it do?===
===How do I delete files?===
You can't. The nodes are not trusted and therefore cannot be relied upon to remove the file's shares when asked. To render a file inaccessible, destroy all copies of the filecap. After 31 60 days, the file's lease will expire and its shares will be automatically garbage collected, or deleted, by the nodes.
===Wait, files expire? But I thought...===
===Directory?===
* Tahoe's erasure coding maintains availability in the event of a loss of nodes, but not malicious nodes. It's trivial to DoS a grid either by a Sybil attack or just using up all available storage if you know the introducer furl string. A [https://tahoe-lafs.org/trac/tahoe-lafs/ticket/467 patch] is in the works to allow clients to choose their own storage nodes that should mitigate this.
[[Category:VTLUUG :Projects]][[Category:Infrastructure]][[Category:SoftwareDeprecated]]