[VOTE] Release Apache Traffic Server 7.1.1 (RC1)

classic Classic list List threaded Threaded
20 messages Options
Reply | Threaded
Open this post in threaded view
|

[VOTE] Release Apache Traffic Server 7.1.1 (RC1)

Leif Hedstrom
I've prepared a release for 7.1.1 (RC1), which is a bug fix release on the previous v7.1.0. The release notes for 7.1.1 is available at:

        https://github.com/apache/trafficserver/milestone/12?closed=1

or for a brief ChangeLog (attached below as well):

        https://github.com/apache/trafficserver/blob/7.1.x/CHANGELOG-7.1.1


This release of v7.1.1 is backwards compatible with all v7.x release, for some details as to what’s new in v.7.1.x see

        https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v7.1.x


Information about upgrading to this release from previous major versions is available at:

        https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v7.0


The artifacts are available for download at:

        http://people.apache.org/~zwoop/rel-candidates/


Checksums:

        MD5: a3a9f1a70cd9d11ad5a027275643cca1 *trafficserver-7.1.1-rc1.tar.bz2
        SHA512: 9d3d9af85f58015a1221c74e3034a16fad3f9f4b1d55ff0271561a065282847c8c46f9d0152c6b534ab25647acddaf232e9df6228ae609c41ea7ffa8d0a84a6d *trafficserver-7.1.1-rc1.tar.bz2


This corresponds to git refs:

        Hash: 6f6a04aae105291c774d0c4116597fdc7b345121
        Tag: 7.1.1-rc1


Which can be verified with the following command:

        $ git tag -v 7.1.1-rc1


All code signing keys are available here:

        https://dist.apache.org/repos/dist/dev/trafficserver/KEYS

Make sure you refresh from a key server to get all relevant signatures. This vote is open until EOB September 5th.

Cheers,

— Leif

Changes with Apache Traffic Server 7.1.1
  #1766 - Can't convert Cache Result to Cache MISS by TSHttpTxnCacheLookupStatusSet
  #1953 - Unit Tests for Issue #1605 AWS Signature Version 4
  #1980 - Issue #1685: Use TS_MILESTONE_UA_BEGIN for cqt* log fields
  #2123 - ua_buffer_reader should be released in deallocate_redirect_postdata
  #2217 - Be less aggressive in calling SSL_shutdown.
  #2273 - Fixed debug build on Fedora 26 with gcc7
  #2285 - Prevent HSTS headers from including the terminating null byte.
  #2298 - Fix origin requests to default to HTTP 1.1
  #2305 - Rework SSL handshake hooks and add tls_hooks tests.
  #2315 - For 7.1.x, H2 Assertsion at Http2DependencyTree::deactivate
  #2329 - Push triggered DNSConnections into an atomic queue to prevent DNSConnection lost.
  #2331 - cqtq,cqtn,cqtd,cqtt timestamp blog format to be INT again
  #2359 - Remove the correct entry from priority queue and insert the new node into the queue
  #2369 - Backport PR 2336 to 7.1.x - Add missing checks for request url
  #2370 - Backport PR 2338 to 7.1.x - Add null pointer check to server response set status in Lua plugin
  #2393 - Change from SHA1 to SHA512
  #2396 - Fedora 26 and gcc7 support for ATS 7.1.1
  #2401 - Prefer setting AM_CPPFLAGS vs. CPPFLAGS, etc.
  #2402 - Added more fallthrough comments for Fedora 26 and gcc7 for ICP
  #2413 - Correctly Handle EVENT_NONE in UnixNetVConnection::acceptEvent
  #2414 - Out-of-bounds while get port from host field
  #2443 - AWS auth v4: fixed query param value URI-encoding
  #2452 - Ticket file reload shouldn't kill traffic_server process
  #2453 - FD leaks when ep.start() failed or cancelled in acceptEvent or con.connect() failed
  #2457 - Cherry pick a set of Catch based commits to 7.1
  #2458 - Coverity: CID 1380042:Resource leaks  (RESOURCE_LEAK)
  #2459 - fixing memory leak when ATS serves stale records
  #2460 - S3_auth:uri(En|De)code() pass by ref,not val(master)
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

Leif Hedstrom

> On Aug 31, 2017, at 4:07 PM, Leif Hedstrom <[hidden email]> wrote:
>
> I've prepared a release for 7.1.1 (RC1), which is a bug fix release on the previous v7.1.0. The release notes for 7.1.1 is available at:
>
> https://github.com/apache/trafficserver/milestone/12?closed=1
>
> or for a brief ChangeLog (attached below as well):
>
> https://github.com/apache/trafficserver/blob/7.1.x/CHANGELOG-7.1.1



I’m gonna vote early :-). We’ve been testing this release, and various previous 7.1.1 candidates for a while now, with no issues. Please help out testing this RC asap, so we can respin quickly if needed.

+1.

— Leif

Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

Reindl Harald
In reply to this post by Leif Hedstrom
frankly can somebody fix that after FIVE YEARS of complaints?

with 7.1 "/usr/bin/traffic_ctl config reload" don't do anything, with
7.0 it also complaints like below on startup that it refuses to work
because it can't write to /etc

READ MY LIPS:
you. have. no. business. for. any. write. attempt. to. /etc

[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
[Rollback::openFile] Open of metrics.config failed: Permission denied
[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
[Rollback::Rollback] Config file is read-only : metrics.config
[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
[Rollback::openFile] Open of cluster.config failed: Read-only file system
[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
[Rollback::internalUpdate] Unable to create new version of
cluster.config : Read-only file system
[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
[Rollback::Rollback] Automatic Roll of Version 1 failed: cluster.config
[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
[Rollback::openFile] Open of cluster.config failed: Permission denied
[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
[Rollback::Rollback] Config file is read-only : cluster.config

Am 01.09.2017 um 00:07 schrieb Leif Hedstrom:

