Cool, thanks for the clarification.
On Thu, Jun 1, 2017 at 12:29 PM, Peter Ryder (peryder)
wrote:
> The config file I’m proposing is separate from the CRConfig. CrConfig will
> just contain an http link where the TR can get it, like you said.
>
> RGB does not have to be enabled, I just mentioned
The config file I’m proposing is separate from the CRConfig. CrConfig will just
contain an http link where the TR can get it, like you said.
RGB does not have to be enabled, I just mentioned specifically in case there
are thoughts in which order the checks should be done. As it stands right now,
Hey Peter,
Thanks for the write up. It sounds like you want to embed this new config
file in the CrConfig? Is there a reason we can't keep it standalone and
have Traffic Router fetch it like we do with Federations, Steering, etc?
Also, you say "Anonymous Blocking will occur after RGB check" does
Just because we *can* do something doesn't mean we *should* do something.
I don't think we should try to over engineer this part of the system and
make it any more complicated than it needs to be.
I think Rob's PR should be merged so that LDAP users, by default, have very
limited capabilities.
On
Hi All,
I am working with Eric to implement anonymous IP blocking into the Traffic
Router, and am looking to contribute it back to open source.
It will be structured similarly to RGB.
I am looking to get any feedback on the design before going ahead with this
feature.
Feature Requirements
> that ship has sailed when the roles/capabilities model was agreed upon
I don't agree. We could configure PostgreSQL Roles and Row Security
Policies with the same capabilities, and the same UI. Users would click the
"create role" or "assign capability" button, and the UI would issue an API
call w
> @mitchell852 Actual PostgreSQL users. So, Traffic Ops users would _be_
PostgreSQL users. There wouldn't be a single "trafficops" Postgres user,
every TO user would have their own user in Postgres itself.
^^ Sounds like we need a Postgres DBA for that :) Plus, I think that ship
has sailed when th
@mitchell852 Actual PostgreSQL users. So, Traffic Ops users would _be_
PostgreSQL users. There wouldn't be a single "trafficops" Postgres user,
every TO user would have their own user in Postgres itself.
PostgreSQL has row-level security, which makes such a thing possible. You
can configure a user
> I also wonder if we shouldn't try to leverage transitioning our user
management to Postgres.
I don't understand what that means. We do use Postgres for user
management...there is a tm_user table in Postgres and a user has a role
(which will soon have capabilities). That is how users are managed
We use LDAP all the time. It's optional of course, but in our
deployment nobody should be using local accounts unless they're not in
LDAP for some reason (external users, portal users, etc).
Application/API accounts could go either way, but users of the TO UI
should use LDAP whenever possible to av
I'm +1 on this. Thanks for creating the RC Eric!
--
Thanks,
Jeff
On Thu, Jun 1, 2017 at 9:30 AM, Eric Friedrich (efriedri)
wrote:
> Hello All,
>
> I've prepared the next candidate release for incubator-trafficcontrol v2.0.0
> (RC2)
>
> Changes since 1.8.0:
> https://github.com/apache/incubator-
Hello All,
I've prepared the next candidate release for incubator-trafficcontrol v2.0.0
(RC2)
Changes since 1.8.0:
https://github.com/apache/incubator-trafficcontrol/compare/RELEASE-1.8.1-RC0...RELEASE-2.0.0-RC2
This corresponds to git:
Hash: 795ea3adf2003dd27523b6b9ff4691f23d41ce30
Tag: RELE
I have a question in a similar vein, how often do we really use LDAP? My
understanding is we created LDAP access to allow external users in to see
our TO Graphs. Now that graphs are in Graphana is the need for LDAP still
needed? If we require anyone using TO or the TO API to be in the database
i
nice knowing that the ATS lua plugin can be put to good uses here.
Kit
On Wed, May 31, 2017 at 4:12 PM, Dave Neuman wrote:
> Hey Mike,
> I think opening a PR is a great idea. Can you please open it against master?
>
> Thanks,
> Dave
>
>
> On Wed, May 31, 2017 at 16:43 Mike Sandman (misandma)
>
BIRD http://bird.network.cz is widely used as a BGP listener, though from a
quick look at OpenBMP it does look like it is the way to go, depending on
availability of BMP in existing networks.
On Wed, May 31, 2017 at 10:27 PM, Ori Finkelman wrote:
> +1
> Wouldn't this require the BGP to run on ea
15 matches
Mail list logo