[VOTE] Release Apache Traffic Server 7.1.1 (RC1)

[Leif Hedstrom <zw...@apache.org>]

I've prepared a release for 7.1.1 (RC1), which is a bug fix release on the previous v7.1.0. The release notes for 7.1.1 is available at:

	https://github.com/apache/trafficserver/milestone/12?closed=1

or for a brief ChangeLog (attached below as well):

	https://github.com/apache/trafficserver/blob/7.1.x/CHANGELOG-7.1.1


This release of v7.1.1 is backwards compatible with all v7.x release, for some details as to what’s new in v.7.1.x see

	https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v7.1.x


Information about upgrading to this release from previous major versions is available at:

	https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v7.0


The artifacts are available for download at:

	http://people.apache.org/~zwoop/rel-candidates/


Checksums:

	MD5: a3a9f1a70cd9d11ad5a027275643cca1 *trafficserver-7.1.1-rc1.tar.bz2
	SHA512: 9d3d9af85f58015a1221c74e3034a16fad3f9f4b1d55ff0271561a065282847c8c46f9d0152c6b534ab25647acddaf232e9df6228ae609c41ea7ffa8d0a84a6d *trafficserver-7.1.1-rc1.tar.bz2


This corresponds to git refs:

	Hash: 6f6a04aae105291c774d0c4116597fdc7b345121
	Tag: 7.1.1-rc1


Which can be verified with the following command:

	$ git tag -v 7.1.1-rc1


All code signing keys are available here:

	https://dist.apache.org/repos/dist/dev/trafficserver/KEYS

Make sure you refresh from a key server to get all relevant signatures. This vote is open until EOB September 5th.

Cheers,

— Leif

Changes with Apache Traffic Server 7.1.1
  #1766 - Can't convert Cache Result to Cache MISS by TSHttpTxnCacheLookupStatusSet
  #1953 - Unit Tests for Issue #1605 AWS Signature Version 4
  #1980 - Issue #1685: Use TS_MILESTONE_UA_BEGIN for cqt* log fields
  #2123 - ua_buffer_reader should be released in deallocate_redirect_postdata
  #2217 - Be less aggressive in calling SSL_shutdown.
  #2273 - Fixed debug build on Fedora 26 with gcc7
  #2285 - Prevent HSTS headers from including the terminating null byte.
  #2298 - Fix origin requests to default to HTTP 1.1
  #2305 - Rework SSL handshake hooks and add tls_hooks tests.
  #2315 - For 7.1.x, H2 Assertsion at Http2DependencyTree::deactivate
  #2329 - Push triggered DNSConnections into an atomic queue to prevent DNSConnection lost.
  #2331 - cqtq,cqtn,cqtd,cqtt timestamp blog format to be INT again
  #2359 - Remove the correct entry from priority queue and insert the new node into the queue
  #2369 - Backport PR 2336 to 7.1.x - Add missing checks for request url
  #2370 - Backport PR 2338 to 7.1.x - Add null pointer check to server response set status in Lua plugin
  #2393 - Change from SHA1 to SHA512
  #2396 - Fedora 26 and gcc7 support for ATS 7.1.1
  #2401 - Prefer setting AM_CPPFLAGS vs. CPPFLAGS, etc.
  #2402 - Added more fallthrough comments for Fedora 26 and gcc7 for ICP
  #2413 - Correctly Handle EVENT_NONE in UnixNetVConnection::acceptEvent
  #2414 - Out-of-bounds while get port from host field
  #2443 - AWS auth v4: fixed query param value URI-encoding
  #2452 - Ticket file reload shouldn't kill traffic_server process
  #2453 - FD leaks when ep.start() failed or cancelled in acceptEvent or con.connect() failed
  #2457 - Cherry pick a set of Catch based commits to 7.1
  #2458 - Coverity: CID 1380042:Resource leaks  (RESOURCE_LEAK)
  #2459 - fixing memory leak when ATS serves stale records
  #2460 - S3_auth:uri(En|De)code() pass by ref,not val(master)

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

[David Calavera <da...@gmail.com>]

+1 to this release. It solves the problems we found with SNI plugins in the
7.1.0 version. We're actually running this in production since last week
and we haven't found any issue yet.

Cheers,
David

On Tue, Sep 5, 2017 at 10:43 AM, Steven R. Feltner <sf...@godaddy.com>
wrote:

> I have compiled and tested 7.1.1 on CentOS 7, including our custom
> plugins.  No issues seen in test or under load test.  I have not been able
> to get this onto a production box yet.
>
> Based on the testing I have done, I +1 this release.
>
> Thanks,
> Steven
>
>
> On 8/31/17, 6:07 PM, "Leif Hedstrom" <zw...@apache.org> wrote:
>
>     I've prepared a release for 7.1.1 (RC1), which is a bug fix release on
> the previous v7.1.0. The release notes for 7.1.1 is available at:
>
>         https://github.com/apache/trafficserver/milestone/12?closed=1
>
>     or for a brief ChangeLog (attached below as well):
>
>         https://github.com/apache/trafficserver/blob/7.1.x/CHANGELOG-7.1.1
>
>
>     This release of v7.1.1 is backwards compatible with all v7.x release,
> for some details as to what’s new in v.7.1.x see
>
>         https://cwiki.apache.org/confluence/display/TS/What%
> 27s+New+in+v7.1.x
>
>
>     Information about upgrading to this release from previous major
> versions is available at:
>
>         https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v7.0
>
>
>     The artifacts are available for download at:
>
>         http://people.apache.org/~zwoop/rel-candidates/
>
>
>     Checksums:
>
>         MD5: a3a9f1a70cd9d11ad5a027275643cca1
> *trafficserver-7.1.1-rc1.tar.bz2
>         SHA512: 9d3d9af85f58015a1221c74e3034a1
> 6fad3f9f4b1d55ff0271561a065282847c8c46f9d0152c6b534ab25647ac
> ddaf232e9df6228ae609c41ea7ffa8d0a84a6d *trafficserver-7.1.1-rc1.tar.bz2
>
>
>     This corresponds to git refs:
>
>         Hash: 6f6a04aae105291c774d0c4116597fdc7b345121
>         Tag: 7.1.1-rc1
>
>
>     Which can be verified with the following command:
>
>         $ git tag -v 7.1.1-rc1
>
>
>     All code signing keys are available here:
>
>         https://dist.apache.org/repos/dist/dev/trafficserver/KEYS
>
>     Make sure you refresh from a key server to get all relevant
> signatures. This vote is open until EOB September 5th.
>
>     Cheers,
>
>     — Leif
>
>     Changes with Apache Traffic Server 7.1.1
>       #1766 - Can't convert Cache Result to Cache MISS by
> TSHttpTxnCacheLookupStatusSet
>       #1953 - Unit Tests for Issue #1605 AWS Signature Version 4
>       #1980 - Issue #1685: Use TS_MILESTONE_UA_BEGIN for cqt* log fields
>       #2123 - ua_buffer_reader should be released in
> deallocate_redirect_postdata
>       #2217 - Be less aggressive in calling SSL_shutdown.
>       #2273 - Fixed debug build on Fedora 26 with gcc7
>       #2285 - Prevent HSTS headers from including the terminating null
> byte.
>       #2298 - Fix origin requests to default to HTTP 1.1
>       #2305 - Rework SSL handshake hooks and add tls_hooks tests.
>       #2315 - For 7.1.x, H2 Assertsion at Http2DependencyTree::deactivate
>       #2329 - Push triggered DNSConnections into an atomic queue to
> prevent DNSConnection lost.
>       #2331 - cqtq,cqtn,cqtd,cqtt timestamp blog format to be INT again
>       #2359 - Remove the correct entry from priority queue and insert the
> new node into the queue
>       #2369 - Backport PR 2336 to 7.1.x - Add missing checks for request
> url
>       #2370 - Backport PR 2338 to 7.1.x - Add null pointer check to server
> response set status in Lua plugin
>       #2393 - Change from SHA1 to SHA512
>       #2396 - Fedora 26 and gcc7 support for ATS 7.1.1
>       #2401 - Prefer setting AM_CPPFLAGS vs. CPPFLAGS, etc.
>       #2402 - Added more fallthrough comments for Fedora 26 and gcc7 for
> ICP
>       #2413 - Correctly Handle EVENT_NONE in UnixNetVConnection::
> acceptEvent
>       #2414 - Out-of-bounds while get port from host field
>       #2443 - AWS auth v4: fixed query param value URI-encoding
>       #2452 - Ticket file reload shouldn't kill traffic_server process
>       #2453 - FD leaks when ep.start() failed or cancelled in acceptEvent
> or con.connect() failed
>       #2457 - Cherry pick a set of Catch based commits to 7.1
>       #2458 - Coverity: CID 1380042:Resource leaks  (RESOURCE_LEAK)
>       #2459 - fixing memory leak when ATS serves stale records
>       #2460 - S3_auth:uri(En|De)code() pass by ref,not val(master)
>
>

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

[David Calavera <da...@gmail.com>]

+1 to this release. It solves the problems we found with SNI plugins in the
7.1.0 version. We're actually running this in production since last week
and we haven't found any issue yet.

