trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <h.rei...@thelounge.net>
Subject Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)
Date Tue, 12 Sep 2017 15:45:35 GMT


Am 02.09.2017 um 04:51 schrieb Miles Libbey:
> On Fri, Sep 1, 2017 at 6:40 PM, Reindl Harald <h.reindl@thelounge.net> wrote:
>>
>>
>> Am 01.09.2017 um 22:43 schrieb Alan Carroll:
>>>
>>> Is that addressed by
>>> https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification
>>
>> sounds good - when is 8.0 planned to be released?
> 
> It's also available in 7.  We do a terrible job of having the
> documentation match the actual version (eg why we default to a version
> that won't be released for quite some time is beyond me,

IT DON'T WORK

>> that you currently need a hard restart for config changes is a pain and will
>> be much more pain when you have to use letsencrypt with it's frequent
>> certificate updates in the next month after Chrome is starting to warn about
>> any site containing a from-tag without TLS
> 
> They don't. Remap, SSL cert, and parents just need reloads, not
> restarts. Many record config values are also reloads

IT DON'T RELOAD because of readonly /etc

"/usr/bin/traffic_ctl config reload" don't do anything beause of this 
"[Rollback::Rollback] Config file is read-only : ssl_multicert.config" 
bullshit and i am currently working to implement letsencrypt for 
hundrets of domains which means that at every point in time certificates 
can be changed and a reload is needed and HARD RESTART IS A NO-GO

why in the world is that broken-by-design not fixed after 5 years of 
complaining or at least a option called 
"proxy.config.disable_configuration_modification" not tested at all?

is it really that hard to create a basic systemd unit and set the OS to 
redonly which should be the case for every network service in 2017 and 
test BASIC OPERATIONS?

ReadOnlyDirectories=/etc
ReadOnlyDirectories=/usr
ReadOnlyDirectories=/var/lib
ReadWriteDirectories=/etc/trafficserver/internal
ReadWriteDirectories=/etc/trafficserver/snapshots

[root@proxy:~]$ cat records.config | grep configuration
# Main threads configuration (worker threads). Also see configurations 
for   #
# parent proxy configuration 
     #
CONFIG proxy.config.disable_configuration_modification INT 1
CONFIG proxy.config.cluster.cluster_configuration STRING cluster.config

IT JUST DON'T WORK

Mime
View raw message