Discussion:
[VOTE] Release Apache Traffic Server 7.1.1 (RC1)
Leif Hedstrom
2017-08-31 22:07:04 UTC
Permalink
I've prepared a release for 7.1.1 (RC1), which is a bug fix release on the previous v7.1.0. The release notes for 7.1.1 is available at:

https://github.com/apache/trafficserver/milestone/12?closed=1

or for a brief ChangeLog (attached below as well):

https://github.com/apache/trafficserver/blob/7.1.x/CHANGELOG-7.1.1


This release of v7.1.1 is backwards compatible with all v7.x release, for some details as to what’s new in v.7.1.x see

https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v7.1.x


Information about upgrading to this release from previous major versions is available at:

https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v7.0


The artifacts are available for download at:

http://people.apache.org/~zwoop/rel-candidates/


Checksums:

MD5: a3a9f1a70cd9d11ad5a027275643cca1 *trafficserver-7.1.1-rc1.tar.bz2
SHA512: 9d3d9af85f58015a1221c74e3034a16fad3f9f4b1d55ff0271561a065282847c8c46f9d0152c6b534ab25647acddaf232e9df6228ae609c41ea7ffa8d0a84a6d *trafficserver-7.1.1-rc1.tar.bz2


This corresponds to git refs:

Hash: 6f6a04aae105291c774d0c4116597fdc7b345121
Tag: 7.1.1-rc1


Which can be verified with the following command:

$ git tag -v 7.1.1-rc1


All code signing keys are available here:

https://dist.apache.org/repos/dist/dev/trafficserver/KEYS

Make sure you refresh from a key server to get all relevant signatures. This vote is open until EOB September 5th.

Cheers,

— Leif

Changes with Apache Traffic Server 7.1.1
#1766 - Can't convert Cache Result to Cache MISS by TSHttpTxnCacheLookupStatusSet
#1953 - Unit Tests for Issue #1605 AWS Signature Version 4
#1980 - Issue #1685: Use TS_MILESTONE_UA_BEGIN for cqt* log fields
#2123 - ua_buffer_reader should be released in deallocate_redirect_postdata
#2217 - Be less aggressive in calling SSL_shutdown.
#2273 - Fixed debug build on Fedora 26 with gcc7
#2285 - Prevent HSTS headers from including the terminating null byte.
#2298 - Fix origin requests to default to HTTP 1.1
#2305 - Rework SSL handshake hooks and add tls_hooks tests.
#2315 - For 7.1.x, H2 Assertsion at Http2DependencyTree::deactivate
#2329 - Push triggered DNSConnections into an atomic queue to prevent DNSConnection lost.
#2331 - cqtq,cqtn,cqtd,cqtt timestamp blog format to be INT again
#2359 - Remove the correct entry from priority queue and insert the new node into the queue
#2369 - Backport PR 2336 to 7.1.x - Add missing checks for request url
#2370 - Backport PR 2338 to 7.1.x - Add null pointer check to server response set status in Lua plugin
#2393 - Change from SHA1 to SHA512
#2396 - Fedora 26 and gcc7 support for ATS 7.1.1
#2401 - Prefer setting AM_CPPFLAGS vs. CPPFLAGS, etc.
#2402 - Added more fallthrough comments for Fedora 26 and gcc7 for ICP
#2413 - Correctly Handle EVENT_NONE in UnixNetVConnection::acceptEvent
#2414 - Out-of-bounds while get port from host field
#2443 - AWS auth v4: fixed query param value URI-encoding
#2452 - Ticket file reload shouldn't kill traffic_server process
#2453 - FD leaks when ep.start() failed or cancelled in acceptEvent or con.connect() failed
#2457 - Cherry pick a set of Catch based commits to 7.1
#2458 - Coverity: CID 1380042:Resource leaks (RESOURCE_LEAK)
#2459 - fixing memory leak when ATS serves stale records
#2460 - S3_auth:uri(En|De)code() pass by ref,not val(master)
Leif Hedstrom
2017-08-31 22:09:46 UTC
Permalink
Post by Leif Hedstrom
https://github.com/apache/trafficserver/milestone/12?closed=1
https://github.com/apache/trafficserver/blob/7.1.x/CHANGELOG-7.1.1
I’m gonna vote early :-). We’ve been testing this release, and various previous 7.1.1 candidates for a while now, with no issues. Please help out testing this RC asap, so we can respin quickly if needed.

+1.

— Leif
Reindl Harald
2017-09-01 05:48:32 UTC
Permalink
frankly can somebody fix that after FIVE YEARS of complaints?

with 7.1 "/usr/bin/traffic_ctl config reload" don't do anything, with
7.0 it also complaints like below on startup that it refuses to work
because it can't write to /etc