Cheers,
David

On Tue, Sep 5, 2017 at 10:43 AM, Steven R. Feltner <sf...@godaddy.com>
wrote:

> I have compiled and tested 7.1.1 on CentOS 7, including our custom
> plugins.  No issues seen in test or under load test.  I have not been able
> to get this onto a production box yet.
>
> Based on the testing I have done, I +1 this release.
>
> Thanks,
> Steven
>
>
> On 8/31/17, 6:07 PM, "Leif Hedstrom" <zw...@apache.org> wrote:
>
>     I've prepared a release for 7.1.1 (RC1), which is a bug fix release on
> the previous v7.1.0. The release notes for 7.1.1 is available at:
>
>         https://github.com/apache/trafficserver/milestone/12?closed=1
>
>     or for a brief ChangeLog (attached below as well):
>
>         https://github.com/apache/trafficserver/blob/7.1.x/CHANGELOG-7.1.1
>
>
>     This release of v7.1.1 is backwards compatible with all v7.x release,
> for some details as to what’s new in v.7.1.x see
>
>         https://cwiki.apache.org/confluence/display/TS/What%
> 27s+New+in+v7.1.x
>
>
>     Information about upgrading to this release from previous major
> versions is available at:
>
>         https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v7.0
>
>
>     The artifacts are available for download at:
>
>         http://people.apache.org/~zwoop/rel-candidates/
>
>
>     Checksums:
>
>         MD5: a3a9f1a70cd9d11ad5a027275643cca1
> *trafficserver-7.1.1-rc1.tar.bz2
>         SHA512: 9d3d9af85f58015a1221c74e3034a1
> 6fad3f9f4b1d55ff0271561a065282847c8c46f9d0152c6b534ab25647ac
> ddaf232e9df6228ae609c41ea7ffa8d0a84a6d *trafficserver-7.1.1-rc1.tar.bz2
>
>
>     This corresponds to git refs:
>
>         Hash: 6f6a04aae105291c774d0c4116597fdc7b345121
>         Tag: 7.1.1-rc1
>
>
>     Which can be verified with the following command:
>
>         $ git tag -v 7.1.1-rc1
>
>
>     All code signing keys are available here:
>
>         https://dist.apache.org/repos/dist/dev/trafficserver/KEYS
>
>     Make sure you refresh from a key server to get all relevant
> signatures. This vote is open until EOB September 5th.
>
>     Cheers,
>
>     — Leif
>
>     Changes with Apache Traffic Server 7.1.1
>       #1766 - Can't convert Cache Result to Cache MISS by
> TSHttpTxnCacheLookupStatusSet
>       #1953 - Unit Tests for Issue #1605 AWS Signature Version 4
>       #1980 - Issue #1685: Use TS_MILESTONE_UA_BEGIN for cqt* log fields
>       #2123 - ua_buffer_reader should be released in
> deallocate_redirect_postdata
>       #2217 - Be less aggressive in calling SSL_shutdown.
>       #2273 - Fixed debug build on Fedora 26 with gcc7
>       #2285 - Prevent HSTS headers from including the terminating null
> byte.
>       #2298 - Fix origin requests to default to HTTP 1.1
>       #2305 - Rework SSL handshake hooks and add tls_hooks tests.
>       #2315 - For 7.1.x, H2 Assertsion at Http2DependencyTree::deactivate
>       #2329 - Push triggered DNSConnections into an atomic queue to
> prevent DNSConnection lost.
>       #2331 - cqtq,cqtn,cqtd,cqtt timestamp blog format to be INT again
>       #2359 - Remove the correct entry from priority queue and insert the
> new node into the queue
>       #2369 - Backport PR 2336 to 7.1.x - Add missing checks for request
> url
>       #2370 - Backport PR 2338 to 7.1.x - Add null pointer check to server
> response set status in Lua plugin
>       #2393 - Change from SHA1 to SHA512
>       #2396 - Fedora 26 and gcc7 support for ATS 7.1.1
>       #2401 - Prefer setting AM_CPPFLAGS vs. CPPFLAGS, etc.
>       #2402 - Added more fallthrough comments for Fedora 26 and gcc7 for
> ICP
>       #2413 - Correctly Handle EVENT_NONE in UnixNetVConnection::
> acceptEvent
>       #2414 - Out-of-bounds while get port from host field
>       #2443 - AWS auth v4: fixed query param value URI-encoding
>       #2452 - Ticket file reload shouldn't kill traffic_server process
>       #2453 - FD leaks when ep.start() failed or cancelled in acceptEvent
> or con.connect() failed
>       #2457 - Cherry pick a set of Catch based commits to 7.1
>       #2458 - Coverity: CID 1380042:Resource leaks  (RESOURCE_LEAK)
>       #2459 - fixing memory leak when ATS serves stale records
>       #2460 - S3_auth:uri(En|De)code() pass by ref,not val(master)
>
>

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

["Steven R. Feltner" <sf...@godaddy.com>]

I have compiled and tested 7.1.1 on CentOS 7, including our custom plugins.  No issues seen in test or under load test.  I have not been able to get this onto a production box yet.

Based on the testing I have done, I +1 this release.

Thanks,
Steven


On 8/31/17, 6:07 PM, "Leif Hedstrom" <zw...@apache.org> wrote:

    I've prepared a release for 7.1.1 (RC1), which is a bug fix release on the previous v7.1.0. The release notes for 7.1.1 is available at:
    
    	https://github.com/apache/trafficserver/milestone/12?closed=1
    
    or for a brief ChangeLog (attached below as well):
    
    	https://github.com/apache/trafficserver/blob/7.1.x/CHANGELOG-7.1.1
    
    
    This release of v7.1.1 is backwards compatible with all v7.x release, for some details as to what’s new in v.7.1.x see
    
    	https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v7.1.x
    
    
    Information about upgrading to this release from previous major versions is available at:
    
    	https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v7.0
    
    
    The artifacts are available for download at:
    
    	http://people.apache.org/~zwoop/rel-candidates/
    
    
    Checksums:
    
    	MD5: a3a9f1a70cd9d11ad5a027275643cca1 *trafficserver-7.1.1-rc1.tar.bz2
    	SHA512: 9d3d9af85f58015a1221c74e3034a16fad3f9f4b1d55ff0271561a065282847c8c46f9d0152c6b534ab25647acddaf232e9df6228ae609c41ea7ffa8d0a84a6d *trafficserver-7.1.1-rc1.tar.bz2
    
    
    This corresponds to git refs:
    
    	Hash: 6f6a04aae105291c774d0c4116597fdc7b345121
    	Tag: 7.1.1-rc1
    
    
    Which can be verified with the following command:
    
    	$ git tag -v 7.1.1-rc1
    
    
    All code signing keys are available here:
    
    	https://dist.apache.org/repos/dist/dev/trafficserver/KEYS
    
    Make sure you refresh from a key server to get all relevant signatures. This vote is open until EOB September 5th.
    
    Cheers,
    
    — Leif
    
    Changes with Apache Traffic Server 7.1.1
      #1766 - Can't convert Cache Result to Cache MISS by TSHttpTxnCacheLookupStatusSet
      #1953 - Unit Tests for Issue #1605 AWS Signature Version 4
      #1980 - Issue #1685: Use TS_MILESTONE_UA_BEGIN for cqt* log fields
      #2123 - ua_buffer_reader should be released in deallocate_redirect_postdata
      #2217 - Be less aggressive in calling SSL_shutdown.
      #2273 - Fixed debug build on Fedora 26 with gcc7
      #2285 - Prevent HSTS headers from including the terminating null byte.
      #2298 - Fix origin requests to default to HTTP 1.1
      #2305 - Rework SSL handshake hooks and add tls_hooks tests.
      #2315 - For 7.1.x, H2 Assertsion at Http2DependencyTree::deactivate
      #2329 - Push triggered DNSConnections into an atomic queue to prevent DNSConnection lost.
      #2331 - cqtq,cqtn,cqtd,cqtt timestamp blog format to be INT again
      #2359 - Remove the correct entry from priority queue and insert the new node into the queue
      #2369 - Backport PR 2336 to 7.1.x - Add missing checks for request url
      #2370 - Backport PR 2338 to 7.1.x - Add null pointer check to server response set status in Lua plugin
      #2393 - Change from SHA1 to SHA512
      #2396 - Fedora 26 and gcc7 support for ATS 7.1.1
      #2401 - Prefer setting AM_CPPFLAGS vs. CPPFLAGS, etc.
      #2402 - Added more fallthrough comments for Fedora 26 and gcc7 for ICP
      #2413 - Correctly Handle EVENT_NONE in UnixNetVConnection::acceptEvent
      #2414 - Out-of-bounds while get port from host field
      #2443 - AWS auth v4: fixed query param value URI-encoding
      #2452 - Ticket file reload shouldn't kill traffic_server process
      #2453 - FD leaks when ep.start() failed or cancelled in acceptEvent or con.connect() failed
      #2457 - Cherry pick a set of Catch based commits to 7.1
      #2458 - Coverity: CID 1380042:Resource leaks  (RESOURCE_LEAK)
      #2459 - fixing memory leak when ATS serves stale records
      #2460 - S3_auth:uri(En|De)code() pass by ref,not val(master)

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

[Leif Hedstrom <zw...@apache.org>]

> On Aug 31, 2017, at 4:07 PM, Leif Hedstrom <zw...@apache.org> wrote:
> 
> I've prepared a release for 7.1.1 (RC1), which is a bug fix release on the previous v7.1.0. The release notes for 7.1.1 is available at:
> 
> 	https://github.com/apache/trafficserver/milestone/12?closed=1
> 
> or for a brief ChangeLog (attached below as well):
> 
> 	https://github.com/apache/trafficserver/blob/7.1.x/CHANGELOG-7.1.1



I’m gonna vote early :-). We’ve been testing this release, and various previous 7.1.1 candidates for a while now, with no issues. Please help out testing this RC asap, so we can respin quickly if needed.

+1.

— Leif

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

["Steven R. Feltner" <sf...@godaddy.com>]

I have compiled and tested 7.1.1 on CentOS 7, including our custom plugins.  No issues seen in test or under load test.  I have not been able to get this onto a production box yet.

Based on the testing I have done, I +1 this release.

Thanks,
Steven


On 8/31/17, 6:07 PM, "Leif Hedstrom" <zw...@apache.org> wrote:

    I've prepared a release for 7.1.1 (RC1), which is a bug fix release on the previous v7.1.0. The release notes for 7.1.1 is available at:
    
    	https://github.com/apache/trafficserver/milestone/12?closed=1
    
    or for a brief ChangeLog (attached below as well):
    
    	https://github.com/apache/trafficserver/blob/7.1.x/CHANGELOG-7.1.1
    
    
    This release of v7.1.1 is backwards compatible with all v7.x release, for some details as to what’s new in v.7.1.x see
    
    	https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v7.1.x
    
    
    Information about upgrading to this release from previous major versions is available at:
    
    	https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v7.0
    
    
    The artifacts are available for download at:
    
    	http://people.apache.org/~zwoop/rel-candidates/
    
    
    Checksums:
    
    	MD5: a3a9f1a70cd9d11ad5a027275643cca1 *trafficserver-7.1.1-rc1.tar.bz2
    	SHA512: 9d3d9af85f58015a1221c74e3034a16fad3f9f4b1d55ff0271561a065282847c8c46f9d0152c6b534ab25647acddaf232e9df6228ae609c41ea7ffa8d0a84a6d *trafficserver-7.1.1-rc1.tar.bz2
    
    
    This corresponds to git refs:
    
    	Hash: 6f6a04aae105291c774d0c4116597fdc7b345121
    	Tag: 7.1.1-rc1
    
    
    Which can be verified with the following command:
    
    	$ git tag -v 7.1.1-rc1
    
    
    All code signing keys are available here:
    
    	https://dist.apache.org/repos/dist/dev/trafficserver/KEYS
    
    Make sure you refresh from a key server to get all relevant signatures. This vote is open until EOB September 5th.
    
