https://github.com/apache/trafficserver/issues/2505
[root@proxy:/var/log/trafficserver]$ nano
/etc/trafficserver/ssl_multicert.config
[root@proxy:/var/log/trafficserver]$ cat *
[root@proxy:/var/log/trafficserver]$ systemctl reload trafficserver.service
[root@proxy:/var/log/trafficserver]$ cat *
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE:
[Rollback::openFile] Open of ssl_multicert.config failed: Read-only file
system
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE:
[Rollback::internalUpdate] Unable to create new version of
ssl_multicert.config : Read-only file system
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE:
[Rollback::checkForUserUpdate] Failed to roll changed user file
ssl_multicert.config: System Call Error
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: User has changed
config file ssl_multicert.config
[root@proxy:/var/log/trafficserver]$
FUCK IT
Am 12.09.2017 um 17:45 schrieb Reindl Harald:
Am 02.09.2017 um 04:51 schrieb Miles Libbey:
On Fri, Sep 1, 2017 at 6:40 PM, Reindl Harald <[email protected]>
wrote:
Am 01.09.2017 um 22:43 schrieb Alan Carroll:
Is that addressed by
https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification
sounds good - when is 8.0 planned to be released?
It's also available in 7. We do a terrible job of having the
documentation match the actual version (eg why we default to a version
that won't be released for quite some time is beyond me,
IT DON'T WORK
that you currently need a hard restart for config changes is a pain
and will
be much more pain when you have to use letsencrypt with it's frequent
certificate updates in the next month after Chrome is starting to
warn about
any site containing a from-tag without TLS
They don't. Remap, SSL cert, and parents just need reloads, not
restarts. Many record config values are also reloads
IT DON'T RELOAD because of readonly /etc
"/usr/bin/traffic_ctl config reload" don't do anything beause of this
"[Rollback::Rollback] Config file is read-only : ssl_multicert.config"
bullshit and i am currently working to implement letsencrypt for
hundrets of domains which means that at every point in time certificates
can be changed and a reload is needed and HARD RESTART IS A NO-GO
why in the world is that broken-by-design not fixed after 5 years of
complaining or at least a option called
"proxy.config.disable_configuration_modification" not tested at all?
is it really that hard to create a basic systemd unit and set the OS to
redonly which should be the case for every network service in 2017 and
test BASIC OPERATIONS?
ReadOnlyDirectories=/etc
ReadOnlyDirectories=/usr
ReadOnlyDirectories=/var/lib
ReadWriteDirectories=/etc/trafficserver/internal
ReadWriteDirectories=/etc/trafficserver/snapshots
[root@proxy:~]$ cat records.config | grep configuration
# Main threads configuration (worker threads). Also see configurations
for #
# parent proxy configuration #
CONFIG proxy.config.disable_configuration_modification INT 1
CONFIG proxy.config.cluster.cluster_configuration STRING cluster.config
IT JUST DON'T WORK