READ MY LIPS:
you. have. no. business. for. any. write. attempt. to. /etc

[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
[Rollback::openFile] Open of metrics.config failed: Permission denied
[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
[Rollback::Rollback] Config file is read-only : metrics.config
[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
[Rollback::openFile] Open of cluster.config failed: Read-only file system
[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
[Rollback::internalUpdate] Unable to create new version of
cluster.config : Read-only file system
[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
[Rollback::Rollback] Automatic Roll of Version 1 failed: cluster.config
[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
[Rollback::openFile] Open of cluster.config failed: Permission denied
[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
[Rollback::Rollback] Config file is read-only : cluster.config
Post by Leif Hedstrom
https://github.com/apache/trafficserver/milestone/12?closed=1
https://github.com/apache/trafficserver/blob/7.1.x/CHANGELOG-7.1.1
This release of v7.1.1 is backwards compatible with all v7.x release, for some details as to what’s new in v.7.1.x see
https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v7.1.x
https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v7.0
http://people.apache.org/~zwoop/rel-candidates/
MD5: a3a9f1a70cd9d11ad5a027275643cca1 *trafficserver-7.1.1-rc1.tar.bz2
SHA512: 9d3d9af85f58015a1221c74e3034a16fad3f9f4b1d55ff0271561a065282847c8c46f9d0152c6b534ab25647acddaf232e9df6228ae609c41ea7ffa8d0a84a6d *trafficserver-7.1.1-rc1.tar.bz2
Hash: 6f6a04aae105291c774d0c4116597fdc7b345121
Tag: 7.1.1-rc1
$ git tag -v 7.1.1-rc1
https://dist.apache.org/repos/dist/dev/trafficserver/KEYS
Make sure you refresh from a key server to get all relevant signatures. This vote is open until EOB September 5th.
Cheers,
— Leif
Changes with Apache Traffic Server 7.1.1
#1766 - Can't convert Cache Result to Cache MISS by TSHttpTxnCacheLookupStatusSet
#1953 - Unit Tests for Issue #1605 AWS Signature Version 4
#1980 - Issue #1685: Use TS_MILESTONE_UA_BEGIN for cqt* log fields
#2123 - ua_buffer_reader should be released in deallocate_redirect_postdata
#2217 - Be less aggressive in calling SSL_shutdown.
#2273 - Fixed debug build on Fedora 26 with gcc7
#2285 - Prevent HSTS headers from including the terminating null byte.
#2298 - Fix origin requests to default to HTTP 1.1
#2305 - Rework SSL handshake hooks and add tls_hooks tests.
#2315 - For 7.1.x, H2 Assertsion at Http2DependencyTree::deactivate
#2329 - Push triggered DNSConnections into an atomic queue to prevent DNSConnection lost.
#2331 - cqtq,cqtn,cqtd,cqtt timestamp blog format to be INT again
#2359 - Remove the correct entry from priority queue and insert the new node into the queue
#2369 - Backport PR 2336 to 7.1.x - Add missing checks for request url
#2370 - Backport PR 2338 to 7.1.x - Add null pointer check to server response set status in Lua plugin
#2393 - Change from SHA1 to SHA512
#2396 - Fedora 26 and gcc7 support for ATS 7.1.1
#2401 - Prefer setting AM_CPPFLAGS vs. CPPFLAGS, etc.
#2402 - Added more fallthrough comments for Fedora 26 and gcc7 for ICP
#2413 - Correctly Handle EVENT_NONE in UnixNetVConnection::acceptEvent
#2414 - Out-of-bounds while get port from host field
#2443 - AWS auth v4: fixed query param value URI-encoding
#2452 - Ticket file reload shouldn't kill traffic_server process
#2453 - FD leaks when ep.start() failed or cancelled in acceptEvent or con.connect() failed
#2457 - Cherry pick a set of Catch based commits to 7.1
#2458 - Coverity: CID 1380042:Resource leaks (RESOURCE_LEAK)
#2459 - fixing memory leak when ATS serves stale records
#2460 - S3_auth:uri(En|De)code() pass by ref,not val(master)
--
Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
CTO / CISO / Software-Development
m: +43 676 40 221 40
p: +43 1 595 3999 33
http://www.thelounge.net/
Alan Carroll
2017-09-01 20:43:24 UTC
Permalink
Is that addressed by
https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification
?
Post by Reindl Harald
frankly can somebody fix that after FIVE YEARS of complaints?
with 7.1 "/usr/bin/traffic_ctl config reload" don't do anything, with 7.0
it also complaints like below on startup that it refuses to work because it
can't write to /etc
you. have. no. business. for. any. write. attempt. to. /etc
[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE: [Rollback::openFile]
Open of metrics.config failed: Permission denied
[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE: [Rollback::Rollback]
Config file is read-only : metrics.config
[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE: [Rollback::openFile]
Open of cluster.config failed: Read-only file system
Read-only file system
[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE: [Rollback::Rollback]
Automatic Roll of Version 1 failed: cluster.config
[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE: [Rollback::openFile]
Open of cluster.config failed: Permission denied
[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE: [Rollback::Rollback]
Config file is read-only : cluster.config
Post by Leif Hedstrom
I've prepared a release for 7.1.1 (RC1), which is a bug fix release on
https://github.com/apache/trafficserver/milestone/12?closed=1
https://github.com/apache/trafficserver/blob/7.1.x/CHANGELOG
-7.1.1
This release of v7.1.1 is backwards compatible with all v7.x release, for
some details as to what’s new in v.7.1.x see
https://cwiki.apache.org/confluence/display/TS/What%27s+New+
in+v7.1.x
https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v7.0
http://people.apache.org/~zwoop/rel-candidates/
MD5: a3a9f1a70cd9d11ad5a027275643cca1
*trafficserver-7.1.1-rc1.tar.bz2
SHA512: 9d3d9af85f58015a1221c74e3034a1
6fad3f9f4b1d55ff0271561a065282847c8c46f9d0152c6b534ab25647ac
ddaf232e9df6228ae609c41ea7ffa8d0a84a6d *trafficserver-7.1.1-rc1.tar.bz2
Hash: 6f6a04aae105291c774d0c4116597fdc7b345121
Tag: 7.1.1-rc1
$ git tag -v 7.1.1-rc1
https://dist.apache.org/repos/dist/dev/trafficserver/KEYS
Make sure you refresh from a key server to get all relevant signatures.
This vote is open until EOB September 5th.
Cheers,
— Leif
Changes with Apache Traffic Server 7.1.1
#1766 - Can't convert Cache Result to Cache MISS by
TSHttpTxnCacheLookupStatusSet
#1953 - Unit Tests for Issue #1605 AWS Signature Version 4
#1980 - Issue #1685: Use TS_MILESTONE_UA_BEGIN for cqt* log fields
#2123 - ua_buffer_reader should be released in
deallocate_redirect_postdata
#2217 - Be less aggressive in calling SSL_shutdown.
#2273 - Fixed debug build on Fedora 26 with gcc7
#2285 - Prevent HSTS headers from including the terminating null byte.
#2298 - Fix origin requests to default to HTTP 1.1
#2305 - Rework SSL handshake hooks and add tls_hooks tests.
#2315 - For 7.1.x, H2 Assertsion at Http2DependencyTree::deactivate
#2329 - Push triggered DNSConnections into an atomic queue to prevent
DNSConnection lost.
#2331 - cqtq,cqtn,cqtd,cqtt timestamp blog format to be INT again
#2359 - Remove the correct entry from priority queue and insert the
new node into the queue
#2369 - Backport PR 2336 to 7.1.x - Add missing checks for request url
#2370 - Backport PR 2338 to 7.1.x - Add null pointer check to server
response set status in Lua plugin
#2393 - Change from SHA1 to SHA512
#2396 - Fedora 26 and gcc7 support for ATS 7.1.1
#2401 - Prefer setting AM_CPPFLAGS vs. CPPFLAGS, etc.
#2402 - Added more fallthrough comments for Fedora 26 and gcc7 for ICP
#2413 - Correctly Handle EVENT_NONE in UnixNetVConnection::acceptEvent
#2414 - Out-of-bounds while get port from host field
#2443 - AWS auth v4: fixed query param value URI-encoding
#2452 - Ticket file reload shouldn't kill traffic_server process
#2453 - FD leaks when ep.start() failed or cancelled in acceptEvent or
con.connect() failed
#2457 - Cherry pick a set of Catch based commits to 7.1
#2458 - Coverity: CID 1380042:Resource leaks (RESOURCE_LEAK)
#2459 - fixing memory leak when ATS serves stale records
#2460 - S3_auth:uri(En|De)code() pass by ref,not val(master)
--
Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, HofmÃŒhlgasse 17
CTO / CISO / Software-Development
m: +43 676 40 221 40
p: +43 1 595 3999 33
http://www.thelounge.net/
Reindl Harald
2017-09-02 01:40:03 UTC
Permalink
Post by Alan Carroll
Is that addressed by
https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification
sounds good - when is 8.0 planned to be released?