    Cheers,
    
    — Leif
    
    Changes with Apache Traffic Server 7.1.1
      #1766 - Can't convert Cache Result to Cache MISS by TSHttpTxnCacheLookupStatusSet
      #1953 - Unit Tests for Issue #1605 AWS Signature Version 4
      #1980 - Issue #1685: Use TS_MILESTONE_UA_BEGIN for cqt* log fields
      #2123 - ua_buffer_reader should be released in deallocate_redirect_postdata
      #2217 - Be less aggressive in calling SSL_shutdown.
      #2273 - Fixed debug build on Fedora 26 with gcc7
      #2285 - Prevent HSTS headers from including the terminating null byte.
      #2298 - Fix origin requests to default to HTTP 1.1
      #2305 - Rework SSL handshake hooks and add tls_hooks tests.
      #2315 - For 7.1.x, H2 Assertsion at Http2DependencyTree::deactivate
      #2329 - Push triggered DNSConnections into an atomic queue to prevent DNSConnection lost.
      #2331 - cqtq,cqtn,cqtd,cqtt timestamp blog format to be INT again
      #2359 - Remove the correct entry from priority queue and insert the new node into the queue
      #2369 - Backport PR 2336 to 7.1.x - Add missing checks for request url
      #2370 - Backport PR 2338 to 7.1.x - Add null pointer check to server response set status in Lua plugin
      #2393 - Change from SHA1 to SHA512
      #2396 - Fedora 26 and gcc7 support for ATS 7.1.1
      #2401 - Prefer setting AM_CPPFLAGS vs. CPPFLAGS, etc.
      #2402 - Added more fallthrough comments for Fedora 26 and gcc7 for ICP
      #2413 - Correctly Handle EVENT_NONE in UnixNetVConnection::acceptEvent
      #2414 - Out-of-bounds while get port from host field
      #2443 - AWS auth v4: fixed query param value URI-encoding
      #2452 - Ticket file reload shouldn't kill traffic_server process
      #2453 - FD leaks when ep.start() failed or cancelled in acceptEvent or con.connect() failed
      #2457 - Cherry pick a set of Catch based commits to 7.1
      #2458 - Coverity: CID 1380042:Resource leaks  (RESOURCE_LEAK)
      #2459 - fixing memory leak when ATS serves stale records
      #2460 - S3_auth:uri(En|De)code() pass by ref,not val(master)

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

[Leif Hedstrom <zw...@apache.org>]

> On Sep 5, 2017, at 12:32 PM, Bryan Call <bc...@apache.org> wrote:
> 
> +1 - Passed signatures check, regression tests, and I have been running it in production since 8/31 without any issues.
> 


I’m going to call this, with 4+1 votes (3 binding) and no -1’s. I’m pushing to the dist servers tonight, and will make the announcement tomorrow.

Cheers,

— Leif

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

[Leif Hedstrom <zw...@apache.org>]

> On Sep 5, 2017, at 12:32 PM, Bryan Call <bc...@apache.org> wrote:
> 
> +1 - Passed signatures check, regression tests, and I have been running it in production since 8/31 without any issues.
> 


I’m going to call this, with 4+1 votes (3 binding) and no -1’s. I’m pushing to the dist servers tonight, and will make the announcement tomorrow.

Cheers,

— Leif

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

[Bryan Call <bc...@apache.org>]

+1 - Passed signatures check, regression tests, and I have been running it in production since 8/31 without any issues.

-Bryan

> On Aug 31, 2017, at 3:07 PM, Leif Hedstrom <zw...@apache.org> wrote:
> 
> I've prepared a release for 7.1.1 (RC1), which is a bug fix release on the previous v7.1.0. The release notes for 7.1.1 is available at:
> 
> 	https://github.com/apache/trafficserver/milestone/12?closed=1
> 
> or for a brief ChangeLog (attached below as well):
> 
> 	https://github.com/apache/trafficserver/blob/7.1.x/CHANGELOG-7.1.1
> 
> 
> This release of v7.1.1 is backwards compatible with all v7.x release, for some details as to what’s new in v.7.1.x see
> 
> 	https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v7.1.x
> 
> 
> Information about upgrading to this release from previous major versions is available at:
> 
> 	https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v7.0
> 
> 
> The artifacts are available for download at:
> 
> 	http://people.apache.org/~zwoop/rel-candidates/
> 
> 
> Checksums:
> 
> 	MD5: a3a9f1a70cd9d11ad5a027275643cca1 *trafficserver-7.1.1-rc1.tar.bz2
> 	SHA512: 9d3d9af85f58015a1221c74e3034a16fad3f9f4b1d55ff0271561a065282847c8c46f9d0152c6b534ab25647acddaf232e9df6228ae609c41ea7ffa8d0a84a6d *trafficserver-7.1.1-rc1.tar.bz2
> 
> 
> This corresponds to git refs:
> 
> 	Hash: 6f6a04aae105291c774d0c4116597fdc7b345121
> 	Tag: 7.1.1-rc1
> 
> 
> Which can be verified with the following command:
> 
> 	$ git tag -v 7.1.1-rc1
> 
> 
> All code signing keys are available here:
> 
> 	https://dist.apache.org/repos/dist/dev/trafficserver/KEYS
> 
> Make sure you refresh from a key server to get all relevant signatures. This vote is open until EOB September 5th.
> 
> Cheers,
> 
> — Leif
> 
> Changes with Apache Traffic Server 7.1.1
>  #1766 - Can't convert Cache Result to Cache MISS by TSHttpTxnCacheLookupStatusSet
>  #1953 - Unit Tests for Issue #1605 AWS Signature Version 4
>  #1980 - Issue #1685: Use TS_MILESTONE_UA_BEGIN for cqt* log fields
>  #2123 - ua_buffer_reader should be released in deallocate_redirect_postdata
>  #2217 - Be less aggressive in calling SSL_shutdown.
>  #2273 - Fixed debug build on Fedora 26 with gcc7
>  #2285 - Prevent HSTS headers from including the terminating null byte.
>  #2298 - Fix origin requests to default to HTTP 1.1
>  #2305 - Rework SSL handshake hooks and add tls_hooks tests.
>  #2315 - For 7.1.x, H2 Assertsion at Http2DependencyTree::deactivate
>  #2329 - Push triggered DNSConnections into an atomic queue to prevent DNSConnection lost.
>  #2331 - cqtq,cqtn,cqtd,cqtt timestamp blog format to be INT again
>  #2359 - Remove the correct entry from priority queue and insert the new node into the queue
>  #2369 - Backport PR 2336 to 7.1.x - Add missing checks for request url
>  #2370 - Backport PR 2338 to 7.1.x - Add null pointer check to server response set status in Lua plugin
>  #2393 - Change from SHA1 to SHA512
>  #2396 - Fedora 26 and gcc7 support for ATS 7.1.1
>  #2401 - Prefer setting AM_CPPFLAGS vs. CPPFLAGS, etc.
>  #2402 - Added more fallthrough comments for Fedora 26 and gcc7 for ICP
>  #2413 - Correctly Handle EVENT_NONE in UnixNetVConnection::acceptEvent
>  #2414 - Out-of-bounds while get port from host field
>  #2443 - AWS auth v4: fixed query param value URI-encoding
>  #2452 - Ticket file reload shouldn't kill traffic_server process
>  #2453 - FD leaks when ep.start() failed or cancelled in acceptEvent or con.connect() failed
>  #2457 - Cherry pick a set of Catch based commits to 7.1
>  #2458 - Coverity: CID 1380042:Resource leaks  (RESOURCE_LEAK)
>  #2459 - fixing memory leak when ATS serves stale records
>  #2460 - S3_auth:uri(En|De)code() pass by ref,not val(master)

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

[Reindl Harald <h....@thelounge.net>]

Am 02.09.2017 um 05:08 schrieb Reindl Harald:
> 
> 
> Am 02.09.2017 um 04:51 schrieb Miles Libbey:
>> On Fri, Sep 1, 2017 at 6:40 PM, Reindl Harald <h....@thelounge.net> 
>> wrote:
>>>
>>>
>>> Am 01.09.2017 um 22:43 schrieb Alan Carroll:
>>>>
>>>> Is that addressed by
>>>> https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification 
>>>>
>>>
>>>
>>> sounds good - when is 8.0 planned to be released?
>>
>> It's also available in 7.  We do a terrible job of having the
>> documentation match the actual version (eg why we default to a version
>> that won't be released for quite some time is beyond me,
> 
> frankly that DOES NOT WORK or how do you explain the logs at startup i 
> posted which are from 7.1.0

that bullshit still happens with 7.1.1

[root@proxy:~]$ cat records.config | grep disable
CONFIG proxy.config.disable_configuration_modification INT 1
[root@proxy:~]$

