Re: trafficserver-3.2.4 unstable?

Thu, 07 Feb 2013 05:20:26 -0800 


Am 07.02.2013 13:55, schrieb Jan-Frode Myklebust:
> On Thu, Feb 07, 2013 at 11:54:24AM +0100, Reindl Harald wrote:
>>
>> /etc/trafficserver/remap.config has some hundret hosts like below
>> on the machine is running dnsmasq on 127.0.0.1 to feed the target
>> IP's and dnsmasq-config is also as "remap.config" automatically
>> created with any hostname in the infrastructure
>>
>> map http://www.rhsoft.net http://www.rhsoft.net
>> reverse_map http://www.rhsoft.net http://www.rhsoft.net
> 
> Does that reverse_map make any sense ? 

it makes pretty much sense
you missed the part with dnsmasq :-)

* trafficserver is using DNS 127.0.0.1
* this is dnsmasq configured with /etc/hosts.dnsmasq
* /etc/hosts.dnsmasq and the mappings are configured based on a webservice
* this way i can decide with the public DNS if a host should use
  the trafficserver or directly the origin because trafficserver
  here is useed to reduce image-loads fro high-traffic projects
  by caching them for 60 seconds which makes not much sense
  for small sites

>> [Service]
>> Type=simple
>> ExecStart=/usr/bin/traffic_cop
>> ExecReload=/usr/bin/traffic_line -x
>> Restart=always
>> RestartSec=1
>> LimitNOFILE=100000
>> LimitMEMLOCK=infinity
>> OOMScoreAdjust=-1000
>> PrivateTmp=yes
>> CapabilityBoundingSet=~CAP_SYS_PTRACE
>> InaccessibleDirectories=/boot
>> InaccessibleDirectories=/home
>> InaccessibleDirectories=/usr/local/scripts
>> InaccessibleDirectories=/var/lib/rpm
>> InaccessibleDirectories=/var/spool
> 
> Cool that you're using systemd to restrict ATS like that, but could it
> cause problems? Does maybe the default proxy.config.stack_dump_enabled=1
> conflict with disabling CAP_SYS_PTRACE ? 
> 
> Sorry, HTH, but I'm just guessing here..

CONFIG proxy.config.diags.debug.enabled INT 0
CONFIG proxy.config.diags.debug.tags STRING http.*|dns.*
CONFIG proxy.config.dump_mem_info_frequency INT 0
CONFIG proxy.config.stack_dump_enabled 0

the first 3 values where already there, we will see
for me "stack_dump_enabled" is new and unclear what
it is supposed to do

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to