that you currently need a hard restart for config changes is a pain and
will be much more pain when you have to use letsencrypt with it's
frequent certificate updates in the next month after Chrome is starting
to warn about any site containing a from-tag without TLS
Post by Alan Carroll
frankly can somebody fix that after FIVE YEARS of complaints?
with 7.1 "/usr/bin/traffic_ctl config reload" don't do anything,
with 7.0 it also complaints like below on startup that it refuses to
work because it can't write to /etc
you. have. no. business. for. any. write. attempt. to. /etc
[Rollback::openFile] Open of metrics.config failed: Permission denied
[Rollback::Rollback] Config file is read-only : metrics.config
[Rollback::openFile] Open of cluster.config failed: Read-only file system
[Rollback::internalUpdate] Unable to create new version of
cluster.config : Read-only file system
[Rollback::Rollback] Automatic Roll of Version 1 failed: cluster.config
[Rollback::openFile] Open of cluster.config failed: Permission denied
[Rollback::Rollback] Config file is read-only : cluster.config
Miles Libbey
2017-09-02 02:51:37 UTC
Permalink
Post by Reindl Harald
Post by Alan Carroll
Is that addressed by
https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification
sounds good - when is 8.0 planned to be released?
It's also available in 7. We do a terrible job of having the
documentation match the actual version (eg why we default to a version
that won't be released for quite some time is beyond me,
Post by Reindl Harald
that you currently need a hard restart for config changes is a pain and will
be much more pain when you have to use letsencrypt with it's frequent
certificate updates in the next month after Chrome is starting to warn about
any site containing a from-tag without TLS
They don't. Remap, SSL cert, and parents just need reloads, not
restarts. Many record config values are also reloads.
Post by Reindl Harald
Post by Alan Carroll
frankly can somebody fix that after FIVE YEARS of complaints?
with 7.1 "/usr/bin/traffic_ctl config reload" don't do anything,
with 7.0 it also complaints like below on startup that it refuses to
work because it can't write to /etc
you. have. no. business. for. any. write. attempt. to. /etc
[Rollback::openFile] Open of metrics.config failed: Permission denied
[Rollback::Rollback] Config file is read-only : metrics.config
[Rollback::openFile] Open of cluster.config failed: Read-only file system
[Rollback::internalUpdate] Unable to create new version of
cluster.config : Read-only file system
cluster.config
[Rollback::openFile] Open of cluster.config failed: Permission denied
[Rollback::Rollback] Config file is read-only : cluster.config
Reindl Harald
2017-09-02 03:08:47 UTC
Permalink
Post by Miles Libbey
Post by Reindl Harald
Post by Alan Carroll
Is that addressed by
https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification
sounds good - when is 8.0 planned to be released?
It's also available in 7. We do a terrible job of having the
documentation match the actual version (eg why we default to a version
that won't be released for quite some time is beyond me,
frankly that DOES NOT WORK or how do you explain the logs at startup i
posted which are from 7.1.0

[***@proxy:~]$ cat records.config | grep modification
CONFIG proxy.config.disable_configuration_modification INT 1
Post by Miles Libbey
Post by Reindl Harald
that you currently need a hard restart for config changes is a pain and will
be much more pain when you have to use letsencrypt with it's frequent
certificate updates in the next month after Chrome is starting to warn about
any site containing a from-tag without TLS
They don't. Remap, SSL cert, and parents just need reloads, not
restarts. Many record config values are also reloads
just look at the archive - as i complained the last time ATS even logged
that it REFUSES TO REALOAD because /etc is read-only and i really get
tired of that broken stuff after so many years
Reindl Harald
2017-09-07 22:39:58 UTC
Permalink
Post by Reindl Harald
Post by Reindl Harald
Post by Alan Carroll
Is that addressed by
https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification
sounds good - when is 8.0 planned to be released?
It's also available in 7.  We do a terrible job of having the
documentation match the actual version (eg why we default to a version
that won't be released for quite some time is beyond me,
frankly that DOES NOT WORK or how do you explain the logs at startup i
posted which are from 7.1.0
that bullshit still happens with 7.1.1

[***@proxy:~]$ cat records.config | grep disable
CONFIG proxy.config.disable_configuration_modification INT 1
[***@proxy:~]$

[Sep 8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::openFile] Open of hosting.config failed: Permission denied
[Sep 8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::Rollback] Config file is read-only : hosting.config
[Sep 8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::openFile] Open of congestion.config failed: Read-only file system
[Sep 8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::internalUpdate] Unable to create new version of
congestion.config : Read-only file system
[Sep 8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::Rollback] Automatic Roll of Version 1 failed: congestion.config
[Sep 8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::openFile] Open of congestion.config failed: Permission denied
[Sep 8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::Rollback] Config file is read-only : congestion.config
[Sep 8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::openFile] Open of plugin.config failed: Read-only file system
[Sep 8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::internalUpdate] Unable to create new version of plugin.config
: Read-only file system
[Sep 8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::Rollback] Automatic Roll of Version 1 failed: plugin.config
[Sep 8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::openFile] Open of plugin.config failed: Permission denied
[Sep 8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::Rollback] Config file is read-only : plugin.config
[Sep 8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::openFile] Open of splitdns.config failed: Read-only file system
[Sep 8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::internalUpdate] Unable to create new version of
splitdns.config : Read-only file system
[Sep 8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::Rollback] Automatic Roll of Version 1 failed: splitdns.config
[Sep 8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::openFile] Open of splitdns.config failed: Permission denied
[Sep 8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::Rollback] Config file is read-only : splitdns.config
[Sep 8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::openFile] Open of ssl_multicert.config failed: Read-only file
system
[Sep 8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::internalUpdate] Unable to create new version of
ssl_multicert.config : Read-only file system
[Sep 8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::Rollback] Automatic Roll of Version 1 failed:
ssl_multicert.config
[Sep 8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::openFile] Open of ssl_multicert.config failed: Permission denied
[Sep 8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::Rollback] Config file is read-only : ssl_multicert.config
[Sep 8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::openFile] Open of metrics.config failed: Read-only file system
[Sep 8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::internalUpdate] Unable to create new version of
metrics.config : Read-only file system
[Sep 8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::Rollback] Automatic Roll of Version 1 failed: metrics.config
[Sep 8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::openFile] Open of metrics.config failed: Permission denied
[Sep 8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::Rollback] Config file is read-only : metrics.config
[Sep 8 00:37:57.279] Manager {0x7fc666e4c940} NOTE:
[Rollback::openFile] Open of cluster.config failed: Read-only file system
[Sep 8 00:37:57.279] Manager {0x7fc666e4c940} NOTE:
[Rollback::internalUpdate] Unable to create new version of
cluster.config : Read-only file system
[Sep 8 00:37:57.279] Manager {0x7fc666e4c940} NOTE:
[Rollback::Rollback] Automatic Roll of Version 1 failed: cluster.config
[Sep 8 00:37:57.279] Manager {0x7fc666e4c940} NOTE:
[Rollback::openFile] Open of cluster.config failed: Permission denied
[Sep 8 00:37:57.279] Manager {0x7fc666e4c940} NOTE:
[Rollback::Rollback] Config file is read-only : cluster.config
[Sep 8 00:37:57.279] Manager {0x7fc666e4c940} NOTE:
[ClusterCom::ClusterCom] Node running on OS: 'Linux' Release:
'4.12.8-200.fc25.x86_64'
[Sep 8 00:37:57.279] Manager {0x7fc666e4c940} NOTE:
[LocalManager::listenForProxy] Listening on port: 80 (ipv4)
[Sep 8 00:37:57.279] Manager {0x7fc666e4c940} NOTE:
[LocalManager::listenForProxy] Listening on port: 443 (ipv4)
[Sep 8 00:37:57.279] Manager {0x7fc666e4c940} NOTE: [TrafficManager]
Setup complete
[Sep 8 00:37:58.280] Manager {0x7fc666e4c940} NOTE: [ProxyStateSet]
Traffic Server Args: '--bind_stdout /var/log/trafficserver/traffic.out
--bind_stderr /var/log/trafficserver/traffic.out -M'
[Sep 8 00:37:58.280] Manager {0x7fc666e4c940} NOTE:
[LocalManager::listenForProxy] Listening on port: 80 (ipv4)
[Sep 8 00:37:58.280] Manager {0x7fc666e4c940} NOTE:
[LocalManager::listenForProxy] Listening on port: 443 (ipv4)
[Sep 8 00:37:58.280] Manager {0x7fc666e4c940} NOTE:
[LocalManager::startProxy] Launching ts process
[Sep 8 00:37:58.288] Manager {0x7fc666e4c940} NOTE:
[LocalManager::pollMgmtProcessServer] New process connecting fd '15'
[Sep 8 00:37:58.288] Manager {0x7fc666e4c940} NOTE:
[Alarms::signalAlarm] Server Process born
--
Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
CTO / CISO / Software-Development
m: +43 676 40 221 40
p: +43 1 595 3999 33
http://www.thelounge.net/
Reindl Harald
2017-09-12 15:45:35 UTC
Permalink
Post by Miles Libbey
Post by Reindl Harald
Post by Alan Carroll
Is that addressed by
https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification
sounds good - when is 8.0 planned to be released?
It's also available in 7. We do a terrible job of having the
documentation match the actual version (eg why we default to a version
that won't be released for quite some time is beyond me,
IT DON'T WORK
Post by Miles Libbey
Post by Reindl Harald
that you currently need a hard restart for config changes is a pain and will
be much more pain when you have to use letsencrypt with it's frequent
certificate updates in the next month after Chrome is starting to warn about
any site containing a from-tag without TLS
They don't. Remap, SSL cert, and parents just need reloads, not
restarts. Many record config values are also reloads
IT DON'T RELOAD because of readonly /etc