> I've prepared a release for 7.1.1 (RC1), which is a bug fix release on the previous v7.1.0. The release notes for 7.1.1 is available at:
>
> https://github.com/apache/trafficserver/milestone/12?closed=1
>
> or for a brief ChangeLog (attached below as well):
>
> https://github.com/apache/trafficserver/blob/7.1.x/CHANGELOG-7.1.1
>
>
> This release of v7.1.1 is backwards compatible with all v7.x release, for some details as to what’s new in v.7.1.x see
>
> https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v7.1.x
>
>
> Information about upgrading to this release from previous major versions is available at:
>
> https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v7.0
>
>
> The artifacts are available for download at:
>
> http://people.apache.org/~zwoop/rel-candidates/
>
>
> Checksums:
>
> MD5: a3a9f1a70cd9d11ad5a027275643cca1 *trafficserver-7.1.1-rc1.tar.bz2
> SHA512: 9d3d9af85f58015a1221c74e3034a16fad3f9f4b1d55ff0271561a065282847c8c46f9d0152c6b534ab25647acddaf232e9df6228ae609c41ea7ffa8d0a84a6d *trafficserver-7.1.1-rc1.tar.bz2
>
>
> This corresponds to git refs:
>
> Hash: 6f6a04aae105291c774d0c4116597fdc7b345121
> Tag: 7.1.1-rc1
>
>
> Which can be verified with the following command:
>
> $ git tag -v 7.1.1-rc1
>
>
> All code signing keys are available here:
>
> https://dist.apache.org/repos/dist/dev/trafficserver/KEYS
>
> Make sure you refresh from a key server to get all relevant signatures. This vote is open until EOB September 5th.
>
> Cheers,
>
> — Leif
>
> Changes with Apache Traffic Server 7.1.1
>    #1766 - Can't convert Cache Result to Cache MISS by TSHttpTxnCacheLookupStatusSet
>    #1953 - Unit Tests for Issue #1605 AWS Signature Version 4
>    #1980 - Issue #1685: Use TS_MILESTONE_UA_BEGIN for cqt* log fields
>    #2123 - ua_buffer_reader should be released in deallocate_redirect_postdata
>    #2217 - Be less aggressive in calling SSL_shutdown.
>    #2273 - Fixed debug build on Fedora 26 with gcc7
>    #2285 - Prevent HSTS headers from including the terminating null byte.
>    #2298 - Fix origin requests to default to HTTP 1.1
>    #2305 - Rework SSL handshake hooks and add tls_hooks tests.
>    #2315 - For 7.1.x, H2 Assertsion at Http2DependencyTree::deactivate
>    #2329 - Push triggered DNSConnections into an atomic queue to prevent DNSConnection lost.
>    #2331 - cqtq,cqtn,cqtd,cqtt timestamp blog format to be INT again
>    #2359 - Remove the correct entry from priority queue and insert the new node into the queue
>    #2369 - Backport PR 2336 to 7.1.x - Add missing checks for request url
>    #2370 - Backport PR 2338 to 7.1.x - Add null pointer check to server response set status in Lua plugin
>    #2393 - Change from SHA1 to SHA512
>    #2396 - Fedora 26 and gcc7 support for ATS 7.1.1
>    #2401 - Prefer setting AM_CPPFLAGS vs. CPPFLAGS, etc.
>    #2402 - Added more fallthrough comments for Fedora 26 and gcc7 for ICP
>    #2413 - Correctly Handle EVENT_NONE in UnixNetVConnection::acceptEvent
>    #2414 - Out-of-bounds while get port from host field
>    #2443 - AWS auth v4: fixed query param value URI-encoding
>    #2452 - Ticket file reload shouldn't kill traffic_server process
>    #2453 - FD leaks when ep.start() failed or cancelled in acceptEvent or con.connect() failed
>    #2457 - Cherry pick a set of Catch based commits to 7.1
>    #2458 - Coverity: CID 1380042:Resource leaks  (RESOURCE_LEAK)
>    #2459 - fixing memory leak when ATS serves stale records
>    #2460 - S3_auth:uri(En|De)code() pass by ref,not val(master)
>

--

Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
CTO / CISO / Software-Development
m: +43 676 40 221 40
p: +43 1 595 3999 33
http://www.thelounge.net/
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

Alan Carroll-2

On Fri, Sep 1, 2017 at 12:48 AM, Reindl Harald <[hidden email]> wrote:
frankly can somebody fix that after FIVE YEARS of complaints?

with 7.1 "/usr/bin/traffic_ctl config reload" don't do anything, with 7.0 it also complaints like below on startup that it refuses to work because it can't write to /etc

READ MY LIPS:
you. have. no. business. for. any. write. attempt. to. /etc

[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE: [Rollback::openFile] Open of metrics.config failed: Permission denied
[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE: [Rollback::Rollback] Config file is read-only : metrics.config
[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE: [Rollback::openFile] Open of cluster.config failed: Read-only file system
[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE: [Rollback::internalUpdate] Unable to create new version of cluster.config : Read-only file system
[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE: [Rollback::Rollback] Automatic Roll of Version 1 failed: cluster.config
[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE: [Rollback::openFile] Open of cluster.config failed: Permission denied
[Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE: [Rollback::Rollback] Config file is read-only : cluster.config


Am 01.09.2017 um 00:07 schrieb Leif Hedstrom:
I've prepared a release for 7.1.1 (RC1), which is a bug fix release on the previous v7.1.0. The release notes for 7.1.1 is available at:

        https://github.com/apache/trafficserver/milestone/12?closed=1

or for a brief ChangeLog (attached below as well):

        https://github.com/apache/trafficserver/blob/7.1.x/CHANGELOG-7.1.1


This release of v7.1.1 is backwards compatible with all v7.x release, for some details as to what’s new in v.7.1.x see

        https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v7.1.x


Information about upgrading to this release from previous major versions is available at:

        https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v7.0


The artifacts are available for download at:

        http://people.apache.org/~zwoop/rel-candidates/


Checksums:

        MD5: a3a9f1a70cd9d11ad5a027275643cca1 *trafficserver-7.1.1-rc1.tar.bz2
        SHA512: 9d3d9af85f58015a1221c74e3034a16fad3f9f4b1d55ff0271561a065282847c8c46f9d0152c6b534ab25647acddaf232e9df6228ae609c41ea7ffa8d0a84a6d *trafficserver-7.1.1-rc1.tar.bz2


This corresponds to git refs:

        Hash: 6f6a04aae105291c774d0c4116597fdc7b345121
        Tag: 7.1.1-rc1


Which can be verified with the following command:

        $ git tag -v 7.1.1-rc1


All code signing keys are available here:

        https://dist.apache.org/repos/dist/dev/trafficserver/KEYS

Make sure you refresh from a key server to get all relevant signatures. This vote is open until EOB September 5th.

