A web application that allows users to create anonymous tickets on the Tor Project's GitLab instance by leveraging the GitLab API.
The project is developed in-house and hosted on GitLab at tpo/tpa/anon_ticket.
Tutorial
How-to
Pager playbook
Disaster recovery
If the PostgreSQL database isn't lost, see the installation procedure.
If having to install from scratch, see also anon_ticket Quickstart
Reference
Installation
Prerequisite for installing this service is an LDAP role account.
The service is mainly deployed via the profile::anonticket Puppet class,
which takes care of installing dependencies, configuring a postgresql
user/database, an nginx reverse proxy and systemd user service unit file.
A Python virtual environment must then be manually provisioned in $HOME/.env,
and the ticketlobby.service user service unit file must then be enabled and
activated.
Upgrades
$ source .env/bin/activate # To activate the python virtual environment
$ cd anon_ticket
$ git fetch origin main
$ git merge origin/main
$ python manage.py migrate # To apply new migrations
$ python manage.py collectstatic # To generate new static files
$ systemctl --user reload/restart ticketlobby.service
SLA
There is no SLA established for this service.
Design and architecture
anon_ticket is a Django application and
project. Frontend is served by gunicorn and nginx as proxy and nginx for
static files. It uses TPA's postgresql for storage and
Gitlab API to create users, issues and notes on issues.
Services
The nginx reverse proxy listens on the standard HTTP and HTTPS ports, handles TLS termination, and forwards requests to the ticketlobby service unit that launches gunicorn, which handles the anon_ticket Django project (call ticketlobby) containing the application WSGI.
Storage
Persistent data is stored in a PostgreSQL database.
Queues
None.
Interfaces
This service uses the Gitlab REST API.
The application can be managed via its Web interface or via Django cli
Authentication
standalone plus Gitlab API tokens, see tpo/tpa/team#41510.
Implementation
Python, Django >= 3.1 licensed under BSD 3-Clause "New" or "Revised" license.
Related services
Gitlab, PostgreSQL, nginx
Issues
This project has its own issue tracker at https://gitlab.torproject.org/tpo/tpa/anon_ticket/-/issues
Maintainer
Service deployed by @lavamind, @juga and @ahf.
Users
Any user that wish to report/comment an issue in https://gitlab.torproject.org, without having an account.
Upstream
Upstream are volunteers and some TPI persons, see Contributor analytics
Upstream is not very active.
To report Issues, see Issues.
Monitoring and metrics
No known monitoring nor metrics.
To keep up to date, see Upgrades.
Tests
The service has to be tested manually, going to https://anonticket.torproject.org and check that you can:
-
create identifier -
login with identifierSee a list of all projectsSearch for an issueCreate an issue- Create a
noteon an existing issue See My Landing Page
-
request gitlab account
To test the code, see anon_ticket Tests
Logs
Logs are sent to journal. Gunicorn access and error logs are also saved at
$HOME/log without IP (proxy's one) nor User-Agent.
Backups
Other documentation
Discussion
This service was initially deployed by @ahf at https://anonticket.onionize.space/ and has been migrated here, see tpo/tpa/team#40577.
In the long term, this service will deprecate https://gitlab.onionize.space/
service, deployed by @ahf, from the Gitlab Lobby code, because its functionality has already been integrated in
anon_ticket.
Overview
Security and risk assessment
Technical debt and next steps
Nothing urgent.
Next steps: anon_ticket Issues