"/usr/bin/traffic_ctl config reload" don't do anything beause of this
"[Rollback::Rollback] Config file is read-only : ssl_multicert.config"
bullshit and i am currently working to implement letsencrypt for
hundrets of domains which means that at every point in time certificates
can be changed and a reload is needed and HARD RESTART IS A NO-GO

why in the world is that broken-by-design not fixed after 5 years of
complaining or at least a option called
"proxy.config.disable_configuration_modification" not tested at all?

is it really that hard to create a basic systemd unit and set the OS to
redonly which should be the case for every network service in 2017 and
test BASIC OPERATIONS?

ReadOnlyDirectories=/etc
ReadOnlyDirectories=/usr
ReadOnlyDirectories=/var/lib
ReadWriteDirectories=/etc/trafficserver/internal
ReadWriteDirectories=/etc/trafficserver/snapshots

[***@proxy:~]$ cat records.config | grep configuration
# Main threads configuration (worker threads). Also see configurations
for #
# parent proxy configuration
#
CONFIG proxy.config.disable_configuration_modification INT 1
CONFIG proxy.config.cluster.cluster_configuration STRING cluster.config

IT JUST DON'T WORK
Reindl Harald
2017-09-12 15:54:22 UTC
Permalink
https://github.com/apache/trafficserver/issues/2505

[***@proxy:/var/log/trafficserver]$ nano
/etc/trafficserver/ssl_multicert.config
[***@proxy:/var/log/trafficserver]$ cat *
[***@proxy:/var/log/trafficserver]$ systemctl reload trafficserver.service
[***@proxy:/var/log/trafficserver]$ cat *
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE:
[Rollback::openFile] Open of ssl_multicert.config failed: Read-only file
system
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE:
[Rollback::internalUpdate] Unable to create new version of
ssl_multicert.config : Read-only file system
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE:
[Rollback::checkForUserUpdate] Failed to roll changed user file
ssl_multicert.config: System Call Error
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: User has changed
config file ssl_multicert.config
[***@proxy:/var/log/trafficserver]$

FUCK IT
Post by Reindl Harald
Post by Reindl Harald
Post by Alan Carroll
Is that addressed by
https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification
sounds good - when is 8.0 planned to be released?
It's also available in 7.  We do a terrible job of having the
documentation match the actual version (eg why we default to a version
that won't be released for quite some time is beyond me,
IT DON'T WORK
Post by Reindl Harald
that you currently need a hard restart for config changes is a pain and will
be much more pain when you have to use letsencrypt with it's frequent
certificate updates in the next month after Chrome is starting to warn about
any site containing a from-tag without TLS
They don't. Remap, SSL cert, and parents just need reloads, not
restarts. Many record config values are also reloads
IT DON'T RELOAD because of readonly /etc
"/usr/bin/traffic_ctl config reload" don't do anything beause of this
"[Rollback::Rollback] Config file is read-only : ssl_multicert.config"
bullshit and i am currently working to implement letsencrypt for
hundrets of domains which means that at every point in time certificates
can be changed and a reload is needed and HARD RESTART IS A NO-GO
why in the world is that broken-by-design not fixed after 5 years of
complaining or at least a option called
"proxy.config.disable_configuration_modification" not tested at all?
is it really that hard to create a basic systemd unit and set the OS to
redonly which should be the case for every network service in 2017 and
test BASIC OPERATIONS?
ReadOnlyDirectories=/etc
ReadOnlyDirectories=/usr
ReadOnlyDirectories=/var/lib
ReadWriteDirectories=/etc/trafficserver/internal
ReadWriteDirectories=/etc/trafficserver/snapshots
# Main threads configuration (worker threads). Also see configurations
for   #
# parent proxy configuration     #
CONFIG proxy.config.disable_configuration_modification INT 1
CONFIG proxy.config.cluster.cluster_configuration STRING cluster.config
IT JUST DON'T WORK
Bryan Call
2017-09-12 20:31:12 UTC
Permalink
proxy.config.disable_configuration_modification was a feature that was requested and the group didn’t use it.

We are planning on having the configuration to be read-only for ATS 8.

-Bryan
Post by Reindl Harald
Post by Miles Libbey
Post by Reindl Harald
Post by Alan Carroll
Is that addressed by
https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification
sounds good - when is 8.0 planned to be released?
It's also available in 7. We do a terrible job of having the
documentation match the actual version (eg why we default to a version
that won't be released for quite some time is beyond me,
IT DON'T WORK
Post by Miles Libbey
Post by Reindl Harald
that you currently need a hard restart for config changes is a pain and will
be much more pain when you have to use letsencrypt with it's frequent
certificate updates in the next month after Chrome is starting to warn about
any site containing a from-tag without TLS
They don't. Remap, SSL cert, and parents just need reloads, not
restarts. Many record config values are also reloads
IT DON'T RELOAD because of readonly /etc
"/usr/bin/traffic_ctl config reload" don't do anything beause of this "[Rollback::Rollback] Config file is read-only : ssl_multicert.config" bullshit and i am currently working to implement letsencrypt for hundrets of domains which means that at every point in time certificates can be changed and a reload is needed and HARD RESTART IS A NO-GO
why in the world is that broken-by-design not fixed after 5 years of complaining or at least a option called "proxy.config.disable_configuration_modification" not tested at all?
is it really that hard to create a basic systemd unit and set the OS to redonly which should be the case for every network service in 2017 and test BASIC OPERATIONS?
ReadOnlyDirectories=/etc
ReadOnlyDirectories=/usr
ReadOnlyDirectories=/var/lib
ReadWriteDirectories=/etc/trafficserver/internal
ReadWriteDirectories=/etc/trafficserver/snapshots
# Main threads configuration (worker threads). Also see configurations for #
# parent proxy configuration #
CONFIG proxy.config.disable_configuration_modification INT 1
CONFIG proxy.config.cluster.cluster_configuration STRING cluster.config
IT JUST DON'T WORK
Reindl Harald
2017-09-12 20:41:28 UTC
Permalink
Post by Bryan Call
proxy.config.disable_configuration_modification was a feature that was requested and the group didn’t use it.
We are planning on having the configuration to be read-only for ATS 8.
frankly ATS 8 is way too late after years of complaining when you need
to have Letsencrypt enabled in a few weeks because Google Chrome will
warn on every page with a from tag and no SSL

