You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@trafficserver.apache.org by Jered Floyd <je...@convivian.com> on 2022/06/16 15:26:25 UTC
Re: New Fedora and EPEL packaging in progress
To (finally) follow up on this, ATS 9.1.2 is now in the Fedora and EPEL8 repos, and should land in EPEL7 and EPEL9 shortly:
https://bodhi.fedoraproject.org/updates/?packages=trafficserver
Regards,
--Jered
----- On Apr 18, 2022, at 6:12 PM, Jered Floyd jered@convivian.com wrote:
> Hello! This is just a short note to introduce myself, and share a new packaging
> effort for Fedora and EPEL-using (RHEL, CentOS, etc.) Linuxes.
>
> You can review and test ATS 9.1.2 packages for these platforms here, but I
> intend for them to be in the official repo soon.
> [ https://copr.fedorainfracloud.org/coprs/jered/trafficserver/ |
> https://copr.fedorainfracloud.org/coprs/jered/trafficserver/ ]
>
> A few notes on these packages:
>
> 1) traffic_manager and traffic_server do not run as root; instead they run as
> the "trafficserver" user and systemd grants CAP_NET_BIND_SERVICE for access to
> privileged ports.
>
> 2) I've written an SELinux policy module that is run as enforcing. It works for
> me, but it's possible that I am missing permissions for some plugin behaviors.
> If something isn't working right for you, please check your SELinux logs first
> and let me know if tuning is needed. One this is accepted into Fedora there
> will be an official bug tracker.
>
> 3) There is no build for CentOS Stream 9 because the tscore HKDF tests fail with
> OpenSSL 3.0.2 and cs9 doesn't include a compat-openssl1.1 package (nor will
> RHEL 9). This is probably an OpenSSL bug but I haven't investigated further
> yet. This is noted in the overall ATS/OpenSSL 3.0 ticket: [
> https://github.com/apache/trafficserver/issues/7341 |
> https://github.com/apache/trafficserver/issues/7341 ]
>
> As for who I am, I standardized some years ago on ATS for my personal
> infrastructure on Debian. A few years ago I joined Red Hat and this month
> finally decided I should migrate to our distros as part of a platform refresh,
> but ATS was not packaged.... so I foolishly decided that becoming the Fedora
> package maintainer would be easier than migrating to a different reverse proxy.
> :-)
>
> Regards,
> --Jered
Re: New Fedora and EPEL packaging in progress
Posted by Masaori Koshiba <ma...@apache.org>.
Awesome! Thanks for your work!
— Masaori
On Fri, Jun 17, 2022 at 12:26 AM Jered Floyd <je...@convivian.com> wrote:
>
> To (finally) follow up on this, ATS 9.1.2 is now in the Fedora and EPEL8
> repos, and should land in EPEL7 and EPEL9 shortly:
> https://bodhi.fedoraproject.org/updates/?packages=trafficserver
>
> Regards,
> --Jered
>
>
> ----- On Apr 18, 2022, at 6:12 PM, Jered Floyd jered@convivian.com wrote:
>
> > Hello! This is just a short note to introduce myself, and share a new
> packaging
> > effort for Fedora and EPEL-using (RHEL, CentOS, etc.) Linuxes.
> >
> > You can review and test ATS 9.1.2 packages for these platforms here, but
> I
> > intend for them to be in the official repo soon.
> > [ https://copr.fedorainfracloud.org/coprs/jered/trafficserver/ |
> > https://copr.fedorainfracloud.org/coprs/jered/trafficserver/ ]
> >
> > A few notes on these packages:
> >
> > 1) traffic_manager and traffic_server do not run as root; instead they
> run as
> > the "trafficserver" user and systemd grants CAP_NET_BIND_SERVICE for
> access to
> > privileged ports.
> >
> > 2) I've written an SELinux policy module that is run as enforcing. It
> works for
> > me, but it's possible that I am missing permissions for some plugin
> behaviors.
> > If something isn't working right for you, please check your SELinux logs
> first
> > and let me know if tuning is needed. One this is accepted into Fedora
> there
> > will be an official bug tracker.
> >
> > 3) There is no build for CentOS Stream 9 because the tscore HKDF tests
> fail with
> > OpenSSL 3.0.2 and cs9 doesn't include a compat-openssl1.1 package (nor
> will
> > RHEL 9). This is probably an OpenSSL bug but I haven't investigated
> further
> > yet. This is noted in the overall ATS/OpenSSL 3.0 ticket: [
> > https://github.com/apache/trafficserver/issues/7341 |
> > https://github.com/apache/trafficserver/issues/7341 ]
> >
> > As for who I am, I standardized some years ago on ATS for my personal
> > infrastructure on Debian. A few years ago I joined Red Hat and this month
> > finally decided I should migrate to our distros as part of a platform
> refresh,
> > but ATS was not packaged.... so I foolishly decided that becoming the
> Fedora
> > package maintainer would be easier than migrating to a different reverse
> proxy.
> > :-)
> >
> > Regards,
> > --Jered
>