Cheers,

— Leif

Changes with Apache Traffic Server 7.1.1
   #1766 - Can't convert Cache Result to Cache MISS by TSHttpTxnCacheLookupStatusSet
   #1953 - Unit Tests for Issue #1605 AWS Signature Version 4
   #1980 - Issue #1685: Use TS_MILESTONE_UA_BEGIN for cqt* log fields
   #2123 - ua_buffer_reader should be released in deallocate_redirect_postdata
   #2217 - Be less aggressive in calling SSL_shutdown.
   #2273 - Fixed debug build on Fedora 26 with gcc7
   #2285 - Prevent HSTS headers from including the terminating null byte.
   #2298 - Fix origin requests to default to HTTP 1.1
   #2305 - Rework SSL handshake hooks and add tls_hooks tests.
   #2315 - For 7.1.x, H2 Assertsion at Http2DependencyTree::deactivate
   #2329 - Push triggered DNSConnections into an atomic queue to prevent DNSConnection lost.
   #2331 - cqtq,cqtn,cqtd,cqtt timestamp blog format to be INT again
   #2359 - Remove the correct entry from priority queue and insert the new node into the queue
   #2369 - Backport PR 2336 to 7.1.x - Add missing checks for request url
   #2370 - Backport PR 2338 to 7.1.x - Add null pointer check to server response set status in Lua plugin
   #2393 - Change from SHA1 to SHA512
   #2396 - Fedora 26 and gcc7 support for ATS 7.1.1
   #2401 - Prefer setting AM_CPPFLAGS vs. CPPFLAGS, etc.
   #2402 - Added more fallthrough comments for Fedora 26 and gcc7 for ICP
   #2413 - Correctly Handle EVENT_NONE in UnixNetVConnection::acceptEvent
   #2414 - Out-of-bounds while get port from host field
   #2443 - AWS auth v4: fixed query param value URI-encoding
   #2452 - Ticket file reload shouldn't kill traffic_server process
   #2453 - FD leaks when ep.start() failed or cancelled in acceptEvent or con.connect() failed
   #2457 - Cherry pick a set of Catch based commits to 7.1
   #2458 - Coverity: CID 1380042:Resource leaks  (RESOURCE_LEAK)
   #2459 - fixing memory leak when ATS serves stale records
   #2460 - S3_auth:uri(En|De)code() pass by ref,not val(master)


--

Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
CTO / CISO / Software-Development
m: <a href="tel:%2B43%20676%2040%20221%2040" value="+436764022140" target="_blank">+43 676 40 221 40
p: <a href="tel:%2B43%201%20595%203999%2033" value="+431595399933" target="_blank">+43 1 595 3999 33
http://www.thelounge.net/

Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

Reindl Harald


Am 01.09.2017 um 22:43 schrieb Alan Carroll:
> Is that addressed by
> https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification 

sounds good - when is 8.0 planned to be released?

that you currently need a hard restart for config changes is a pain and
will be much more pain when you have to use letsencrypt with it's
frequent certificate updates in the next month after Chrome is starting
to warn about any site containing a from-tag without TLS

> On Fri, Sep 1, 2017 at 12:48 AM, Reindl Harald <[hidden email]
> <mailto:[hidden email]>> wrote:
>
>     frankly can somebody fix that after FIVE YEARS of complaints?
>
>     with 7.1 "/usr/bin/traffic_ctl config reload" don't do anything,
>     with 7.0 it also complaints like below on startup that it refuses to
>     work because it can't write to /etc
>
>     READ MY LIPS:
>     you. have. no. business. for. any. write. attempt. to. /etc
>
>     [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
>     [Rollback::openFile] Open of metrics.config failed: Permission denied
>     [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
>     [Rollback::Rollback] Config file is read-only : metrics.config
>     [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
>     [Rollback::openFile] Open of cluster.config failed: Read-only file
>     system
>     [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
>     [Rollback::internalUpdate] Unable to create new version of
>     cluster.config : Read-only file system
>     [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
>     [Rollback::Rollback] Automatic Roll of Version 1 failed: cluster.config
>     [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
>     [Rollback::openFile] Open of cluster.config failed: Permission denied
>     [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
>     [Rollback::Rollback] Config file is read-only : cluster.config
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

Miles Libbey
On Fri, Sep 1, 2017 at 6:40 PM, Reindl Harald <[hidden email]> wrote:
>
>
> Am 01.09.2017 um 22:43 schrieb Alan Carroll:
>>
>> Is that addressed by
>> https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification
>
>
> sounds good - when is 8.0 planned to be released?

It's also available in 7.  We do a terrible job of having the
documentation match the actual version (eg why we default to a version
that won't be released for quite some time is beyond me,

> that you currently need a hard restart for config changes is a pain and will
> be much more pain when you have to use letsencrypt with it's frequent
> certificate updates in the next month after Chrome is starting to warn about
> any site containing a from-tag without TLS

They don't. Remap, SSL cert, and parents just need reloads, not
restarts. Many record config values are also reloads.


>> On Fri, Sep 1, 2017 at 12:48 AM, Reindl Harald <[hidden email]
>> <mailto:[hidden email]>> wrote:
>>
>>     frankly can somebody fix that after FIVE YEARS of complaints?
>>
>>     with 7.1 "/usr/bin/traffic_ctl config reload" don't do anything,
>>     with 7.0 it also complaints like below on startup that it refuses to
>>     work because it can't write to /etc
>>
>>     READ MY LIPS:
>>     you. have. no. business. for. any. write. attempt. to. /etc
>>
>>     [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
>>     [Rollback::openFile] Open of metrics.config failed: Permission denied
>>     [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
>>     [Rollback::Rollback] Config file is read-only : metrics.config
>>     [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
>>     [Rollback::openFile] Open of cluster.config failed: Read-only file
>>     system
>>     [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
>>     [Rollback::internalUpdate] Unable to create new version of
>>     cluster.config : Read-only file system
>>     [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
>>     [Rollback::Rollback] Automatic Roll of Version 1 failed:
>> cluster.config
>>     [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
>>     [Rollback::openFile] Open of cluster.config failed: Permission denied
>>     [Aug 30 13:06:54.605] Manager {0x7eff52027940} NOTE:
>>     [Rollback::Rollback] Config file is read-only : cluster.config
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

Reindl Harald


Am 02.09.2017 um 04:51 schrieb Miles Libbey:

> On Fri, Sep 1, 2017 at 6:40 PM, Reindl Harald <[hidden email]> wrote:
>>
>>
>> Am 01.09.2017 um 22:43 schrieb Alan Carroll:
>>>
>>> Is that addressed by
>>> https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification
>>
>>
>> sounds good - when is 8.0 planned to be released?
>
> It's also available in 7.  We do a terrible job of having the
> documentation match the actual version (eg why we default to a version
> that won't be released for quite some time is beyond me,

frankly that DOES NOT WORK or how do you explain the logs at startup i
posted which are from 7.1.0

[root@proxy:~]$ cat records.config | grep modification
CONFIG proxy.config.disable_configuration_modification INT 1

>> that you currently need a hard restart for config changes is a pain and will
>> be much more pain when you have to use letsencrypt with it's frequent
>> certificate updates in the next month after Chrome is starting to warn about
>> any site containing a from-tag without TLS
>
> They don't. Remap, SSL cert, and parents just need reloads, not
> restarts. Many record config values are also reloads

just look at the archive - as i complained the last time ATS even logged
that it REFUSES TO REALOAD because /etc is read-only and i really get
tired of that broken stuff after so many years
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

Steven R. Feltner
In reply to this post by Leif Hedstrom
I have compiled and tested 7.1.1 on CentOS 7, including our custom plugins.  No issues seen in test or under load test.  I have not been able to get this onto a production box yet.

Based on the testing I have done, I +1 this release.