it's just UNACCEPTABLE that you have to HARD RESTART Trafficserver for
every remamp/ssl change, it was UNACCEPTABLE the last years too but now
it's becoming a joke

where is the rocket science just read the fucking config file and shut
up like every other software on this plant is able to do?

[***@proxy:/var/log/trafficserver]$ nano
/etc/trafficserver/ssl_multicert.config
[***@proxy:/var/log/trafficserver]$ cat *
[***@proxy:/var/log/trafficserver]$ systemctl reload trafficserver.service
[***@proxy:/var/log/trafficserver]$ cat *
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE:
[Rollback::openFile] Open of ssl_multicert.config failed: Read-only file
system
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE:
[Rollback::internalUpdate] Unable to create new version of
ssl_multicert.config : Read-only file system
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE:
[Rollback::checkForUserUpdate] Failed to roll changed user file
ssl_multicert.config: System Call Error
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: User has changed
config file ssl_multicert.config
Post by Bryan Call
Post by Reindl Harald
Post by Miles Libbey
Post by Reindl Harald
Post by Alan Carroll
Is that addressed by
https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification
sounds good - when is 8.0 planned to be released?
It's also available in 7. We do a terrible job of having the
documentation match the actual version (eg why we default to a version
that won't be released for quite some time is beyond me,
IT DON'T WORK
Post by Miles Libbey
Post by Reindl Harald
that you currently need a hard restart for config changes is a pain and will
be much more pain when you have to use letsencrypt with it's frequent
certificate updates in the next month after Chrome is starting to warn about
any site containing a from-tag without TLS
They don't. Remap, SSL cert, and parents just need reloads, not
restarts. Many record config values are also reloads
IT DON'T RELOAD because of readonly /etc
"/usr/bin/traffic_ctl config reload" don't do anything beause of this "[Rollback::Rollback] Config file is read-only : ssl_multicert.config" bullshit and i am currently working to implement letsencrypt for hundrets of domains which means that at every point in time certificates can be changed and a reload is needed and HARD RESTART IS A NO-GO
why in the world is that broken-by-design not fixed after 5 years of complaining or at least a option called "proxy.config.disable_configuration_modification" not tested at all?
is it really that hard to create a basic systemd unit and set the OS to redonly which should be the case for every network service in 2017 and test BASIC OPERATIONS?
ReadOnlyDirectories=/etc
ReadOnlyDirectories=/usr
ReadOnlyDirectories=/var/lib
ReadWriteDirectories=/etc/trafficserver/internal
ReadWriteDirectories=/etc/trafficserver/snapshots
# Main threads configuration (worker threads). Also see configurations for #
# parent proxy configuration #
CONFIG proxy.config.disable_configuration_modification INT 1
CONFIG proxy.config.cluster.cluster_configuration STRING cluster.config
IT JUST DON'T WORK
Leif Hedstrom
2017-09-13 22:38:27 UTC
Permalink
Post by Bryan Call
proxy.config.disable_configuration_modification was a feature that was requested and the group didn’t use it.
We are planning on having the configuration to be read-only for ATS 8.
frankly ATS 8 is way too late after years of complaining when you need to have Letsencrypt enabled in a few weeks because Google Chrome will warn on every page with a from tag and no SSL
it's just UNACCEPTABLE that you have to HARD RESTART Trafficserver for every remamp/ssl change, it was UNACCEPTABLE the last years too but now it's becoming a joke
where is the rocket science just read the fucking config file and shut up like every other software on this plant is able to do?
You need to stop whining like a spoiled brat! There are / were several reasons why this was done, e.g. it's a requirement for the cluster config to work. Clustering is dead now, and gives us a way to remove this code and behavior for 8.0.

That much said, as much complaining as you have done on this subject, the amount of code contributions from you or anyone else that has a problem with this feature is exactly zero. Which open source projects lets you dictate others to do your work for you? We all have our priorities as (usually) dictated by the respective companies paying our salaries.

Sincerely,

-- Leif (not speaking on behalf of anyone other than myself)
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: [Rollback::openFile] Open of ssl_multicert.config failed: Read-only file system
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: [Rollback::internalUpdate] Unable to create new version of ssl_multicert.config : Read-only file system
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: [Rollback::checkForUserUpdate] Failed to roll changed user file ssl_multicert.config: System Call Error
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: User has changed config file ssl_multicert.config
Post by Bryan Call
Post by Reindl Harald
Post by Miles Libbey
Post by Reindl Harald
Post by Alan Carroll
Is that addressed by
https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification
sounds good - when is 8.0 planned to be released?
It's also available in 7. We do a terrible job of having the
documentation match the actual version (eg why we default to a version
that won't be released for quite some time is beyond me,
IT DON'T WORK
Post by Miles Libbey
Post by Reindl Harald
that you currently need a hard restart for config changes is a pain and will
be much more pain when you have to use letsencrypt with it's frequent
certificate updates in the next month after Chrome is starting to warn about
any site containing a from-tag without TLS
They don't. Remap, SSL cert, and parents just need reloads, not
restarts. Many record config values are also reloads
IT DON'T RELOAD because of readonly /etc
"/usr/bin/traffic_ctl config reload" don't do anything beause of this "[Rollback::Rollback] Config file is read-only : ssl_multicert.config" bullshit and i am currently working to implement letsencrypt for hundrets of domains which means that at every point in time certificates can be changed and a reload is needed and HARD RESTART IS A NO-GO
why in the world is that broken-by-design not fixed after 5 years of complaining or at least a option called "proxy.config.disable_configuration_modification" not tested at all?
is it really that hard to create a basic systemd unit and set the OS to redonly which should be the case for every network service in 2017 and test BASIC OPERATIONS?
ReadOnlyDirectories=/etc
ReadOnlyDirectories=/usr
ReadOnlyDirectories=/var/lib
ReadWriteDirectories=/etc/trafficserver/internal
ReadWriteDirectories=/etc/trafficserver/snapshots
# Main threads configuration (worker threads). Also see configurations for #
# parent proxy configuration #
CONFIG proxy.config.disable_configuration_modification INT 1
CONFIG proxy.config.cluster.cluster_configuration STRING cluster.config
IT JUST DON'T WORK
Reindl Harald
2017-09-13 23:03:48 UTC
Permalink
Post by Leif Hedstrom
Post by Bryan Call
proxy.config.disable_configuration_modification was a feature that was requested and the group didn’t use it.
We are planning on having the configuration to be read-only for ATS 8.
frankly ATS 8 is way too late after years of complaining when you need to have Letsencrypt enabled in a few weeks because Google Chrome will warn on every page with a from tag and no SSL
it's just UNACCEPTABLE that you have to HARD RESTART Trafficserver for every remamp/ssl change, it was UNACCEPTABLE the last years too but now it's becoming a joke
where is the rocket science just read the fucking config file and shut up like every other software on this plant is able to do?
You need to stop whining like a spoiled brat! There are / were several reasons why this was done, e.g. it's a requirement for the cluster config to work. Clustering is dead now, and gives us a way to remove this code and behavior for 8.0
it's not about "remove a feature" - it's just about a sinlg line of code
detecting "oh, /etc" is readonly and jst disbale all of that stuff
implicit instead break left and right and spit some pages of errors for
each and every config file

