trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Cicimov <ig...@encompasscorporation.com>
Subject Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)
Date Thu, 14 Sep 2017 01:14:56 GMT
On Thu, Sep 14, 2017 at 8:38 AM, Leif Hedstrom <zwoop@apache.org> wrote:

>
>
> > On Sep 12, 2017, at 2:41 PM, Reindl Harald <h.reindl@thelounge.net>
> wrote:
> >
> >
> >
> >> Am 12.09.2017 um 22:31 schrieb Bryan Call:
> >> proxy.config.disable_configuration_modification was a feature that was
> requested and the group didn’t use it.
> >> We are planning on having the configuration to be read-only for ATS 8.
> >
> > frankly ATS 8 is way too late after years of complaining when you need
> to have Letsencrypt enabled in a few weeks because Google Chrome will warn
> on every page with a from tag and no SSL
> >
> > it's just UNACCEPTABLE that you have to HARD RESTART Trafficserver for
> every remamp/ssl change, it was UNACCEPTABLE the last years too but now
> it's becoming a joke
> >
> > where is the rocket science just read the fucking config file and shut
> up like every other software on this plant is able to do?
>
> You need to stop whining like a spoiled brat! There are / were several
> reasons why this was done, e.g. it's a requirement for the cluster config
> to work. Clustering is dead now, and gives us a way to remove this code and
> behavior for 8.0.
>
> That much said, as much complaining as you have done on this subject, the
> amount of code contributions from you or anyone else that has a problem
> with this feature is exactly zero. Which open source projects lets you
> dictate others to do your work for you? We all have our priorities as
> (usually) dictated by the respective companies paying our salaries.
>
> Sincerely,
>
> -- Leif (not speaking on behalf of anyone other than myself)
>
> >
> > [root@proxy:/var/log/trafficserver]$ nano /etc/trafficserver/ssl_
> multicert.config
> > [root@proxy:/var/log/trafficserver]$ cat *
> > [root@proxy:/var/log/trafficserver]$ systemctl reload
> trafficserver.service
> > [root@proxy:/var/log/trafficserver]$ cat *
> > [Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE:
> [Rollback::openFile] Open of ssl_multicert.config failed: Read-only file
> system
> > [Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE:
> [Rollback::internalUpdate] Unable to create new version of
> ssl_multicert.config : Read-only file system
> > [Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE:
> [Rollback::checkForUserUpdate] Failed to roll changed user file
> ssl_multicert.config: System Call Error
> > [Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: User has changed
> config file ssl_multicert.config
> > [root@proxy:/var/log/trafficserver]$
> >
> >>> On Sep 12, 2017, at 8:45 AM, Reindl Harald <h.reindl@thelounge.net>
> wrote:
> >>>
> >>>
> >>>
> >>>> Am 02.09.2017 um 04:51 schrieb Miles Libbey:
> >>>>> On Fri, Sep 1, 2017 at 6:40 PM, Reindl Harald <
> h.reindl@thelounge.net> wrote:
> >>>>>
> >>>>>
> >>>>>> Am 01.09.2017 um 22:43 schrieb Alan Carroll:
> >>>>>>
> >>>>>> Is that addressed by
> >>>>>> https://docs.trafficserver.apache.org/en/latest/admin-
> guide/files/records.config.en.html?highlight=records%
> 20config#proxy-config-disable-configuration-modification
> >>>>>
> >>>>> sounds good - when is 8.0 planned to be released?
> >>>> It's also available in 7.  We do a terrible job of having the
> >>>> documentation match the actual version (eg why we default to a version
> >>>> that won't be released for quite some time is beyond me,
> >>>
> >>> IT DON'T WORK
> >>>
> >>>>> that you currently need a hard restart for config changes is a pain
> and will
> >>>>> be much more pain when you have to use letsencrypt with it's frequent
> >>>>> certificate updates in the next month after Chrome is starting to
> warn about
> >>>>> any site containing a from-tag without TLS
> >>>> They don't. Remap, SSL cert, and parents just need reloads, not
> >>>> restarts. Many record config values are also reloads
> >>>
> >>> IT DON'T RELOAD because of readonly /etc
> >>>
> >>> "/usr/bin/traffic_ctl config reload" don't do anything beause of this
> "[Rollback::Rollback] Config file is read-only : ssl_multicert.config"
> bullshit and i am currently working to implement letsencrypt for hundrets
> of domains which means that at every point in time certificates can be
> changed and a reload is needed and HARD RESTART IS A NO-GO
> >>>
> >>> why in the world is that broken-by-design not fixed after 5 years of
> complaining or at least a option called "proxy.config.disable_configuration_modification"
> not tested at all?
> >>>
> >>> is it really that hard to create a basic systemd unit and set the OS
> to redonly which should be the case for every network service in 2017 and
> test BASIC OPERATIONS?
> >>>
> >>> ReadOnlyDirectories=/etc
> >>> ReadOnlyDirectories=/usr
> >>> ReadOnlyDirectories=/var/lib
> >>> ReadWriteDirectories=/etc/trafficserver/internal
> >>> ReadWriteDirectories=/etc/trafficserver/snapshots
> >>>
> >>> [root@proxy:~]$ cat records.config | grep configuration
> >>> # Main threads configuration (worker threads). Also see configurations
> for   #
> >>> # parent proxy configuration     #
> >>> CONFIG proxy.config.disable_configuration_modification INT 1
> >>> CONFIG proxy.config.cluster.cluster_configuration STRING
> cluster.config
> >>>
> >>> IT JUST DON'T WORK
>
>
​​Hallelujah! I'm not the only one finding this guy annoying! If I was head
of this project he would had been off the mailing list long time ago.​
Using language like this about people that gave him a great tool to use for
FREE is just unacceptable.

I have ATS compiled and installed from source and have /etc/trafficserver
symlinked to /usr/local/etc/trafficserver and have never seen the issue
he's talking about. There are million ways and at least half a dozen of
tools that can help workaround and automate any issue you can think of. And
if you are still complaining about something trivial like that for 5 years
than really you should quit your job and start doing something else.

I guess that's what you get when you put PHP (haha PHP, now that's a real
"joke") enthusiast doing a sysadmin job. You clearly explained the reason
why was this not possible till now but he's still not getting it :-/

So thanks to everyone involved in this project, keep the good work and
please ignore comments from people that have no talent or creativity to do
anything else but complaining.


​Regards,​
-- 
Igor Cicimov | DevOps


p. +61 (0) 433 078 728
e. igorc@encompasscorporation.com <http://encompasscorporation.com/>
w*.* www.encompasscorporation.com
a. Level 4, 65 York Street, Sydney 2000

Mime
View raw message