Thanks,
Steven


On 8/31/17, 6:07 PM, "Leif Hedstrom" <[hidden email]> wrote:

    I've prepared a release for 7.1.1 (RC1), which is a bug fix release on the previous v7.1.0. The release notes for 7.1.1 is available at:
   
    https://github.com/apache/trafficserver/milestone/12?closed=1
   
    or for a brief ChangeLog (attached below as well):
   
    https://github.com/apache/trafficserver/blob/7.1.x/CHANGELOG-7.1.1
   
   
    This release of v7.1.1 is backwards compatible with all v7.x release, for some details as to what’s new in v.7.1.x see
   
    https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v7.1.x
   
   
    Information about upgrading to this release from previous major versions is available at:
   
    https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v7.0
   
   
    The artifacts are available for download at:
   
    http://people.apache.org/~zwoop/rel-candidates/
   
   
    Checksums:
   
    MD5: a3a9f1a70cd9d11ad5a027275643cca1 *trafficserver-7.1.1-rc1.tar.bz2
    SHA512: 9d3d9af85f58015a1221c74e3034a16fad3f9f4b1d55ff0271561a065282847c8c46f9d0152c6b534ab25647acddaf232e9df6228ae609c41ea7ffa8d0a84a6d *trafficserver-7.1.1-rc1.tar.bz2
   
   
    This corresponds to git refs:
   
    Hash: 6f6a04aae105291c774d0c4116597fdc7b345121
    Tag: 7.1.1-rc1
   
   
    Which can be verified with the following command:
   
    $ git tag -v 7.1.1-rc1
   
   
    All code signing keys are available here:
   
    https://dist.apache.org/repos/dist/dev/trafficserver/KEYS
   
    Make sure you refresh from a key server to get all relevant signatures. This vote is open until EOB September 5th.
   
    Cheers,
   
    — Leif
   
    Changes with Apache Traffic Server 7.1.1
      #1766 - Can't convert Cache Result to Cache MISS by TSHttpTxnCacheLookupStatusSet
      #1953 - Unit Tests for Issue #1605 AWS Signature Version 4
      #1980 - Issue #1685: Use TS_MILESTONE_UA_BEGIN for cqt* log fields
      #2123 - ua_buffer_reader should be released in deallocate_redirect_postdata
      #2217 - Be less aggressive in calling SSL_shutdown.
      #2273 - Fixed debug build on Fedora 26 with gcc7
      #2285 - Prevent HSTS headers from including the terminating null byte.
      #2298 - Fix origin requests to default to HTTP 1.1
      #2305 - Rework SSL handshake hooks and add tls_hooks tests.
      #2315 - For 7.1.x, H2 Assertsion at Http2DependencyTree::deactivate
      #2329 - Push triggered DNSConnections into an atomic queue to prevent DNSConnection lost.
      #2331 - cqtq,cqtn,cqtd,cqtt timestamp blog format to be INT again
      #2359 - Remove the correct entry from priority queue and insert the new node into the queue
      #2369 - Backport PR 2336 to 7.1.x - Add missing checks for request url
      #2370 - Backport PR 2338 to 7.1.x - Add null pointer check to server response set status in Lua plugin
      #2393 - Change from SHA1 to SHA512
      #2396 - Fedora 26 and gcc7 support for ATS 7.1.1
      #2401 - Prefer setting AM_CPPFLAGS vs. CPPFLAGS, etc.
      #2402 - Added more fallthrough comments for Fedora 26 and gcc7 for ICP
      #2413 - Correctly Handle EVENT_NONE in UnixNetVConnection::acceptEvent
      #2414 - Out-of-bounds while get port from host field
      #2443 - AWS auth v4: fixed query param value URI-encoding
      #2452 - Ticket file reload shouldn't kill traffic_server process
      #2453 - FD leaks when ep.start() failed or cancelled in acceptEvent or con.connect() failed
      #2457 - Cherry pick a set of Catch based commits to 7.1
      #2458 - Coverity: CID 1380042:Resource leaks  (RESOURCE_LEAK)
      #2459 - fixing memory leak when ATS serves stale records
      #2460 - S3_auth:uri(En|De)code() pass by ref,not val(master)

Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

David Calavera
+1 to this release. It solves the problems we found with SNI plugins in the 7.1.0 version. We're actually running this in production since last week and we haven't found any issue yet.

Cheers,
David

On Tue, Sep 5, 2017 at 10:43 AM, Steven R. Feltner <[hidden email]> wrote:
I have compiled and tested 7.1.1 on CentOS 7, including our custom plugins.  No issues seen in test or under load test.  I have not been able to get this onto a production box yet.

Based on the testing I have done, I +1 this release.

Thanks,
Steven


On 8/31/17, 6:07 PM, "Leif Hedstrom" <[hidden email]> wrote:

    I've prepared a release for 7.1.1 (RC1), which is a bug fix release on the previous v7.1.0. The release notes for 7.1.1 is available at:

        https://github.com/apache/trafficserver/milestone/12?closed=1

    or for a brief ChangeLog (attached below as well):

        https://github.com/apache/trafficserver/blob/7.1.x/CHANGELOG-7.1.1


    This release of v7.1.1 is backwards compatible with all v7.x release, for some details as to what’s new in v.7.1.x see

        https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v7.1.x


    Information about upgrading to this release from previous major versions is available at:

        https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v7.0


    The artifacts are available for download at:

        http://people.apache.org/~zwoop/rel-candidates/


    Checksums:

        MD5: a3a9f1a70cd9d11ad5a027275643cca1 *trafficserver-7.1.1-rc1.tar.bz2
        SHA512: 9d3d9af85f58015a1221c74e3034a16fad3f9f4b1d55ff0271561a065282847c8c46f9d0152c6b534ab25647acddaf232e9df6228ae609c41ea7ffa8d0a84a6d *trafficserver-7.1.1-rc1.tar.bz2


    This corresponds to git refs:

        Hash: 6f6a04aae105291c774d0c4116597fdc7b345121
        Tag: 7.1.1-rc1


    Which can be verified with the following command:

        $ git tag -v 7.1.1-rc1


    All code signing keys are available here:

        https://dist.apache.org/repos/dist/dev/trafficserver/KEYS

    Make sure you refresh from a key server to get all relevant signatures. This vote is open until EOB September 5th.