[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE: 
[Rollback::openFile] Open of hosting.config failed: Permission denied
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE: 
[Rollback::Rollback] Config file is read-only : hosting.config
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE: 
[Rollback::openFile] Open of congestion.config failed: Read-only file system
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE: 
[Rollback::internalUpdate] Unable to create new version of 
congestion.config : Read-only file system
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE: 
[Rollback::Rollback] Automatic Roll of Version 1 failed: congestion.config
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE: 
[Rollback::openFile] Open of congestion.config failed: Permission denied
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE: 
[Rollback::Rollback] Config file is read-only : congestion.config
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE: 
[Rollback::openFile] Open of plugin.config failed: Read-only file system
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE: 
[Rollback::internalUpdate] Unable to create new version of plugin.config 
: Read-only file system
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE: 
[Rollback::Rollback] Automatic Roll of Version 1 failed: plugin.config
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE: 
[Rollback::openFile] Open of plugin.config failed: Permission denied
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE: 
[Rollback::Rollback] Config file is read-only : plugin.config
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE: 
[Rollback::openFile] Open of splitdns.config failed: Read-only file system
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE: 
[Rollback::internalUpdate] Unable to create new version of 
splitdns.config : Read-only file system
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE: 
[Rollback::Rollback] Automatic Roll of Version 1 failed: splitdns.config
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE: 
[Rollback::openFile] Open of splitdns.config failed: Permission denied
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE: 
[Rollback::Rollback] Config file is read-only : splitdns.config
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE: 
[Rollback::openFile] Open of ssl_multicert.config failed: Read-only file 
system
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE: 
[Rollback::internalUpdate] Unable to create new version of 
ssl_multicert.config : Read-only file system
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE: 
[Rollback::Rollback] Automatic Roll of Version 1 failed: 
ssl_multicert.config
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE: 
[Rollback::openFile] Open of ssl_multicert.config failed: Permission denied
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE: 
[Rollback::Rollback] Config file is read-only : ssl_multicert.config
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE: 
[Rollback::openFile] Open of metrics.config failed: Read-only file system
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE: 
[Rollback::internalUpdate] Unable to create new version of 
metrics.config : Read-only file system
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE: 
[Rollback::Rollback] Automatic Roll of Version 1 failed: metrics.config
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE: 
[Rollback::openFile] Open of metrics.config failed: Permission denied
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE: 
[Rollback::Rollback] Config file is read-only : metrics.config
[Sep  8 00:37:57.279] Manager {0x7fc666e4c940} NOTE: 
[Rollback::openFile] Open of cluster.config failed: Read-only file system
[Sep  8 00:37:57.279] Manager {0x7fc666e4c940} NOTE: 
[Rollback::internalUpdate] Unable to create new version of 
cluster.config : Read-only file system
[Sep  8 00:37:57.279] Manager {0x7fc666e4c940} NOTE: 
[Rollback::Rollback] Automatic Roll of Version 1 failed: cluster.config
[Sep  8 00:37:57.279] Manager {0x7fc666e4c940} NOTE: 
[Rollback::openFile] Open of cluster.config failed: Permission denied
[Sep  8 00:37:57.279] Manager {0x7fc666e4c940} NOTE: 
[Rollback::Rollback] Config file is read-only : cluster.config
[Sep  8 00:37:57.279] Manager {0x7fc666e4c940} NOTE: 
[ClusterCom::ClusterCom] Node running on OS: 'Linux' Release: 
'4.12.8-200.fc25.x86_64'
[Sep  8 00:37:57.279] Manager {0x7fc666e4c940} NOTE: 
[LocalManager::listenForProxy] Listening on port: 80 (ipv4)
[Sep  8 00:37:57.279] Manager {0x7fc666e4c940} NOTE: 
[LocalManager::listenForProxy] Listening on port: 443 (ipv4)
[Sep  8 00:37:57.279] Manager {0x7fc666e4c940} NOTE: [TrafficManager] 
Setup complete
[Sep  8 00:37:58.280] Manager {0x7fc666e4c940} NOTE: [ProxyStateSet] 
Traffic Server Args: '--bind_stdout /var/log/trafficserver/traffic.out 
--bind_stderr /var/log/trafficserver/traffic.out -M'
[Sep  8 00:37:58.280] Manager {0x7fc666e4c940} NOTE: 
[LocalManager::listenForProxy] Listening on port: 80 (ipv4)
[Sep  8 00:37:58.280] Manager {0x7fc666e4c940} NOTE: 
[LocalManager::listenForProxy] Listening on port: 443 (ipv4)
[Sep  8 00:37:58.280] Manager {0x7fc666e4c940} NOTE: 
[LocalManager::startProxy] Launching ts process
[Sep  8 00:37:58.288] Manager {0x7fc666e4c940} NOTE: 
[LocalManager::pollMgmtProcessServer] New process connecting fd '15'
[Sep  8 00:37:58.288] Manager {0x7fc666e4c940} NOTE: 
[Alarms::signalAlarm] Server Process born


> 

-- 

Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
CTO / CISO / Software-Development
m: +43 676 40 221 40
p: +43 1 595 3999 33
http://www.thelounge.net/

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

[Reindl Harald <h....@thelounge.net>]

Am 02.09.2017 um 04:51 schrieb Miles Libbey:
> On Fri, Sep 1, 2017 at 6:40 PM, Reindl Harald <h....@thelounge.net> wrote:
>>
>>
>> Am 01.09.2017 um 22:43 schrieb Alan Carroll:
>>>
>>> Is that addressed by
>>> https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification
>>
>>
>> sounds good - when is 8.0 planned to be released?
> 
> It's also available in 7.  We do a terrible job of having the
> documentation match the actual version (eg why we default to a version
> that won't be released for quite some time is beyond me,

frankly that DOES NOT WORK or how do you explain the logs at startup i 
posted which are from 7.1.0

[root@proxy:~]$ cat records.config | grep modification
CONFIG proxy.config.disable_configuration_modification INT 1

>> that you currently need a hard restart for config changes is a pain and will
>> be much more pain when you have to use letsencrypt with it's frequent
>> certificate updates in the next month after Chrome is starting to warn about
>> any site containing a from-tag without TLS
> 
> They don't. Remap, SSL cert, and parents just need reloads, not
> restarts. Many record config values are also reloads

just look at the archive - as i complained the last time ATS even logged 
that it REFUSES TO REALOAD because /etc is read-only and i really get 
tired of that broken stuff after so many years

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

[Reindl Harald <h....@thelounge.net>]

https://github.com/apache/trafficserver/issues/2505

[root@proxy:/var/log/trafficserver]$ nano 
/etc/trafficserver/ssl_multicert.config
[root@proxy:/var/log/trafficserver]$ cat *
[root@proxy:/var/log/trafficserver]$ systemctl reload trafficserver.service
[root@proxy:/var/log/trafficserver]$ cat *
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: 
[Rollback::openFile] Open of ssl_multicert.config failed: Read-only file 
system
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: 
[Rollback::internalUpdate] Unable to create new version of 
ssl_multicert.config : Read-only file system
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: 
[Rollback::checkForUserUpdate] Failed to roll changed user file 
ssl_multicert.config: System Call Error
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: User has changed 
config file ssl_multicert.config
[root@proxy:/var/log/trafficserver]$

FUCK IT

Am 12.09.2017 um 17:45 schrieb Reindl Harald:
> Am 02.09.2017 um 04:51 schrieb Miles Libbey:
>> On Fri, Sep 1, 2017 at 6:40 PM, Reindl Harald <h....@thelounge.net> 
>> wrote:
>>>
>>>
>>> Am 01.09.2017 um 22:43 schrieb Alan Carroll:
>>>>
>>>> Is that addressed by
>>>> https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification 
>>>>
>>>
>>> sounds good - when is 8.0 planned to be released?
>>
>> It's also available in 7.  We do a terrible job of having the
>> documentation match the actual version (eg why we default to a version
>> that won't be released for quite some time is beyond me,
> 
> IT DON'T WORK
> 
>>> that you currently need a hard restart for config changes is a pain 
>>> and will
>>> be much more pain when you have to use letsencrypt with it's frequent
>>> certificate updates in the next month after Chrome is starting to 
>>> warn about
>>> any site containing a from-tag without TLS
>>
>> They don't. Remap, SSL cert, and parents just need reloads, not
>> restarts. Many record config values are also reloads
> 
> IT DON'T RELOAD because of readonly /etc
> 
> "/usr/bin/traffic_ctl config reload" don't do anything beause of this 
> "[Rollback::Rollback] Config file is read-only : ssl_multicert.config" 
> bullshit and i am currently working to implement letsencrypt for 
> hundrets of domains which means that at every point in time certificates 
> can be changed and a reload is needed and HARD RESTART IS A NO-GO
> 
> why in the world is that broken-by-design not fixed after 5 years of 
> complaining or at least a option called 
> "proxy.config.disable_configuration_modification" not tested at all?
> 
> is it really that hard to create a basic systemd unit and set the OS to 
> redonly which should be the case for every network service in 2017 and 
> test BASIC OPERATIONS?
> 
> ReadOnlyDirectories=/etc
> ReadOnlyDirectories=/usr
> ReadOnlyDirectories=/var/lib
> ReadWriteDirectories=/etc/trafficserver/internal
> ReadWriteDirectories=/etc/trafficserver/snapshots
> 
> [root@proxy:~]$ cat records.config | grep configuration
> # Main threads configuration (worker threads). Also see configurations 
> for   #
> # parent proxy configuration     #
> CONFIG proxy.config.disable_configuration_modification INT 1
> CONFIG proxy.config.cluster.cluster_configuration STRING cluster.config
> 
> IT JUST DON'T WORK

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

[Reindl Harald <h....@thelounge.net>]

Am 14.09.2017 um 00:38 schrieb Leif Hedstrom:
>> On Sep 12, 2017, at 2:41 PM, Reindl Harald <h....@thelounge.net> wrote:
>>> Am 12.09.2017 um 22:31 schrieb Bryan Call:
>>> proxy.config.disable_configuration_modification was a feature that was requested and the group didn’t use it.
>>> We are planning on having the configuration to be read-only for ATS 8.
>>
>> frankly ATS 8 is way too late after years of complaining when you need to have Letsencrypt enabled in a few weeks because Google Chrome will warn on every page with a from tag and no SSL
>>
>> it's just UNACCEPTABLE that you have to HARD RESTART Trafficserver for every remamp/ssl change, it was UNACCEPTABLE the last years too but now it's becoming a joke
>>
>> where is the rocket science just read the fucking config file and shut up like every other software on this plant is able to do?
> 
> You need to stop whining like a spoiled brat! There are / were several reasons why this was done, e.g. it's a requirement for the cluster config to work. Clustering is dead now, and gives us a way to remove this code and behavior for 8.0

it's not about "remove a feature" - it's just about a sinlg line of code 
detecting "oh, /etc" is readonly and jst disbale all of that stuff 
implicit instead break left and right and spit some pages of errors for 
each and every config file

frankly, if ATS would have  been written in PHP (yes, i know wrong 
programming language) it would have taken 5 minutes if at all to make 
that conditional without any configuration 5 years ago

it's not about whinign - it's about a broken design which could have 
been fixed years ago with *zero amount of work*

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

[Reindl Harald <h....@thelounge.net>]

Am 14.09.2017 um 03:14 schrieb Igor Cicimov:
> ​​Hallelujah! I'm not the only one finding this guy annoying! If I was 
> head of this project he would had been off the mailing list long time 
> ago.​ Using language like this about people that gave him a great tool 
> to use for FREE is just unacceptable.

i would even pay to get such major bugs fixed in a shorter timeframe 
than a decade

> I have ATS compiled and installed from source and have 
> /etc/trafficserver symlinked to /usr/local/etc/trafficserver and have 
> never seen the issue he's talking about.

what the hell has this to do with "ReadOnlyDirectories=/etc" besides 
that i then would have to set "ReadOnlyDirectories=/usr/local/etc" too?

no software has any bussiness even try to write in /etc, but even if it 
tries and fails it's no justification to refuse *read* from there 
without a hard restart