frankly, if ATS would have been written in PHP (yes, i know wrong
programming language) it would have taken 5 minutes if at all to make
that conditional without any configuration 5 years ago

it's not about whinign - it's about a broken design which could have
been fixed years ago with *zero amount of work*
Igor Cicimov
2017-09-14 01:14:56 UTC
Permalink
Post by Reindl Harald
Post by Bryan Call
proxy.config.disable_configuration_modification was a feature that was
requested and the group didn’t use it.
Post by Reindl Harald
Post by Bryan Call
We are planning on having the configuration to be read-only for ATS 8.
frankly ATS 8 is way too late after years of complaining when you need
to have Letsencrypt enabled in a few weeks because Google Chrome will warn
on every page with a from tag and no SSL
Post by Reindl Harald
it's just UNACCEPTABLE that you have to HARD RESTART Trafficserver for
every remamp/ssl change, it was UNACCEPTABLE the last years too but now
it's becoming a joke
Post by Reindl Harald
where is the rocket science just read the fucking config file and shut
up like every other software on this plant is able to do?
You need to stop whining like a spoiled brat! There are / were several
reasons why this was done, e.g. it's a requirement for the cluster config
to work. Clustering is dead now, and gives us a way to remove this code and
behavior for 8.0.
That much said, as much complaining as you have done on this subject, the
amount of code contributions from you or anyone else that has a problem
with this feature is exactly zero. Which open source projects lets you
dictate others to do your work for you? We all have our priorities as
(usually) dictated by the respective companies paying our salaries.
Sincerely,
-- Leif (not speaking on behalf of anyone other than myself)
multicert.config
trafficserver.service
[Rollback::openFile] Open of ssl_multicert.config failed: Read-only file
system
[Rollback::internalUpdate] Unable to create new version of
ssl_multicert.config : Read-only file system
[Rollback::checkForUserUpdate] Failed to roll changed user file
ssl_multicert.config: System Call Error
Post by Reindl Harald
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: User has changed
config file ssl_multicert.config
Post by Reindl Harald
Post by Bryan Call
Post by Reindl Harald
Post by Miles Libbey
On Fri, Sep 1, 2017 at 6:40 PM, Reindl Harald <
Post by Alan Carroll
Is that addressed by
https://docs.trafficserver.apache.org/en/latest/admin-
guide/files/records.config.en.html?highlight=records%
20config#proxy-config-disable-configuration-modification
Post by Reindl Harald
Post by Bryan Call
Post by Reindl Harald
Post by Miles Libbey
sounds good - when is 8.0 planned to be released?
It's also available in 7. We do a terrible job of having the
documentation match the actual version (eg why we default to a version
that won't be released for quite some time is beyond me,
IT DON'T WORK
Post by Miles Libbey
that you currently need a hard restart for config changes is a pain
and will
Post by Reindl Harald
Post by Bryan Call
Post by Reindl Harald
Post by Miles Libbey
be much more pain when you have to use letsencrypt with it's frequent
certificate updates in the next month after Chrome is starting to
warn about
Post by Reindl Harald
Post by Bryan Call
Post by Reindl Harald
Post by Miles Libbey
any site containing a from-tag without TLS
They don't. Remap, SSL cert, and parents just need reloads, not
restarts. Many record config values are also reloads
IT DON'T RELOAD because of readonly /etc
"/usr/bin/traffic_ctl config reload" don't do anything beause of this
"[Rollback::Rollback] Config file is read-only : ssl_multicert.config"
bullshit and i am currently working to implement letsencrypt for hundrets
of domains which means that at every point in time certificates can be
changed and a reload is needed and HARD RESTART IS A NO-GO
Post by Reindl Harald
Post by Bryan Call
Post by Reindl Harald
why in the world is that broken-by-design not fixed after 5 years of
complaining or at least a option called "proxy.config.disable_configuration_modification"
not tested at all?
Post by Reindl Harald
Post by Bryan Call
Post by Reindl Harald
is it really that hard to create a basic systemd unit and set the OS
to redonly which should be the case for every network service in 2017 and
test BASIC OPERATIONS?
Post by Reindl Harald
Post by Bryan Call
Post by Reindl Harald
ReadOnlyDirectories=/etc
ReadOnlyDirectories=/usr
ReadOnlyDirectories=/var/lib
ReadWriteDirectories=/etc/trafficserver/internal
ReadWriteDirectories=/etc/trafficserver/snapshots
# Main threads configuration (worker threads). Also see configurations
for #
Post by Reindl Harald
Post by Bryan Call
Post by Reindl Harald
# parent proxy configuration #
CONFIG proxy.config.disable_configuration_modification INT 1
CONFIG proxy.config.cluster.cluster_configuration STRING
cluster.config
Post by Reindl Harald
Post by Bryan Call
Post by Reindl Harald
IT JUST DON'T WORK
​​Hallelujah! I'm not the only one finding this guy annoying! If I was head
of this project he would had been off the mailing list long time ago.​
Using language like this about people that gave him a great tool to use for
FREE is just unacceptable.

I have ATS compiled and installed from source and have /etc/trafficserver
symlinked to /usr/local/etc/trafficserver and have never seen the issue
he's talking about. There are million ways and at least half a dozen of
tools that can help workaround and automate any issue you can think of. And
if you are still complaining about something trivial like that for 5 years
than really you should quit your job and start doing something else.

I guess that's what you get when you put PHP (haha PHP, now that's a real
"joke") enthusiast doing a sysadmin job. You clearly explained the reason
why was this not possible till now but he's still not getting it :-/

So thanks to everyone involved in this project, keep the good work and
please ignore comments from people that have no talent or creativity to do
anything else but complaining.