    Cheers,

    — Leif

    Changes with Apache Traffic Server 7.1.1
      #1766 - Can't convert Cache Result to Cache MISS by TSHttpTxnCacheLookupStatusSet
      #1953 - Unit Tests for Issue #1605 AWS Signature Version 4
      #1980 - Issue #1685: Use TS_MILESTONE_UA_BEGIN for cqt* log fields
      #2123 - ua_buffer_reader should be released in deallocate_redirect_postdata
      #2217 - Be less aggressive in calling SSL_shutdown.
      #2273 - Fixed debug build on Fedora 26 with gcc7
      #2285 - Prevent HSTS headers from including the terminating null byte.
      #2298 - Fix origin requests to default to HTTP 1.1
      #2305 - Rework SSL handshake hooks and add tls_hooks tests.
      #2315 - For 7.1.x, H2 Assertsion at Http2DependencyTree::deactivate
      #2329 - Push triggered DNSConnections into an atomic queue to prevent DNSConnection lost.
      #2331 - cqtq,cqtn,cqtd,cqtt timestamp blog format to be INT again
      #2359 - Remove the correct entry from priority queue and insert the new node into the queue
      #2369 - Backport PR 2336 to 7.1.x - Add missing checks for request url
      #2370 - Backport PR 2338 to 7.1.x - Add null pointer check to server response set status in Lua plugin
      #2393 - Change from SHA1 to SHA512
      #2396 - Fedora 26 and gcc7 support for ATS 7.1.1
      #2401 - Prefer setting AM_CPPFLAGS vs. CPPFLAGS, etc.
      #2402 - Added more fallthrough comments for Fedora 26 and gcc7 for ICP
      #2413 - Correctly Handle EVENT_NONE in UnixNetVConnection::acceptEvent
      #2414 - Out-of-bounds while get port from host field
      #2443 - AWS auth v4: fixed query param value URI-encoding
      #2452 - Ticket file reload shouldn't kill traffic_server process
      #2453 - FD leaks when ep.start() failed or cancelled in acceptEvent or con.connect() failed
      #2457 - Cherry pick a set of Catch based commits to 7.1
      #2458 - Coverity: CID 1380042:Resource leaks  (RESOURCE_LEAK)
      #2459 - fixing memory leak when ATS serves stale records
      #2460 - S3_auth:uri(En|De)code() pass by ref,not val(master)


Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

Bryan Call-2
In reply to this post by Leif Hedstrom
+1 - Passed signatures check, regression tests, and I have been running it in production since 8/31 without any issues.

-Bryan

> On Aug 31, 2017, at 3:07 PM, Leif Hedstrom <[hidden email]> wrote:
>
> I've prepared a release for 7.1.1 (RC1), which is a bug fix release on the previous v7.1.0. The release notes for 7.1.1 is available at:
>
> https://github.com/apache/trafficserver/milestone/12?closed=1
>
> or for a brief ChangeLog (attached below as well):
>
> https://github.com/apache/trafficserver/blob/7.1.x/CHANGELOG-7.1.1
>
>
> This release of v7.1.1 is backwards compatible with all v7.x release, for some details as to what’s new in v.7.1.x see
>
> https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v7.1.x
>
>
> Information about upgrading to this release from previous major versions is available at:
>
> https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v7.0
>
>
> The artifacts are available for download at:
>
> http://people.apache.org/~zwoop/rel-candidates/
>
>
> Checksums:
>
> MD5: a3a9f1a70cd9d11ad5a027275643cca1 *trafficserver-7.1.1-rc1.tar.bz2
> SHA512: 9d3d9af85f58015a1221c74e3034a16fad3f9f4b1d55ff0271561a065282847c8c46f9d0152c6b534ab25647acddaf232e9df6228ae609c41ea7ffa8d0a84a6d *trafficserver-7.1.1-rc1.tar.bz2
>
>
> This corresponds to git refs:
>
> Hash: 6f6a04aae105291c774d0c4116597fdc7b345121
> Tag: 7.1.1-rc1
>
>
> Which can be verified with the following command:
>
> $ git tag -v 7.1.1-rc1
>
>
> All code signing keys are available here:
>
> https://dist.apache.org/repos/dist/dev/trafficserver/KEYS
>
> Make sure you refresh from a key server to get all relevant signatures. This vote is open until EOB September 5th.
>
> Cheers,
>
> — Leif
>
> Changes with Apache Traffic Server 7.1.1
>  #1766 - Can't convert Cache Result to Cache MISS by TSHttpTxnCacheLookupStatusSet
>  #1953 - Unit Tests for Issue #1605 AWS Signature Version 4
>  #1980 - Issue #1685: Use TS_MILESTONE_UA_BEGIN for cqt* log fields
>  #2123 - ua_buffer_reader should be released in deallocate_redirect_postdata
>  #2217 - Be less aggressive in calling SSL_shutdown.
>  #2273 - Fixed debug build on Fedora 26 with gcc7
>  #2285 - Prevent HSTS headers from including the terminating null byte.
>  #2298 - Fix origin requests to default to HTTP 1.1
>  #2305 - Rework SSL handshake hooks and add tls_hooks tests.
>  #2315 - For 7.1.x, H2 Assertsion at Http2DependencyTree::deactivate
>  #2329 - Push triggered DNSConnections into an atomic queue to prevent DNSConnection lost.
>  #2331 - cqtq,cqtn,cqtd,cqtt timestamp blog format to be INT again
>  #2359 - Remove the correct entry from priority queue and insert the new node into the queue
>  #2369 - Backport PR 2336 to 7.1.x - Add missing checks for request url
>  #2370 - Backport PR 2338 to 7.1.x - Add null pointer check to server response set status in Lua plugin
>  #2393 - Change from SHA1 to SHA512
>  #2396 - Fedora 26 and gcc7 support for ATS 7.1.1
>  #2401 - Prefer setting AM_CPPFLAGS vs. CPPFLAGS, etc.
>  #2402 - Added more fallthrough comments for Fedora 26 and gcc7 for ICP
>  #2413 - Correctly Handle EVENT_NONE in UnixNetVConnection::acceptEvent
>  #2414 - Out-of-bounds while get port from host field
>  #2443 - AWS auth v4: fixed query param value URI-encoding
>  #2452 - Ticket file reload shouldn't kill traffic_server process
>  #2453 - FD leaks when ep.start() failed or cancelled in acceptEvent or con.connect() failed
>  #2457 - Cherry pick a set of Catch based commits to 7.1
>  #2458 - Coverity: CID 1380042:Resource leaks  (RESOURCE_LEAK)
>  #2459 - fixing memory leak when ATS serves stale records
>  #2460 - S3_auth:uri(En|De)code() pass by ref,not val(master)

Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

Leif Hedstrom

> On Sep 5, 2017, at 12:32 PM, Bryan Call <[hidden email]> wrote:
>
> +1 - Passed signatures check, regression tests, and I have been running it in production since 8/31 without any issues.
>


I’m going to call this, with 4+1 votes (3 binding) and no -1’s. I’m pushing to the dist servers tonight, and will make the announcement tomorrow.