> There are million ways and at 
> least half a dozen of tools that can help workaround and automate any 
> issue you can think of. And if you are still complaining about something 
> trivial like that for 5 years than really you should quit your job and 

no there is no single way that ATS realods it's config when the config 
folder is readonly and it's only insane to detect "
User has changed config file ssl_multicert.config" but refuse to *read* 
the file becuase you can't write to it

[root@proxy:/var/log/trafficserver]$ cat *
[root@proxy:/var/log/trafficserver]$ touch 
/etc/trafficserver/ssl_multicert.config
[root@proxy:/var/log/trafficserver]$ /usr/bin/traffic_ctl config reload
[root@proxy:/var/log/trafficserver]$ cat *
[Sep 14 11:16:28.625] Manager {0x7f8d3efea700} NOTE: 
[Rollback::openFile] Open of ssl_multicert.config failed: Read-only file 
system
[Sep 14 11:16:28.625] Manager {0x7f8d3efea700} NOTE: 
[Rollback::internalUpdate] Unable to create new version of 
ssl_multicert.config : Read-only file system
[Sep 14 11:16:28.625] Manager {0x7f8d3efea700} NOTE: 
[Alarms::signalAlarm] Skipping Alarm: '[TrafficManager] Configuration 
File Update Failed: Read-only file system'
[Sep 14 11:16:28.625] Manager {0x7f8d3efea700} NOTE: 
[Rollback::checkForUserUpdate] Failed to roll changed user file 
ssl_multicert.config: System Call Error
[Sep 14 11:16:28.625] Manager {0x7f8d3efea700} NOTE: User has changed 
config file ssl_multicert.config

> I guess that's what you get when you put PHP (haha PHP, now that's a 
> real "joke") enthusiast doing a sysadmin job. You clearly explained the 
> reason why was this not possible till now but he's still not getting it :-/

i keep the i-word for myself....

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

[Igor Cicimov <ig...@encompasscorporation.com>]

On Thu, Sep 14, 2017 at 8:38 AM, Leif Hedstrom <zw...@apache.org> wrote:

>
>
> > On Sep 12, 2017, at 2:41 PM, Reindl Harald <h....@thelounge.net>
> wrote:
> >
> >
> >
> >> Am 12.09.2017 um 22:31 schrieb Bryan Call:
> >> proxy.config.disable_configuration_modification was a feature that was
> requested and the group didn’t use it.
> >> We are planning on having the configuration to be read-only for ATS 8.
> >
> > frankly ATS 8 is way too late after years of complaining when you need
> to have Letsencrypt enabled in a few weeks because Google Chrome will warn
> on every page with a from tag and no SSL
> >
> > it's just UNACCEPTABLE that you have to HARD RESTART Trafficserver for
> every remamp/ssl change, it was UNACCEPTABLE the last years too but now
> it's becoming a joke
> >
> > where is the rocket science just read the fucking config file and shut
> up like every other software on this plant is able to do?
>
> You need to stop whining like a spoiled brat! There are / were several
> reasons why this was done, e.g. it's a requirement for the cluster config
> to work. Clustering is dead now, and gives us a way to remove this code and
> behavior for 8.0.
>
> That much said, as much complaining as you have done on this subject, the
> amount of code contributions from you or anyone else that has a problem
> with this feature is exactly zero. Which open source projects lets you
> dictate others to do your work for you? We all have our priorities as
> (usually) dictated by the respective companies paying our salaries.
>
> Sincerely,
>
> -- Leif (not speaking on behalf of anyone other than myself)
>
> >
> > [root@proxy:/var/log/trafficserver]$ nano /etc/trafficserver/ssl_
> multicert.config
> > [root@proxy:/var/log/trafficserver]$ cat *
> > [root@proxy:/var/log/trafficserver]$ systemctl reload
> trafficserver.service
> > [root@proxy:/var/log/trafficserver]$ cat *
> > [Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE:
> [Rollback::openFile] Open of ssl_multicert.config failed: Read-only file
> system
> > [Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE:
> [Rollback::internalUpdate] Unable to create new version of
> ssl_multicert.config : Read-only file system
> > [Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE:
> [Rollback::checkForUserUpdate] Failed to roll changed user file
> ssl_multicert.config: System Call Error
> > [Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: User has changed
> config file ssl_multicert.config
> > [root@proxy:/var/log/trafficserver]$
> >
> >>> On Sep 12, 2017, at 8:45 AM, Reindl Harald <h....@thelounge.net>
> wrote:
> >>>
> >>>
> >>>
> >>>> Am 02.09.2017 um 04:51 schrieb Miles Libbey:
> >>>>> On Fri, Sep 1, 2017 at 6:40 PM, Reindl Harald <
> h.reindl@thelounge.net> wrote:
> >>>>>
> >>>>>
> >>>>>> Am 01.09.2017 um 22:43 schrieb Alan Carroll:
> >>>>>>
> >>>>>> Is that addressed by
> >>>>>> https://docs.trafficserver.apache.org/en/latest/admin-
> guide/files/records.config.en.html?highlight=records%
> 20config#proxy-config-disable-configuration-modification
> >>>>>
> >>>>> sounds good - when is 8.0 planned to be released?
> >>>> It's also available in 7.  We do a terrible job of having the
> >>>> documentation match the actual version (eg why we default to a version
> >>>> that won't be released for quite some time is beyond me,
> >>>
> >>> IT DON'T WORK
> >>>
> >>>>> that you currently need a hard restart for config changes is a pain
> and will
> >>>>> be much more pain when you have to use letsencrypt with it's frequent
> >>>>> certificate updates in the next month after Chrome is starting to
> warn about
> >>>>> any site containing a from-tag without TLS
> >>>> They don't. Remap, SSL cert, and parents just need reloads, not
> >>>> restarts. Many record config values are also reloads
> >>>
> >>> IT DON'T RELOAD because of readonly /etc
> >>>
> >>> "/usr/bin/traffic_ctl config reload" don't do anything beause of this
> "[Rollback::Rollback] Config file is read-only : ssl_multicert.config"
> bullshit and i am currently working to implement letsencrypt for hundrets
> of domains which means that at every point in time certificates can be
> changed and a reload is needed and HARD RESTART IS A NO-GO
> >>>
> >>> why in the world is that broken-by-design not fixed after 5 years of
> complaining or at least a option called "proxy.config.disable_configuration_modification"
> not tested at all?
> >>>
> >>> is it really that hard to create a basic systemd unit and set the OS
> to redonly which should be the case for every network service in 2017 and
> test BASIC OPERATIONS?
> >>>
> >>> ReadOnlyDirectories=/etc
> >>> ReadOnlyDirectories=/usr
> >>> ReadOnlyDirectories=/var/lib
> >>> ReadWriteDirectories=/etc/trafficserver/internal
> >>> ReadWriteDirectories=/etc/trafficserver/snapshots
> >>>
> >>> [root@proxy:~]$ cat records.config | grep configuration
> >>> # Main threads configuration (worker threads). Also see configurations
> for   #
> >>> # parent proxy configuration     #
> >>> CONFIG proxy.config.disable_configuration_modification INT 1
> >>> CONFIG proxy.config.cluster.cluster_configuration STRING
> cluster.config
> >>>
> >>> IT JUST DON'T WORK
>
>
​​Hallelujah! I'm not the only one finding this guy annoying! If I was head
of this project he would had been off the mailing list long time ago.​
Using language like this about people that gave him a great tool to use for
FREE is just unacceptable.

I have ATS compiled and installed from source and have /etc/trafficserver
symlinked to /usr/local/etc/trafficserver and have never seen the issue
he's talking about. There are million ways and at least half a dozen of
tools that can help workaround and automate any issue you can think of. And
if you are still complaining about something trivial like that for 5 years
than really you should quit your job and start doing something else.

I guess that's what you get when you put PHP (haha PHP, now that's a real
"joke") enthusiast doing a sysadmin job. You clearly explained the reason
why was this not possible till now but he's still not getting it :-/

So thanks to everyone involved in this project, keep the good work and
please ignore comments from people that have no talent or creativity to do
anything else but complaining.


​Regards,​
-- 
Igor Cicimov | DevOps


p. +61 (0) 433 078 728
e. igorc@encompasscorporation.com <http://encompasscorporation.com/>
w*.* www.encompasscorporation.com
a. Level 4, 65 York Street, Sydney 2000

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

[Leif Hedstrom <zw...@apache.org>]

> On Sep 12, 2017, at 2:41 PM, Reindl Harald <h....@thelounge.net> wrote:
> 
> 
> 
>> Am 12.09.2017 um 22:31 schrieb Bryan Call:
>> proxy.config.disable_configuration_modification was a feature that was requested and the group didn’t use it.
>> We are planning on having the configuration to be read-only for ATS 8.
> 
> frankly ATS 8 is way too late after years of complaining when you need to have Letsencrypt enabled in a few weeks because Google Chrome will warn on every page with a from tag and no SSL
> 
> it's just UNACCEPTABLE that you have to HARD RESTART Trafficserver for every remamp/ssl change, it was UNACCEPTABLE the last years too but now it's becoming a joke
> 
> where is the rocket science just read the fucking config file and shut up like every other software on this plant is able to do?

You need to stop whining like a spoiled brat! There are / were several reasons why this was done, e.g. it's a requirement for the cluster config to work. Clustering is dead now, and gives us a way to remove this code and behavior for 8.0.

That much said, as much complaining as you have done on this subject, the amount of code contributions from you or anyone else that has a problem with this feature is exactly zero. Which open source projects lets you dictate others to do your work for you? We all have our priorities as (usually) dictated by the respective companies paying our salaries.

