proxy.config.disable_configuration_modification was a feature that was requested and the group didn’t use it.
We are planning on having the configuration to be read-only for ATS 8. -Bryan > On Sep 12, 2017, at 8:45 AM, Reindl Harald <[email protected]> wrote: > > > > Am 02.09.2017 um 04:51 schrieb Miles Libbey: >> On Fri, Sep 1, 2017 at 6:40 PM, Reindl Harald <[email protected]> wrote: >>> >>> >>> Am 01.09.2017 um 22:43 schrieb Alan Carroll: >>>> >>>> Is that addressed by >>>> https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification >>> >>> sounds good - when is 8.0 planned to be released? >> It's also available in 7. We do a terrible job of having the >> documentation match the actual version (eg why we default to a version >> that won't be released for quite some time is beyond me, > > IT DON'T WORK > >>> that you currently need a hard restart for config changes is a pain and will >>> be much more pain when you have to use letsencrypt with it's frequent >>> certificate updates in the next month after Chrome is starting to warn about >>> any site containing a from-tag without TLS >> They don't. Remap, SSL cert, and parents just need reloads, not >> restarts. Many record config values are also reloads > > IT DON'T RELOAD because of readonly /etc > > "/usr/bin/traffic_ctl config reload" don't do anything beause of this > "[Rollback::Rollback] Config file is read-only : ssl_multicert.config" > bullshit and i am currently working to implement letsencrypt for hundrets of > domains which means that at every point in time certificates can be changed > and a reload is needed and HARD RESTART IS A NO-GO > > why in the world is that broken-by-design not fixed after 5 years of > complaining or at least a option called > "proxy.config.disable_configuration_modification" not tested at all? > > is it really that hard to create a basic systemd unit and set the OS to > redonly which should be the case for every network service in 2017 and test > BASIC OPERATIONS? > > ReadOnlyDirectories=/etc > ReadOnlyDirectories=/usr > ReadOnlyDirectories=/var/lib > ReadWriteDirectories=/etc/trafficserver/internal > ReadWriteDirectories=/etc/trafficserver/snapshots > > [root@proxy:~]$ cat records.config | grep configuration > # Main threads configuration (worker threads). Also see configurations for # > # parent proxy configuration # > CONFIG proxy.config.disable_configuration_modification INT 1 > CONFIG proxy.config.cluster.cluster_configuration STRING cluster.config > > IT JUST DON'T WORK