Cheers,

— Leif


Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

Reindl Harald
In reply to this post by Reindl Harald


Am 02.09.2017 um 05:08 schrieb Reindl Harald:

>
>
> Am 02.09.2017 um 04:51 schrieb Miles Libbey:
>> On Fri, Sep 1, 2017 at 6:40 PM, Reindl Harald <[hidden email]>
>> wrote:
>>>
>>>
>>> Am 01.09.2017 um 22:43 schrieb Alan Carroll:
>>>>
>>>> Is that addressed by
>>>> https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification 
>>>>
>>>
>>>
>>> sounds good - when is 8.0 planned to be released?
>>
>> It's also available in 7.  We do a terrible job of having the
>> documentation match the actual version (eg why we default to a version
>> that won't be released for quite some time is beyond me,
>
> frankly that DOES NOT WORK or how do you explain the logs at startup i
> posted which are from 7.1.0

that bullshit still happens with 7.1.1

[root@proxy:~]$ cat records.config | grep disable
CONFIG proxy.config.disable_configuration_modification INT 1
[root@proxy:~]$

[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::openFile] Open of hosting.config failed: Permission denied
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::Rollback] Config file is read-only : hosting.config
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::openFile] Open of congestion.config failed: Read-only file system
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::internalUpdate] Unable to create new version of
congestion.config : Read-only file system
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::Rollback] Automatic Roll of Version 1 failed: congestion.config
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::openFile] Open of congestion.config failed: Permission denied
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::Rollback] Config file is read-only : congestion.config
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::openFile] Open of plugin.config failed: Read-only file system
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::internalUpdate] Unable to create new version of plugin.config
: Read-only file system
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::Rollback] Automatic Roll of Version 1 failed: plugin.config
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::openFile] Open of plugin.config failed: Permission denied
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::Rollback] Config file is read-only : plugin.config
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::openFile] Open of splitdns.config failed: Read-only file system
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::internalUpdate] Unable to create new version of
splitdns.config : Read-only file system
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::Rollback] Automatic Roll of Version 1 failed: splitdns.config
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::openFile] Open of splitdns.config failed: Permission denied
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::Rollback] Config file is read-only : splitdns.config
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::openFile] Open of ssl_multicert.config failed: Read-only file
system
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::internalUpdate] Unable to create new version of
ssl_multicert.config : Read-only file system
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::Rollback] Automatic Roll of Version 1 failed:
ssl_multicert.config
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::openFile] Open of ssl_multicert.config failed: Permission denied
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::Rollback] Config file is read-only : ssl_multicert.config
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::openFile] Open of metrics.config failed: Read-only file system
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::internalUpdate] Unable to create new version of
metrics.config : Read-only file system
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::Rollback] Automatic Roll of Version 1 failed: metrics.config
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::openFile] Open of metrics.config failed: Permission denied
[Sep  8 00:37:57.278] Manager {0x7fc666e4c940} NOTE:
[Rollback::Rollback] Config file is read-only : metrics.config
[Sep  8 00:37:57.279] Manager {0x7fc666e4c940} NOTE:
[Rollback::openFile] Open of cluster.config failed: Read-only file system
[Sep  8 00:37:57.279] Manager {0x7fc666e4c940} NOTE:
[Rollback::internalUpdate] Unable to create new version of
cluster.config : Read-only file system
[Sep  8 00:37:57.279] Manager {0x7fc666e4c940} NOTE:
[Rollback::Rollback] Automatic Roll of Version 1 failed: cluster.config
[Sep  8 00:37:57.279] Manager {0x7fc666e4c940} NOTE:
[Rollback::openFile] Open of cluster.config failed: Permission denied
[Sep  8 00:37:57.279] Manager {0x7fc666e4c940} NOTE:
[Rollback::Rollback] Config file is read-only : cluster.config
[Sep  8 00:37:57.279] Manager {0x7fc666e4c940} NOTE:
[ClusterCom::ClusterCom] Node running on OS: 'Linux' Release:
'4.12.8-200.fc25.x86_64'
[Sep  8 00:37:57.279] Manager {0x7fc666e4c940} NOTE:
[LocalManager::listenForProxy] Listening on port: 80 (ipv4)
[Sep  8 00:37:57.279] Manager {0x7fc666e4c940} NOTE:
[LocalManager::listenForProxy] Listening on port: 443 (ipv4)
[Sep  8 00:37:57.279] Manager {0x7fc666e4c940} NOTE: [TrafficManager]
Setup complete
[Sep  8 00:37:58.280] Manager {0x7fc666e4c940} NOTE: [ProxyStateSet]
Traffic Server Args: '--bind_stdout /var/log/trafficserver/traffic.out
--bind_stderr /var/log/trafficserver/traffic.out -M'
[Sep  8 00:37:58.280] Manager {0x7fc666e4c940} NOTE:
[LocalManager::listenForProxy] Listening on port: 80 (ipv4)
[Sep  8 00:37:58.280] Manager {0x7fc666e4c940} NOTE:
[LocalManager::listenForProxy] Listening on port: 443 (ipv4)
[Sep  8 00:37:58.280] Manager {0x7fc666e4c940} NOTE:
[LocalManager::startProxy] Launching ts process
[Sep  8 00:37:58.288] Manager {0x7fc666e4c940} NOTE:
[LocalManager::pollMgmtProcessServer] New process connecting fd '15'
[Sep  8 00:37:58.288] Manager {0x7fc666e4c940} NOTE:
[Alarms::signalAlarm] Server Process born


>

--

Reindl Harald
the lounge interactive design GmbH
A-1060 Vienna, Hofmühlgasse 17
CTO / CISO / Software-Development
m: +43 676 40 221 40
p: +43 1 595 3999 33
http://www.thelounge.net/
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

Reindl Harald
In reply to this post by Miles Libbey


Am 02.09.2017 um 04:51 schrieb Miles Libbey:

> On Fri, Sep 1, 2017 at 6:40 PM, Reindl Harald <[hidden email]> wrote:
>>
>>
>> Am 01.09.2017 um 22:43 schrieb Alan Carroll:
>>>
>>> Is that addressed by
>>> https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification
>>
>> sounds good - when is 8.0 planned to be released?
>
> It's also available in 7.  We do a terrible job of having the
> documentation match the actual version (eg why we default to a version
> that won't be released for quite some time is beyond me,

IT DON'T WORK

>> that you currently need a hard restart for config changes is a pain and will
>> be much more pain when you have to use letsencrypt with it's frequent
>> certificate updates in the next month after Chrome is starting to warn about
>> any site containing a from-tag without TLS
>
> They don't. Remap, SSL cert, and parents just need reloads, not
> restarts. Many record config values are also reloads

IT DON'T RELOAD because of readonly /etc

"/usr/bin/traffic_ctl config reload" don't do anything beause of this
"[Rollback::Rollback] Config file is read-only : ssl_multicert.config"
bullshit and i am currently working to implement letsencrypt for
hundrets of domains which means that at every point in time certificates
can be changed and a reload is needed and HARD RESTART IS A NO-GO

why in the world is that broken-by-design not fixed after 5 years of
complaining or at least a option called
"proxy.config.disable_configuration_modification" not tested at all?

is it really that hard to create a basic systemd unit and set the OS to
redonly which should be the case for every network service in 2017 and
test BASIC OPERATIONS?