Sincerely,

-- Leif (not speaking on behalf of anyone other than myself)

> 
> [root@proxy:/var/log/trafficserver]$ nano /etc/trafficserver/ssl_multicert.config
> [root@proxy:/var/log/trafficserver]$ cat *
> [root@proxy:/var/log/trafficserver]$ systemctl reload trafficserver.service
> [root@proxy:/var/log/trafficserver]$ cat *
> [Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: [Rollback::openFile] Open of ssl_multicert.config failed: Read-only file system
> [Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: [Rollback::internalUpdate] Unable to create new version of ssl_multicert.config : Read-only file system
> [Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: [Rollback::checkForUserUpdate] Failed to roll changed user file ssl_multicert.config: System Call Error
> [Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: User has changed config file ssl_multicert.config
> [root@proxy:/var/log/trafficserver]$
> 
>>> On Sep 12, 2017, at 8:45 AM, Reindl Harald <h....@thelounge.net> wrote:
>>> 
>>> 
>>> 
>>>> Am 02.09.2017 um 04:51 schrieb Miles Libbey:
>>>>> On Fri, Sep 1, 2017 at 6:40 PM, Reindl Harald <h....@thelounge.net> wrote:
>>>>> 
>>>>> 
>>>>>> Am 01.09.2017 um 22:43 schrieb Alan Carroll:
>>>>>> 
>>>>>> Is that addressed by
>>>>>> https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification
>>>>> 
>>>>> sounds good - when is 8.0 planned to be released?
>>>> It's also available in 7.  We do a terrible job of having the
>>>> documentation match the actual version (eg why we default to a version
>>>> that won't be released for quite some time is beyond me,
>>> 
>>> IT DON'T WORK
>>> 
>>>>> that you currently need a hard restart for config changes is a pain and will
>>>>> be much more pain when you have to use letsencrypt with it's frequent
>>>>> certificate updates in the next month after Chrome is starting to warn about
>>>>> any site containing a from-tag without TLS
>>>> They don't. Remap, SSL cert, and parents just need reloads, not
>>>> restarts. Many record config values are also reloads
>>> 
>>> IT DON'T RELOAD because of readonly /etc
>>> 
>>> "/usr/bin/traffic_ctl config reload" don't do anything beause of this "[Rollback::Rollback] Config file is read-only : ssl_multicert.config" bullshit and i am currently working to implement letsencrypt for hundrets of domains which means that at every point in time certificates can be changed and a reload is needed and HARD RESTART IS A NO-GO
>>> 
>>> why in the world is that broken-by-design not fixed after 5 years of complaining or at least a option called "proxy.config.disable_configuration_modification" not tested at all?
>>> 
>>> is it really that hard to create a basic systemd unit and set the OS to redonly which should be the case for every network service in 2017 and test BASIC OPERATIONS?
>>> 
>>> ReadOnlyDirectories=/etc
>>> ReadOnlyDirectories=/usr
>>> ReadOnlyDirectories=/var/lib
>>> ReadWriteDirectories=/etc/trafficserver/internal
>>> ReadWriteDirectories=/etc/trafficserver/snapshots
>>> 
>>> [root@proxy:~]$ cat records.config | grep configuration
>>> # Main threads configuration (worker threads). Also see configurations for   #
>>> # parent proxy configuration     #
>>> CONFIG proxy.config.disable_configuration_modification INT 1
>>> CONFIG proxy.config.cluster.cluster_configuration STRING cluster.config
>>> 
>>> IT JUST DON'T WORK

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

[Reindl Harald <h....@thelounge.net>]

Am 12.09.2017 um 22:31 schrieb Bryan Call:
> proxy.config.disable_configuration_modification was a feature that was requested and the group didn’t use it.
> 
> We are planning on having the configuration to be read-only for ATS 8.

frankly ATS 8 is way too late after years of complaining when you need 
to have Letsencrypt enabled in a few weeks because Google Chrome will 
warn on every page with a from tag and no SSL

it's just UNACCEPTABLE that you have to HARD RESTART Trafficserver for 
every remamp/ssl change, it was UNACCEPTABLE the last years too but now 
it's becoming a joke

where is the rocket science just read the fucking config file and shut 
up like every other software on this plant is able to do?

[root@proxy:/var/log/trafficserver]$ nano 
/etc/trafficserver/ssl_multicert.config
[root@proxy:/var/log/trafficserver]$ cat *
[root@proxy:/var/log/trafficserver]$ systemctl reload trafficserver.service
[root@proxy:/var/log/trafficserver]$ cat *
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: 
[Rollback::openFile] Open of ssl_multicert.config failed: Read-only file 
system
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: 
[Rollback::internalUpdate] Unable to create new version of 
ssl_multicert.config : Read-only file system
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: 
[Rollback::checkForUserUpdate] Failed to roll changed user file 
ssl_multicert.config: System Call Error
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: User has changed 
config file ssl_multicert.config
[root@proxy:/var/log/trafficserver]$

>> On Sep 12, 2017, at 8:45 AM, Reindl Harald <h....@thelounge.net> wrote:
>>
>>
>>
>> Am 02.09.2017 um 04:51 schrieb Miles Libbey:
>>> On Fri, Sep 1, 2017 at 6:40 PM, Reindl Harald <h....@thelounge.net> wrote:
>>>>
>>>>
>>>> Am 01.09.2017 um 22:43 schrieb Alan Carroll:
>>>>>
>>>>> Is that addressed by
>>>>> https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification
>>>>
>>>> sounds good - when is 8.0 planned to be released?
>>> It's also available in 7.  We do a terrible job of having the
>>> documentation match the actual version (eg why we default to a version
>>> that won't be released for quite some time is beyond me,
>>
>> IT DON'T WORK
>>
>>>> that you currently need a hard restart for config changes is a pain and will
>>>> be much more pain when you have to use letsencrypt with it's frequent
>>>> certificate updates in the next month after Chrome is starting to warn about
>>>> any site containing a from-tag without TLS
>>> They don't. Remap, SSL cert, and parents just need reloads, not
>>> restarts. Many record config values are also reloads
>>
>> IT DON'T RELOAD because of readonly /etc
>>
>> "/usr/bin/traffic_ctl config reload" don't do anything beause of this "[Rollback::Rollback] Config file is read-only : ssl_multicert.config" bullshit and i am currently working to implement letsencrypt for hundrets of domains which means that at every point in time certificates can be changed and a reload is needed and HARD RESTART IS A NO-GO
>>
>> why in the world is that broken-by-design not fixed after 5 years of complaining or at least a option called "proxy.config.disable_configuration_modification" not tested at all?
>>
>> is it really that hard to create a basic systemd unit and set the OS to redonly which should be the case for every network service in 2017 and test BASIC OPERATIONS?
>>
>> ReadOnlyDirectories=/etc
>> ReadOnlyDirectories=/usr
>> ReadOnlyDirectories=/var/lib
>> ReadWriteDirectories=/etc/trafficserver/internal
>> ReadWriteDirectories=/etc/trafficserver/snapshots
>>
>> [root@proxy:~]$ cat records.config | grep configuration
>> # Main threads configuration (worker threads). Also see configurations for   #
>> # parent proxy configuration     #
>> CONFIG proxy.config.disable_configuration_modification INT 1
>> CONFIG proxy.config.cluster.cluster_configuration STRING cluster.config
>>
>> IT JUST DON'T WORK

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

[Bryan Call <bc...@apache.org>]

proxy.config.disable_configuration_modification was a feature that was requested and the group didn’t use it.

We are planning on having the configuration to be read-only for ATS 8.

-Bryan


> On Sep 12, 2017, at 8:45 AM, Reindl Harald <h....@thelounge.net> wrote:
> 
> 
> 
> Am 02.09.2017 um 04:51 schrieb Miles Libbey:
>> On Fri, Sep 1, 2017 at 6:40 PM, Reindl Harald <h....@thelounge.net> wrote:
>>> 
>>> 
>>> Am 01.09.2017 um 22:43 schrieb Alan Carroll:
>>>> 
>>>> Is that addressed by
>>>> https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification
>>> 
>>> sounds good - when is 8.0 planned to be released?
>> It's also available in 7.  We do a terrible job of having the
>> documentation match the actual version (eg why we default to a version
>> that won't be released for quite some time is beyond me,
> 
> IT DON'T WORK
> 
>>> that you currently need a hard restart for config changes is a pain and will
>>> be much more pain when you have to use letsencrypt with it's frequent
>>> certificate updates in the next month after Chrome is starting to warn about
>>> any site containing a from-tag without TLS
>> They don't. Remap, SSL cert, and parents just need reloads, not
>> restarts. Many record config values are also reloads
> 
> IT DON'T RELOAD because of readonly /etc
> 
> "/usr/bin/traffic_ctl config reload" don't do anything beause of this "[Rollback::Rollback] Config file is read-only : ssl_multicert.config" bullshit and i am currently working to implement letsencrypt for hundrets of domains which means that at every point in time certificates can be changed and a reload is needed and HARD RESTART IS A NO-GO
> 
> why in the world is that broken-by-design not fixed after 5 years of complaining or at least a option called "proxy.config.disable_configuration_modification" not tested at all?
> 
> is it really that hard to create a basic systemd unit and set the OS to redonly which should be the case for every network service in 2017 and test BASIC OPERATIONS?
> 
> ReadOnlyDirectories=/etc
> ReadOnlyDirectories=/usr
> ReadOnlyDirectories=/var/lib
> ReadWriteDirectories=/etc/trafficserver/internal
> ReadWriteDirectories=/etc/trafficserver/snapshots
> 
> [root@proxy:~]$ cat records.config | grep configuration
> # Main threads configuration (worker threads). Also see configurations for   #
> # parent proxy configuration     #
> CONFIG proxy.config.disable_configuration_modification INT 1
> CONFIG proxy.config.cluster.cluster_configuration STRING cluster.config
> 
> IT JUST DON'T WORK

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

[Reindl Harald <h....@thelounge.net>]

Am 02.09.2017 um 04:51 schrieb Miles Libbey:
> On Fri, Sep 1, 2017 at 6:40 PM, Reindl Harald <h....@thelounge.net> wrote:
>>
>>
>> Am 01.09.2017 um 22:43 schrieb Alan Carroll:
>>>
>>> Is that addressed by
>>> https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification
>>
>> sounds good - when is 8.0 planned to be released?
> 
> It's also available in 7.  We do a terrible job of having the
> documentation match the actual version (eg why we default to a version
> that won't be released for quite some time is beyond me,

IT DON'T WORK

>> that you currently need a hard restart for config changes is a pain and will
>> be much more pain when you have to use letsencrypt with it's frequent
>> certificate updates in the next month after Chrome is starting to warn about
>> any site containing a from-tag without TLS
> 
> They don't. Remap, SSL cert, and parents just need reloads, not
> restarts. Many record config values are also reloads

IT DON'T RELOAD because of readonly /etc

"/usr/bin/traffic_ctl config reload" don't do anything beause of this 
"[Rollback::Rollback] Config file is read-only : ssl_multicert.config" 
bullshit and i am currently working to implement letsencrypt for 
hundrets of domains which means that at every point in time certificates 
can be changed and a reload is needed and HARD RESTART IS A NO-GO

why in the world is that broken-by-design not fixed after 5 years of 
complaining or at least a option called 
"proxy.config.disable_configuration_modification" not tested at all?

is it really that hard to create a basic systemd unit and set the OS to 
redonly which should be the case for every network service in 2017 and 
test BASIC OPERATIONS?