​Regards,​
--
Igor Cicimov | DevOps


p. +61 (0) 433 078 728
e. ***@encompasscorporation.com <http://encompasscorporation.com/>
w*.* www.encompasscorporation.com
a. Level 4, 65 York Street, Sydney 2000
Reindl Harald
2017-09-14 09:19:24 UTC
Permalink
​​Hallelujah! I'm not the only one finding this guy annoying! If I was
head of this project he would had been off the mailing list long time
ago.​ Using language like this about people that gave him a great tool
to use for FREE is just unacceptable.
i would even pay to get such major bugs fixed in a shorter timeframe
than a decade
I have ATS compiled and installed from source and have
/etc/trafficserver symlinked to /usr/local/etc/trafficserver and have
never seen the issue he's talking about.
what the hell has this to do with "ReadOnlyDirectories=/etc" besides
that i then would have to set "ReadOnlyDirectories=/usr/local/etc" too?

no software has any bussiness even try to write in /etc, but even if it
tries and fails it's no justification to refuse *read* from there
without a hard restart
There are million ways and at
least half a dozen of tools that can help workaround and automate any
issue you can think of. And if you are still complaining about something
trivial like that for 5 years than really you should quit your job and
no there is no single way that ATS realods it's config when the config
folder is readonly and it's only insane to detect "
User has changed config file ssl_multicert.config" but refuse to *read*
the file becuase you can't write to it

[***@proxy:/var/log/trafficserver]$ cat *
[***@proxy:/var/log/trafficserver]$ touch
/etc/trafficserver/ssl_multicert.config
[***@proxy:/var/log/trafficserver]$ /usr/bin/traffic_ctl config reload
[***@proxy:/var/log/trafficserver]$ cat *
[Sep 14 11:16:28.625] Manager {0x7f8d3efea700} NOTE:
[Rollback::openFile] Open of ssl_multicert.config failed: Read-only file
system
[Sep 14 11:16:28.625] Manager {0x7f8d3efea700} NOTE:
[Rollback::internalUpdate] Unable to create new version of
ssl_multicert.config : Read-only file system
[Sep 14 11:16:28.625] Manager {0x7f8d3efea700} NOTE:
[Alarms::signalAlarm] Skipping Alarm: '[TrafficManager] Configuration
File Update Failed: Read-only file system'
[Sep 14 11:16:28.625] Manager {0x7f8d3efea700} NOTE:
[Rollback::checkForUserUpdate] Failed to roll changed user file
ssl_multicert.config: System Call Error
[Sep 14 11:16:28.625] Manager {0x7f8d3efea700} NOTE: User has changed
config file ssl_multicert.config
I guess that's what you get when you put PHP (haha PHP, now that's a
real "joke") enthusiast doing a sysadmin job. You clearly explained the
reason why was this not possible till now but he's still not getting it :-/
i keep the i-word for myself....

Steven R. Feltner
2017-09-05 17:43:09 UTC
Permalink
I have compiled and tested 7.1.1 on CentOS 7, including our custom plugins. No issues seen in test or under load test. I have not been able to get this onto a production box yet.

Based on the testing I have done, I +1 this release.

Thanks,
Steven


On 8/31/17, 6:07 PM, "Leif Hedstrom" <***@apache.org> wrote:

I've prepared a release for 7.1.1 (RC1), which is a bug fix release on the previous v7.1.0. The release notes for 7.1.1 is available at:

https://github.com/apache/trafficserver/milestone/12?closed=1

or for a brief ChangeLog (attached below as well):

https://github.com/apache/trafficserver/blob/7.1.x/CHANGELOG-7.1.1


This release of v7.1.1 is backwards compatible with all v7.x release, for some details as to what’s new in v.7.1.x see

https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v7.1.x


Information about upgrading to this release from previous major versions is available at:

https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v7.0


The artifacts are available for download at:

http://people.apache.org/~zwoop/rel-candidates/


Checksums:

MD5: a3a9f1a70cd9d11ad5a027275643cca1 *trafficserver-7.1.1-rc1.tar.bz2
SHA512: 9d3d9af85f58015a1221c74e3034a16fad3f9f4b1d55ff0271561a065282847c8c46f9d0152c6b534ab25647acddaf232e9df6228ae609c41ea7ffa8d0a84a6d *trafficserver-7.1.1-rc1.tar.bz2


This corresponds to git refs:

Hash: 6f6a04aae105291c774d0c4116597fdc7b345121
Tag: 7.1.1-rc1


Which can be verified with the following command:

$ git tag -v 7.1.1-rc1


All code signing keys are available here:

https://dist.apache.org/repos/dist/dev/trafficserver/KEYS

Make sure you refresh from a key server to get all relevant signatures. This vote is open until EOB September 5th.

Cheers,

— Leif

Changes with Apache Traffic Server 7.1.1
#1766 - Can't convert Cache Result to Cache MISS by TSHttpTxnCacheLookupStatusSet
#1953 - Unit Tests for Issue #1605 AWS Signature Version 4
#1980 - Issue #1685: Use TS_MILESTONE_UA_BEGIN for cqt* log fields
#2123 - ua_buffer_reader should be released in deallocate_redirect_postdata
#2217 - Be less aggressive in calling SSL_shutdown.
#2273 - Fixed debug build on Fedora 26 with gcc7
#2285 - Prevent HSTS headers from including the terminating null byte.
#2298 - Fix origin requests to default to HTTP 1.1
#2305 - Rework SSL handshake hooks and add tls_hooks tests.
#2315 - For 7.1.x, H2 Assertsion at Http2DependencyTree::deactivate
#2329 - Push triggered DNSConnections into an atomic queue to prevent DNSConnection lost.
#2331 - cqtq,cqtn,cqtd,cqtt timestamp blog format to be INT again
#2359 - Remove the correct entry from priority queue and insert the new node into the queue
#2369 - Backport PR 2336 to 7.1.x - Add missing checks for request url
#2370 - Backport PR 2338 to 7.1.x - Add null pointer check to server response set status in Lua plugin
#2393 - Change from SHA1 to SHA512
#2396 - Fedora 26 and gcc7 support for ATS 7.1.1
#2401 - Prefer setting AM_CPPFLAGS vs. CPPFLAGS, etc.
#2402 - Added more fallthrough comments for Fedora 26 and gcc7 for ICP
#2413 - Correctly Handle EVENT_NONE in UnixNetVConnection::acceptEvent
#2414 - Out-of-bounds while get port from host field
#2443 - AWS auth v4: fixed query param value URI-encoding
#2452 - Ticket file reload shouldn't kill traffic_server process
#2453 - FD leaks when ep.start() failed or cancelled in acceptEvent or con.connect() failed
#2457 - Cherry pick a set of Catch based commits to 7.1
#2458 - Coverity: CID 1380042:Resource leaks (RESOURCE_LEAK)
#2459 - fixing memory leak when ATS serves stale records
#2460 - S3_auth:uri(En|De)code() pass by ref,not val(mast
David Calavera
2017-09-05 17:53:04 UTC
Permalink
+1 to this release. It solves the problems we found with SNI plugins in the
7.1.0 version. We're actually running this in production since last week
and we haven't found any issue yet.