ReadOnlyDirectories=/etc
ReadOnlyDirectories=/usr
ReadOnlyDirectories=/var/lib
ReadWriteDirectories=/etc/trafficserver/internal
ReadWriteDirectories=/etc/trafficserver/snapshots

[root@proxy:~]$ cat records.config | grep configuration
# Main threads configuration (worker threads). Also see configurations
for   #
# parent proxy configuration
     #
CONFIG proxy.config.disable_configuration_modification INT 1
CONFIG proxy.config.cluster.cluster_configuration STRING cluster.config

IT JUST DON'T WORK
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

Reindl Harald
https://github.com/apache/trafficserver/issues/2505

[root@proxy:/var/log/trafficserver]$ nano
/etc/trafficserver/ssl_multicert.config
[root@proxy:/var/log/trafficserver]$ cat *
[root@proxy:/var/log/trafficserver]$ systemctl reload trafficserver.service
[root@proxy:/var/log/trafficserver]$ cat *
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE:
[Rollback::openFile] Open of ssl_multicert.config failed: Read-only file
system
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE:
[Rollback::internalUpdate] Unable to create new version of
ssl_multicert.config : Read-only file system
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE:
[Rollback::checkForUserUpdate] Failed to roll changed user file
ssl_multicert.config: System Call Error
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: User has changed
config file ssl_multicert.config
[root@proxy:/var/log/trafficserver]$

FUCK IT

Am 12.09.2017 um 17:45 schrieb Reindl Harald:

> Am 02.09.2017 um 04:51 schrieb Miles Libbey:
>> On Fri, Sep 1, 2017 at 6:40 PM, Reindl Harald <[hidden email]>
>> wrote:
>>>
>>>
>>> Am 01.09.2017 um 22:43 schrieb Alan Carroll:
>>>>
>>>> Is that addressed by
>>>> https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification 
>>>>
>>>
>>> sounds good - when is 8.0 planned to be released?
>>
>> It's also available in 7.  We do a terrible job of having the
>> documentation match the actual version (eg why we default to a version
>> that won't be released for quite some time is beyond me,
>
> IT DON'T WORK
>
>>> that you currently need a hard restart for config changes is a pain
>>> and will
>>> be much more pain when you have to use letsencrypt with it's frequent
>>> certificate updates in the next month after Chrome is starting to
>>> warn about
>>> any site containing a from-tag without TLS
>>
>> They don't. Remap, SSL cert, and parents just need reloads, not
>> restarts. Many record config values are also reloads
>
> IT DON'T RELOAD because of readonly /etc
>
> "/usr/bin/traffic_ctl config reload" don't do anything beause of this
> "[Rollback::Rollback] Config file is read-only : ssl_multicert.config"
> bullshit and i am currently working to implement letsencrypt for
> hundrets of domains which means that at every point in time certificates
> can be changed and a reload is needed and HARD RESTART IS A NO-GO
>
> why in the world is that broken-by-design not fixed after 5 years of
> complaining or at least a option called
> "proxy.config.disable_configuration_modification" not tested at all?
>
> is it really that hard to create a basic systemd unit and set the OS to
> redonly which should be the case for every network service in 2017 and
> test BASIC OPERATIONS?
>
> ReadOnlyDirectories=/etc
> ReadOnlyDirectories=/usr
> ReadOnlyDirectories=/var/lib
> ReadWriteDirectories=/etc/trafficserver/internal
> ReadWriteDirectories=/etc/trafficserver/snapshots
>
> [root@proxy:~]$ cat records.config | grep configuration
> # Main threads configuration (worker threads). Also see configurations
> for   #
> # parent proxy configuration     #
> CONFIG proxy.config.disable_configuration_modification INT 1
> CONFIG proxy.config.cluster.cluster_configuration STRING cluster.config
>
> IT JUST DON'T WORK
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

Bryan Call-2
In reply to this post by Reindl Harald
proxy.config.disable_configuration_modification was a feature that was requested and the group didn’t use it.

We are planning on having the configuration to be read-only for ATS 8.

-Bryan


> On Sep 12, 2017, at 8:45 AM, Reindl Harald <[hidden email]> wrote:
>
>
>
> Am 02.09.2017 um 04:51 schrieb Miles Libbey:
>> On Fri, Sep 1, 2017 at 6:40 PM, Reindl Harald <[hidden email]> wrote:
>>>
>>>
>>> Am 01.09.2017 um 22:43 schrieb Alan Carroll:
>>>>
>>>> Is that addressed by
>>>> https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification
>>>
>>> sounds good - when is 8.0 planned to be released?
>> It's also available in 7.  We do a terrible job of having the
>> documentation match the actual version (eg why we default to a version
>> that won't be released for quite some time is beyond me,
>
> IT DON'T WORK
>
>>> that you currently need a hard restart for config changes is a pain and will
>>> be much more pain when you have to use letsencrypt with it's frequent
>>> certificate updates in the next month after Chrome is starting to warn about
>>> any site containing a from-tag without TLS
>> They don't. Remap, SSL cert, and parents just need reloads, not
>> restarts. Many record config values are also reloads
>
> IT DON'T RELOAD because of readonly /etc
>
> "/usr/bin/traffic_ctl config reload" don't do anything beause of this "[Rollback::Rollback] Config file is read-only : ssl_multicert.config" bullshit and i am currently working to implement letsencrypt for hundrets of domains which means that at every point in time certificates can be changed and a reload is needed and HARD RESTART IS A NO-GO
>
> why in the world is that broken-by-design not fixed after 5 years of complaining or at least a option called "proxy.config.disable_configuration_modification" not tested at all?
>
> is it really that hard to create a basic systemd unit and set the OS to redonly which should be the case for every network service in 2017 and test BASIC OPERATIONS?
>
> ReadOnlyDirectories=/etc
> ReadOnlyDirectories=/usr
> ReadOnlyDirectories=/var/lib
> ReadWriteDirectories=/etc/trafficserver/internal
> ReadWriteDirectories=/etc/trafficserver/snapshots
>
> [root@proxy:~]$ cat records.config | grep configuration
> # Main threads configuration (worker threads). Also see configurations for   #
> # parent proxy configuration     #
> CONFIG proxy.config.disable_configuration_modification INT 1
> CONFIG proxy.config.cluster.cluster_configuration STRING cluster.config
>
> IT JUST DON'T WORK

Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

Reindl Harald


Am 12.09.2017 um 22:31 schrieb Bryan Call:
> proxy.config.disable_configuration_modification was a feature that was requested and the group didn’t use it.
>
> We are planning on having the configuration to be read-only for ATS 8.

frankly ATS 8 is way too late after years of complaining when you need
to have Letsencrypt enabled in a few weeks because Google Chrome will
warn on every page with a from tag and no SSL

it's just UNACCEPTABLE that you have to HARD RESTART Trafficserver for
every remamp/ssl change, it was UNACCEPTABLE the last years too but now
it's becoming a joke

where is the rocket science just read the fucking config file and shut
up like every other software on this plant is able to do?