ReadOnlyDirectories=/etc
ReadOnlyDirectories=/usr
ReadOnlyDirectories=/var/lib
ReadWriteDirectories=/etc/trafficserver/internal
ReadWriteDirectories=/etc/trafficserver/snapshots

[root@proxy:~]$ cat records.config | grep configuration
# Main threads configuration (worker threads). Also see configurations 
for   #
# parent proxy configuration 
     #
CONFIG proxy.config.disable_configuration_modification INT 1
CONFIG proxy.config.cluster.cluster_configuration STRING cluster.config

IT JUST DON'T WORK

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

[Miles Libbey <ml...@apache.org>]

On Fri, Sep 1, 2017 at 6:40 PM, Reindl Harald <h....@thelounge.net> wrote:
>
>
> Am 01.09.2017 um 22:43 schrieb Alan Carroll:
>>
>> Is that addressed by
>> https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification
>
>
> sounds good - when is 8.0 planned to be released?

It's also available in 7.  We do a terrible job of having the
documentation match the actual version (eg why we default to a version
that won't be released for quite some time is beyond me,

> that you currently need a hard restart for config changes is a pain and will
> be much more pain when you have to use letsencrypt with it's frequent
> certificate updates in the next month after Chrome is starting to warn about
> any site containing a from-tag without TLS

They don't. Remap, SSL cert, and parents just need reloads, not
restarts. Many record config values are also reloads.


>> On Fri, Sep 1, 2017 at 12:48 AM, Reindl Harald <h.reindl@thelounge.net
>> <ma...@thelounge.net>> wrote:
>>
>>     frankly can somebody fix that after FIVE YEARS of complaints?
>>
>>     with 7.1 "/usr/bin/traffic_ctl config reload" don't do anything,
>>     with 7.0 it also complaints like below on startup that it refuses to
>>     work because it can't write to /etc
>>
>>     READ MY LIPS:
>>     you. have. no. business. for. any. write. attempt. to. /etc
>>
>>     [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
>>     [Rollback::openFile] Open of metrics.config failed: Permission denied
>>     [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
>>     [Rollback::Rollback] Config file is read-only : metrics.config
>>     [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
>>     [Rollback::openFile] Open of cluster.config failed: Read-only file
>>     system
>>     [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
>>     [Rollback::internalUpdate] Unable to create new version of
>>     cluster.config : Read-only file system
>>     [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
>>     [Rollback::Rollback] Automatic Roll of Version 1 failed:
>> cluster.config
>>     [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
>>     [Rollback::openFile] Open of cluster.config failed: Permission denied
>>     [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
>>     [Rollback::Rollback] Config file is read-only : cluster.config

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

[Reindl Harald <h....@thelounge.net>]

Am 01.09.2017 um 22:43 schrieb Alan Carroll:
> Is that addressed by 
> https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification 

sounds good - when is 8.0 planned to be released?

that you currently need a hard restart for config changes is a pain and 
will be much more pain when you have to use letsencrypt with it's 
frequent certificate updates in the next month after Chrome is starting 
to warn about any site containing a from-tag without TLS

> On Fri, Sep 1, 2017 at 12:48 AM, Reindl Harald <h.reindl@thelounge.net 
> <ma...@thelounge.net>> wrote:
> 
>     frankly can somebody fix that after FIVE YEARS of complaints?
> 
>     with 7.1 "/usr/bin/traffic_ctl config reload" don't do anything,
>     with 7.0 it also complaints like below on startup that it refuses to
>     work because it can't write to /etc
> 
>     READ MY LIPS:
>     you. have. no. business. for. any. write. attempt. to. /etc
> 
>     [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
>     [Rollback::openFile] Open of metrics.config failed: Permission denied
>     [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
>     [Rollback::Rollback] Config file is read-only : metrics.config
>     [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
>     [Rollback::openFile] Open of cluster.config failed: Read-only file
>     system
>     [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
>     [Rollback::internalUpdate] Unable to create new version of
>     cluster.config : Read-only file system
>     [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
>     [Rollback::Rollback] Automatic Roll of Version 1 failed: cluster.config
>     [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
>     [Rollback::openFile] Open of cluster.config failed: Permission denied
>     [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
>     [Rollback::Rollback] Config file is read-only : cluster.config

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

[Alan Carroll <so...@oath.com>]

Is that addressed by
https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification
?

On Fri, Sep 1, 2017 at 12:48 AM, Reindl Harald <h....@thelounge.net>
wrote:

> frankly can somebody fix that after FIVE YEARS of complaints?
>
> with 7.1 "/usr/bin/traffic_ctl config reload" don't do anything, with 7.0
> it also complaints like below on startup that it refuses to work because it
> can't write to /etc
>
> READ MY LIPS:
> you. have. no. business. for. any. write. attempt. to. /etc
>
> [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE: [Rollback::openFile]
> Open of metrics.config failed: Permission denied
> [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE: [Rollback::Rollback]
> Config file is read-only : metrics.config
> [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE: [Rollback::openFile]
> Open of cluster.config failed: Read-only file system
> [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
> [Rollback::internalUpdate] Unable to create new version of cluster.config :
> Read-only file system
> [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE: [Rollback::Rollback]
> Automatic Roll of Version 1 failed: cluster.config
> [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE: [Rollback::openFile]
> Open of cluster.config failed: Permission denied
> [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE: [Rollback::Rollback]
> Config file is read-only : cluster.config
>
>
> Am 01.09.2017 um 00:07 schrieb Leif Hedstrom:
>
>> I've prepared a release for 7.1.1 (RC1), which is a bug fix release on
>> the previous v7.1.0. The release notes for 7.1.1 is available at:
>>
>>         https://github.com/apache/trafficserver/milestone/12?closed=1
>>
>> or for a brief ChangeLog (attached below as well):
>>
>>         https://github.com/apache/trafficserver/blob/7.1.x/CHANGELOG
>> -7.1.1
>>
>>
>> This release of v7.1.1 is backwards compatible with all v7.x release, for
>> some details as to what’s new in v.7.1.x see
>>
>>         https://cwiki.apache.org/confluence/display/TS/What%27s+New+
>> in+v7.1.x
>>
>>
>> Information about upgrading to this release from previous major versions
>> is available at:
>>
>>         https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v7.0
>>
>>
>> The artifacts are available for download at:
>>
>>         http://people.apache.org/~zwoop/rel-candidates/
>>
>>
>> Checksums:
>>
>>         MD5: a3a9f1a70cd9d11ad5a027275643cca1
>> *trafficserver-7.1.1-rc1.tar.bz2
>>         SHA512: 9d3d9af85f58015a1221c74e3034a1
>> 6fad3f9f4b1d55ff0271561a065282847c8c46f9d0152c6b534ab25647ac
>> ddaf232e9df6228ae609c41ea7ffa8d0a84a6d *trafficserver-7.1.1-rc1.tar.bz2
>>
>>
>> This corresponds to git refs:
>>
>>         Hash: 6f6a04aae105291c774d0c4116597fdc7b345121
>>         Tag: 7.1.1-rc1
>>
>>
>> Which can be verified with the following command:
>>
>>         $ git tag -v 7.1.1-rc1
>>
>>
>> All code signing keys are available here:
>>
>>         https://dist.apache.org/repos/dist/dev/trafficserver/KEYS
>>
>> Make sure you refresh from a key server to get all relevant signatures.
>> This vote is open until EOB September 5th.
>>
>> Cheers,
>>
>> — Leif
>>
>> Changes with Apache Traffic Server 7.1.1
>>    #1766 - Can't convert Cache Result to Cache MISS by
>> TSHttpTxnCacheLookupStatusSet
>>    #1953 - Unit Tests for Issue #1605 AWS Signature Version 4
>>    #1980 - Issue #1685: Use TS_MILESTONE_UA_BEGIN for cqt* log fields
>>    #2123 - ua_buffer_reader should be released in
>> deallocate_redirect_postdata
>>    #2217 - Be less aggressive in calling SSL_shutdown.
>>    #2273 - Fixed debug build on Fedora 26 with gcc7
>>    #2285 - Prevent HSTS headers from including the terminating null byte.
>>    #2298 - Fix origin requests to default to HTTP 1.1
>>    #2305 - Rework SSL handshake hooks and add tls_hooks tests.
>>    #2315 - For 7.1.x, H2 Assertsion at Http2DependencyTree::deactivate
>>    #2329 - Push triggered DNSConnections into an atomic queue to prevent
>> DNSConnection lost.
>>    #2331 - cqtq,cqtn,cqtd,cqtt timestamp blog format to be INT again
>>    #2359 - Remove the correct entry from priority queue and insert the
>> new node into the queue
>>    #2369 - Backport PR 2336 to 7.1.x - Add missing checks for request url
>>    #2370 - Backport PR 2338 to 7.1.x - Add null pointer check to server
>> response set status in Lua plugin
>>    #2393 - Change from SHA1 to SHA512
>>    #2396 - Fedora 26 and gcc7 support for ATS 7.1.1
>>    #2401 - Prefer setting AM_CPPFLAGS vs. CPPFLAGS, etc.
>>    #2402 - Added more fallthrough comments for Fedora 26 and gcc7 for ICP
>>    #2413 - Correctly Handle EVENT_NONE in UnixNetVConnection::acceptEvent
>>    #2414 - Out-of-bounds while get port from host field
>>    #2443 - AWS auth v4: fixed query param value URI-encoding
>>    #2452 - Ticket file reload shouldn't kill traffic_server process
>>    #2453 - FD leaks when ep.start() failed or cancelled in acceptEvent or
>> con.connect() failed
>>    #2457 - Cherry pick a set of Catch based commits to 7.1
>>    #2458 - Coverity: CID 1380042:Resource leaks  (RESOURCE_LEAK)
>>    #2459 - fixing memory leak when ATS serves stale records
>>    #2460 - S3_auth:uri(En|De)code() pass by ref,not val(master)
>>
>>
> --
>
> Reindl Harald
> the lounge interactive design GmbH
> A-1060 Vienna, Hofmühlgasse 17
> CTO / CISO / Software-Development
> m: +43 676 40 221 40
> p: +43 1 595 3999 33
> http://www.thelounge.net/
>

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

[Reindl Harald <h....@thelounge.net>]

frankly can somebody fix that after FIVE YEARS of complaints?