Cheers,
David
Post by Steven R. Feltner
I have compiled and tested 7.1.1 on CentOS 7, including our custom
plugins. No issues seen in test or under load test. I have not been able
to get this onto a production box yet.
Based on the testing I have done, I +1 this release.
Thanks,
Steven
I've prepared a release for 7.1.1 (RC1), which is a bug fix release on
https://github.com/apache/trafficserver/milestone/12?closed=1
https://github.com/apache/trafficserver/blob/7.1.x/CHANGELOG-7.1.1
This release of v7.1.1 is backwards compatible with all v7.x release,
for some details as to what’s new in v.7.1.x see
https://cwiki.apache.org/confluence/display/TS/What%
27s+New+in+v7.1.x
Information about upgrading to this release from previous major
https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v7.0
http://people.apache.org/~zwoop/rel-candidates/
MD5: a3a9f1a70cd9d11ad5a027275643cca1
*trafficserver-7.1.1-rc1.tar.bz2
SHA512: 9d3d9af85f58015a1221c74e3034a1
6fad3f9f4b1d55ff0271561a065282847c8c46f9d0152c6b534ab25647ac
ddaf232e9df6228ae609c41ea7ffa8d0a84a6d *trafficserver-7.1.1-rc1.tar.bz2
Hash: 6f6a04aae105291c774d0c4116597fdc7b345121
Tag: 7.1.1-rc1
$ git tag -v 7.1.1-rc1
https://dist.apache.org/repos/dist/dev/trafficserver/KEYS
Make sure you refresh from a key server to get all relevant
signatures. This vote is open until EOB September 5th.
Cheers,
— Leif
Changes with Apache Traffic Server 7.1.1
#1766 - Can't convert Cache Result to Cache MISS by
TSHttpTxnCacheLookupStatusSet
#1953 - Unit Tests for Issue #1605 AWS Signature Version 4
#1980 - Issue #1685: Use TS_MILESTONE_UA_BEGIN for cqt* log fields
#2123 - ua_buffer_reader should be released in
deallocate_redirect_postdata
#2217 - Be less aggressive in calling SSL_shutdown.
#2273 - Fixed debug build on Fedora 26 with gcc7
#2285 - Prevent HSTS headers from including the terminating null byte.
#2298 - Fix origin requests to default to HTTP 1.1
#2305 - Rework SSL handshake hooks and add tls_hooks tests.
#2315 - For 7.1.x, H2 Assertsion at Http2DependencyTree::deactivate
#2329 - Push triggered DNSConnections into an atomic queue to
prevent DNSConnection lost.
#2331 - cqtq,cqtn,cqtd,cqtt timestamp blog format to be INT again
#2359 - Remove the correct entry from priority queue and insert the
new node into the queue
#2369 - Backport PR 2336 to 7.1.x - Add missing checks for request url
#2370 - Backport PR 2338 to 7.1.x - Add null pointer check to server
response set status in Lua plugin
#2393 - Change from SHA1 to SHA512
#2396 - Fedora 26 and gcc7 support for ATS 7.1.1
#2401 - Prefer setting AM_CPPFLAGS vs. CPPFLAGS, etc.
#2402 - Added more fallthrough comments for Fedora 26 and gcc7 for ICP
acceptEvent
#2414 - Out-of-bounds while get port from host field
#2443 - AWS auth v4: fixed query param value URI-encoding
#2452 - Ticket file reload shouldn't kill traffic_server process
#2453 - FD leaks when ep.start() failed or cancelled in acceptEvent
or con.connect() failed
#2457 - Cherry pick a set of Catch based commits to 7.1
#2458 - Coverity: CID 1380042:Resource leaks (RESOURCE_LEAK)
#2459 - fixing memory leak when ATS serves stale records
#2460 - S3_auth:uri(En|De)code() pass by ref,not val(master)
Bryan Call
2017-09-05 18:32:22 UTC
Permalink
+1 - Passed signatures check, regression tests, and I have been running it in production since 8/31 without any issues.

-Bryan
Post by Leif Hedstrom
https://github.com/apache/trafficserver/milestone/12?closed=1
https://github.com/apache/trafficserver/blob/7.1.x/CHANGELOG-7.1.1
This release of v7.1.1 is backwards compatible with all v7.x release, for some details as to what’s new in v.7.1.x see
https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v7.1.x
https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v7.0
http://people.apache.org/~zwoop/rel-candidates/
MD5: a3a9f1a70cd9d11ad5a027275643cca1 *trafficserver-7.1.1-rc1.tar.bz2
SHA512: 9d3d9af85f58015a1221c74e3034a16fad3f9f4b1d55ff0271561a065282847c8c46f9d0152c6b534ab25647acddaf232e9df6228ae609c41ea7ffa8d0a84a6d *trafficserver-7.1.1-rc1.tar.bz2
Hash: 6f6a04aae105291c774d0c4116597fdc7b345121
Tag: 7.1.1-rc1
$ git tag -v 7.1.1-rc1
https://dist.apache.org/repos/dist/dev/trafficserver/KEYS
Make sure you refresh from a key server to get all relevant signatures. This vote is open until EOB September 5th.
Cheers,
— Leif
Changes with Apache Traffic Server 7.1.1
#1766 - Can't convert Cache Result to Cache MISS by TSHttpTxnCacheLookupStatusSet
#1953 - Unit Tests for Issue #1605 AWS Signature Version 4
#1980 - Issue #1685: Use TS_MILESTONE_UA_BEGIN for cqt* log fields
#2123 - ua_buffer_reader should be released in deallocate_redirect_postdata
#2217 - Be less aggressive in calling SSL_shutdown.
#2273 - Fixed debug build on Fedora 26 with gcc7
#2285 - Prevent HSTS headers from including the terminating null byte.
#2298 - Fix origin requests to default to HTTP 1.1
#2305 - Rework SSL handshake hooks and add tls_hooks tests.
#2315 - For 7.1.x, H2 Assertsion at Http2DependencyTree::deactivate
#2329 - Push triggered DNSConnections into an atomic queue to prevent DNSConnection lost.
#2331 - cqtq,cqtn,cqtd,cqtt timestamp blog format to be INT again
#2359 - Remove the correct entry from priority queue and insert the new node into the queue
#2369 - Backport PR 2336 to 7.1.x - Add missing checks for request url
#2370 - Backport PR 2338 to 7.1.x - Add null pointer check to server response set status in Lua plugin
#2393 - Change from SHA1 to SHA512
#2396 - Fedora 26 and gcc7 support for ATS 7.1.1
#2401 - Prefer setting AM_CPPFLAGS vs. CPPFLAGS, etc.
#2402 - Added more fallthrough comments for Fedora 26 and gcc7 for ICP
#2413 - Correctly Handle EVENT_NONE in UnixNetVConnection::acceptEvent
#2414 - Out-of-bounds while get port from host field
#2443 - AWS auth v4: fixed query param value URI-encoding
#2452 - Ticket file reload shouldn't kill traffic_server process
#2453 - FD leaks when ep.start() failed or cancelled in acceptEvent or con.connect() failed
#2457 - Cherry pick a set of Catch based commits to 7.1
#2458 - Coverity: CID 1380042:Resource leaks (RESOURCE_LEAK)
#2459 - fixing memory leak when ATS serves stale records
#2460 - S3_auth:uri(En|De)code() pass by ref,not val(master)
Leif Hedstrom
2017-09-06 01:50:43 UTC
Permalink
Post by Bryan Call
+1 - Passed signatures check, regression tests, and I have been running it in production since 8/31 without any issues.
I’m going to call this, with 4+1 votes (3 binding) and no -1’s. I’m pushing to the dist servers tonight, and will make the announcement tomorrow.

Cheers,

— Leif
Loading...