with 7.1 "/usr/bin/traffic_ctl config reload" don't do anything, with 
7.0 it also complaints like below on startup that it refuses to work 
because it can't write to /etc

READ MY LIPS:
you. have. no. business. for. any. write. attempt. to. /etc

[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE: 
[Rollback::openFile] Open of metrics.config failed: Permission denied
[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE: 
[Rollback::Rollback] Config file is read-only : metrics.config
[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE: 
[Rollback::openFile] Open of cluster.config failed: Read-only file system
[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE: 
[Rollback::internalUpdate] Unable to create new version of 
cluster.config : Read-only file system
[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE: 
[Rollback::Rollback] Automatic Roll of Version 1 failed: cluster.config
[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE: 
[Rollback::openFile] Open of cluster.config failed: Permission denied
[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE: 
[Rollback::Rollback] Config file is read-only : cluster.config

Am 01.09.2017 um 00:07 schrieb Leif Hedstrom:
> I've prepared a release for 7.1.1 (RC1), which is a bug fix release on the previous v7.1.0. The release notes for 7.1.1 is available at:
> 
> 	https://github.com/apache/trafficserver/milestone/12?closed=1
> 
> or for a brief ChangeLog (attached below as well):
> 
> 	https://github.com/apache/trafficserver/blob/7.1.x/CHANGELOG-7.1.1
> 
> 
> This release of v7.1.1 is backwards compatible with all v7.x release, for some details as to what’s new in v.7.1.x see
> 
> 	https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v7.1.x
> 
> 
> Information about upgrading to this release from previous major versions is available at:
> 
> 	https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v7.0
> 
> 
> The artifacts are available for download at:
> 
> 	http://people.apache.org/~zwoop/rel-candidates/
> 
> 
> Checksums:
> 
> 	MD5: a3a9f1a70cd9d11ad5a027275643cca1 *trafficserver-7.1.1-rc1.tar.bz2
> 	SHA512: 9d3d9af85f58015a1221c74e3034a16fad3f9f4b1d55ff0271561a065282847c8c46f9d0152c6b534ab25647acddaf232e9df6228ae609c41ea7ffa8d0a84a6d *trafficserver-7.1.1-rc1.tar.bz2
> 
> 
> This corresponds to git refs:
> 
> 	Hash: 6f6a04aae105291c774d0c4116597fdc7b345121
> 	Tag: 7.1.1-rc1
> 
> 
> Which can be verified with the following command:
> 
> 	$ git tag -v 7.1.1-rc1
> 
> 
> All code signing keys are available here:
> 
> 	https://dist.apache.org/repos/dist/dev/trafficserver/KEYS
> 
> Make sure you refresh from a key server to get all relevant signatures. This vote is open until EOB September 5th.
> 
> Cheers,
> 
> — Leif
> 
> Changes with Apache Traffic Server 7.1.1
>    #1766 - Can't convert Cache Result to Cache MISS by TSHttpTxnCacheLookupStatusSet
>    #1953 - Unit Tests for Issue #1605 AWS Signature Version 4
>    #1980 - Issue #1685: Use TS_MILESTONE_UA_BEGIN for cqt* log fields
>    #2123 - ua_buffer_reader should be released in deallocate_redirect_postdata
>    #2217 - Be less aggressive in calling SSL_shutdown.
>    #2273 - Fixed debug build on Fedora 26 with gcc7
>    #2285 - Prevent HSTS headers from including the terminating null byte.
>    #2298 - Fix origin requests to default to HTTP 1.1
>    #2305 - Rework SSL handshake hooks and add tls_hooks tests.
>    #2315 - For 7.1.x, H2 Assertsion at Http2DependencyTree::deactivate
>    #2329 - Push triggered DNSConnections into an atomic queue to prevent DNSConnection lost.
>    #2331 - cqtq,cqtn,cqtd,cqtt timestamp blog format to be INT again
>    #2359 - Remove the correct entry from priority queue and insert the new node into the queue
>    #2369 - Backport PR 2336 to 7.1.x - Add missing checks for request url
>    #2370 - Backport PR 2338 to 7.1.x - Add null pointer check to server response set status in Lua plugin
>    #2393 - Change from SHA1 to SHA512
>    #2396 - Fedora 26 and gcc7 support for ATS 7.1.1
>    #2401 - Prefer setting AM_CPPFLAGS vs. CPPFLAGS, etc.
>    #2402 - Added more fallthrough comments for Fedora 26 and gcc7 for ICP
>    #2413 - Correctly Handle EVENT_NONE in UnixNetVConnection::acceptEvent
>    #2414 - Out-of-bounds while get port from host field
>    #2443 - AWS auth v4: fixed query param value URI-encoding
>    #2452 - Ticket file reload shouldn't kill traffic_server process
>    #2453 - FD leaks when ep.start() failed or cancelled in acceptEvent or con.connect() failed
>    #2457 - Cherry pick a set of Catch based commits to 7.1
>    #2458 - Coverity: CID 1380042:Resource leaks  (RESOURCE_LEAK)
>    #2459 - fixing memory leak when ATS serves stale records
>    #2460 - S3_auth:uri(En|De)code() pass by ref,not val(master)
> 

-- 

Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
CTO / CISO / Software-Development
m: +43 676 40 221 40
p: +43 1 595 3999 33
http://www.thelounge.net/

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

[Bryan Call <bc...@apache.org>]

+1 - Passed signatures check, regression tests, and I have been running it in production since 8/31 without any issues.

-Bryan

> On Aug 31, 2017, at 3:07 PM, Leif Hedstrom <zw...@apache.org> wrote:
> 
> I've prepared a release for 7.1.1 (RC1), which is a bug fix release on the previous v7.1.0. The release notes for 7.1.1 is available at:
> 
> 	https://github.com/apache/trafficserver/milestone/12?closed=1
> 
> or for a brief ChangeLog (attached below as well):
> 
> 	https://github.com/apache/trafficserver/blob/7.1.x/CHANGELOG-7.1.1
> 
> 
> This release of v7.1.1 is backwards compatible with all v7.x release, for some details as to what’s new in v.7.1.x see
> 
> 	https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v7.1.x
> 
> 
> Information about upgrading to this release from previous major versions is available at:
> 
> 	https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v7.0
> 
> 
> The artifacts are available for download at:
> 
> 	http://people.apache.org/~zwoop/rel-candidates/
> 
> 
> Checksums:
> 
> 	MD5: a3a9f1a70cd9d11ad5a027275643cca1 *trafficserver-7.1.1-rc1.tar.bz2
> 	SHA512: 9d3d9af85f58015a1221c74e3034a16fad3f9f4b1d55ff0271561a065282847c8c46f9d0152c6b534ab25647acddaf232e9df6228ae609c41ea7ffa8d0a84a6d *trafficserver-7.1.1-rc1.tar.bz2
> 
> 
> This corresponds to git refs:
> 
> 	Hash: 6f6a04aae105291c774d0c4116597fdc7b345121
> 	Tag: 7.1.1-rc1
> 
> 
> Which can be verified with the following command:
> 
> 	$ git tag -v 7.1.1-rc1
> 
> 
> All code signing keys are available here:
> 
> 	https://dist.apache.org/repos/dist/dev/trafficserver/KEYS
> 
> Make sure you refresh from a key server to get all relevant signatures. This vote is open until EOB September 5th.
> 
> Cheers,
> 
> — Leif
> 
> Changes with Apache Traffic Server 7.1.1
>  #1766 - Can't convert Cache Result to Cache MISS by TSHttpTxnCacheLookupStatusSet
>  #1953 - Unit Tests for Issue #1605 AWS Signature Version 4
>  #1980 - Issue #1685: Use TS_MILESTONE_UA_BEGIN for cqt* log fields
>  #2123 - ua_buffer_reader should be released in deallocate_redirect_postdata
>  #2217 - Be less aggressive in calling SSL_shutdown.
>  #2273 - Fixed debug build on Fedora 26 with gcc7
>  #2285 - Prevent HSTS headers from including the terminating null byte.
>  #2298 - Fix origin requests to default to HTTP 1.1
>  #2305 - Rework SSL handshake hooks and add tls_hooks tests.
>  #2315 - For 7.1.x, H2 Assertsion at Http2DependencyTree::deactivate
>  #2329 - Push triggered DNSConnections into an atomic queue to prevent DNSConnection lost.
>  #2331 - cqtq,cqtn,cqtd,cqtt timestamp blog format to be INT again
>  #2359 - Remove the correct entry from priority queue and insert the new node into the queue
>  #2369 - Backport PR 2336 to 7.1.x - Add missing checks for request url
>  #2370 - Backport PR 2338 to 7.1.x - Add null pointer check to server response set status in Lua plugin
>  #2393 - Change from SHA1 to SHA512
>  #2396 - Fedora 26 and gcc7 support for ATS 7.1.1
>  #2401 - Prefer setting AM_CPPFLAGS vs. CPPFLAGS, etc.
>  #2402 - Added more fallthrough comments for Fedora 26 and gcc7 for ICP
>  #2413 - Correctly Handle EVENT_NONE in UnixNetVConnection::acceptEvent
>  #2414 - Out-of-bounds while get port from host field
>  #2443 - AWS auth v4: fixed query param value URI-encoding
>  #2452 - Ticket file reload shouldn't kill traffic_server process
>  #2453 - FD leaks when ep.start() failed or cancelled in acceptEvent or con.connect() failed
>  #2457 - Cherry pick a set of Catch based commits to 7.1
>  #2458 - Coverity: CID 1380042:Resource leaks  (RESOURCE_LEAK)
>  #2459 - fixing memory leak when ATS serves stale records
>  #2460 - S3_auth:uri(En|De)code() pass by ref,not val(master)

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

[Leif Hedstrom <zw...@apache.org>]

> On Aug 31, 2017, at 4:07 PM, Leif Hedstrom <zw...@apache.org> wrote:
> 
> I've prepared a release for 7.1.1 (RC1), which is a bug fix release on the previous v7.1.0. The release notes for 7.1.1 is available at:
> 
> 	https://github.com/apache/trafficserver/milestone/12?closed=1
> 
> or for a brief ChangeLog (attached below as well):
> 
> 	https://github.com/apache/trafficserver/blob/7.1.x/CHANGELOG-7.1.1



I’m gonna vote early :-). We’ve been testing this release, and various previous 7.1.1 candidates for a while now, with no issues. Please help out testing this RC asap, so we can respin quickly if needed.

+1.

— Leif