[root@proxy:/var/log/trafficserver]$ nano
/etc/trafficserver/ssl_multicert.config
[root@proxy:/var/log/trafficserver]$ cat *
[root@proxy:/var/log/trafficserver]$ systemctl reload trafficserver.service
[root@proxy:/var/log/trafficserver]$ cat *
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE:
[Rollback::openFile] Open of ssl_multicert.config failed: Read-only file
system
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE:
[Rollback::internalUpdate] Unable to create new version of
ssl_multicert.config : Read-only file system
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE:
[Rollback::checkForUserUpdate] Failed to roll changed user file
ssl_multicert.config: System Call Error
[Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: User has changed
config file ssl_multicert.config
[root@proxy:/var/log/trafficserver]$

>> On Sep 12, 2017, at 8:45 AM, Reindl Harald <[hidden email]> wrote:
>>
>>
>>
>> Am 02.09.2017 um 04:51 schrieb Miles Libbey:
>>> On Fri, Sep 1, 2017 at 6:40 PM, Reindl Harald <[hidden email]> wrote:
>>>>
>>>>
>>>> Am 01.09.2017 um 22:43 schrieb Alan Carroll:
>>>>>
>>>>> Is that addressed by
>>>>> https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification
>>>>
>>>> sounds good - when is 8.0 planned to be released?
>>> It's also available in 7.  We do a terrible job of having the
>>> documentation match the actual version (eg why we default to a version
>>> that won't be released for quite some time is beyond me,
>>
>> IT DON'T WORK
>>
>>>> that you currently need a hard restart for config changes is a pain and will
>>>> be much more pain when you have to use letsencrypt with it's frequent
>>>> certificate updates in the next month after Chrome is starting to warn about
>>>> any site containing a from-tag without TLS
>>> They don't. Remap, SSL cert, and parents just need reloads, not
>>> restarts. Many record config values are also reloads
>>
>> IT DON'T RELOAD because of readonly /etc
>>
>> "/usr/bin/traffic_ctl config reload" don't do anything beause of this "[Rollback::Rollback] Config file is read-only : ssl_multicert.config" bullshit and i am currently working to implement letsencrypt for hundrets of domains which means that at every point in time certificates can be changed and a reload is needed and HARD RESTART IS A NO-GO
>>
>> why in the world is that broken-by-design not fixed after 5 years of complaining or at least a option called "proxy.config.disable_configuration_modification" not tested at all?
>>
>> is it really that hard to create a basic systemd unit and set the OS to redonly which should be the case for every network service in 2017 and test BASIC OPERATIONS?
>>
>> ReadOnlyDirectories=/etc
>> ReadOnlyDirectories=/usr
>> ReadOnlyDirectories=/var/lib
>> ReadWriteDirectories=/etc/trafficserver/internal
>> ReadWriteDirectories=/etc/trafficserver/snapshots
>>
>> [root@proxy:~]$ cat records.config | grep configuration
>> # Main threads configuration (worker threads). Also see configurations for   #
>> # parent proxy configuration     #
>> CONFIG proxy.config.disable_configuration_modification INT 1
>> CONFIG proxy.config.cluster.cluster_configuration STRING cluster.config
>>
>> IT JUST DON'T WORK
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

Leif Hedstrom


> On Sep 12, 2017, at 2:41 PM, Reindl Harald <[hidden email]> wrote:
>
>
>
>> Am 12.09.2017 um 22:31 schrieb Bryan Call:
>> proxy.config.disable_configuration_modification was a feature that was requested and the group didn’t use it.
>> We are planning on having the configuration to be read-only for ATS 8.
>
> frankly ATS 8 is way too late after years of complaining when you need to have Letsencrypt enabled in a few weeks because Google Chrome will warn on every page with a from tag and no SSL
>
> it's just UNACCEPTABLE that you have to HARD RESTART Trafficserver for every remamp/ssl change, it was UNACCEPTABLE the last years too but now it's becoming a joke
>
> where is the rocket science just read the fucking config file and shut up like every other software on this plant is able to do?

You need to stop whining like a spoiled brat! There are / were several reasons why this was done, e.g. it's a requirement for the cluster config to work. Clustering is dead now, and gives us a way to remove this code and behavior for 8.0.

That much said, as much complaining as you have done on this subject, the amount of code contributions from you or anyone else that has a problem with this feature is exactly zero. Which open source projects lets you dictate others to do your work for you? We all have our priorities as (usually) dictated by the respective companies paying our salaries.

Sincerely,

-- Leif (not speaking on behalf of anyone other than myself)

>
> [root@proxy:/var/log/trafficserver]$ nano /etc/trafficserver/ssl_multicert.config
> [root@proxy:/var/log/trafficserver]$ cat *
> [root@proxy:/var/log/trafficserver]$ systemctl reload trafficserver.service
> [root@proxy:/var/log/trafficserver]$ cat *
> [Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: [Rollback::openFile] Open of ssl_multicert.config failed: Read-only file system
> [Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: [Rollback::internalUpdate] Unable to create new version of ssl_multicert.config : Read-only file system
> [Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: [Rollback::checkForUserUpdate] Failed to roll changed user file ssl_multicert.config: System Call Error
> [Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: User has changed config file ssl_multicert.config
> [root@proxy:/var/log/trafficserver]$
>
>>> On Sep 12, 2017, at 8:45 AM, Reindl Harald <[hidden email]> wrote:
>>>
>>>
>>>
>>>> Am 02.09.2017 um 04:51 schrieb Miles Libbey:
>>>>> On Fri, Sep 1, 2017 at 6:40 PM, Reindl Harald <[hidden email]> wrote:
>>>>>
>>>>>
>>>>>> Am 01.09.2017 um 22:43 schrieb Alan Carroll:
>>>>>>
>>>>>> Is that addressed by
>>>>>> https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification
>>>>>
>>>>> sounds good - when is 8.0 planned to be released?
>>>> It's also available in 7.  We do a terrible job of having the
>>>> documentation match the actual version (eg why we default to a version
>>>> that won't be released for quite some time is beyond me,
>>>
>>> IT DON'T WORK
>>>
>>>>> that you currently need a hard restart for config changes is a pain and will
>>>>> be much more pain when you have to use letsencrypt with it's frequent
>>>>> certificate updates in the next month after Chrome is starting to warn about
>>>>> any site containing a from-tag without TLS
>>>> They don't. Remap, SSL cert, and parents just need reloads, not
>>>> restarts. Many record config values are also reloads
>>>
>>> IT DON'T RELOAD because of readonly /etc
>>>
>>> "/usr/bin/traffic_ctl config reload" don't do anything beause of this "[Rollback::Rollback] Config file is read-only : ssl_multicert.config" bullshit and i am currently working to implement letsencrypt for hundrets of domains which means that at every point in time certificates can be changed and a reload is needed and HARD RESTART IS A NO-GO
>>>
>>> why in the world is that broken-by-design not fixed after 5 years of complaining or at least a option called "proxy.config.disable_configuration_modification" not tested at all?
>>>
>>> is it really that hard to create a basic systemd unit and set the OS to redonly which should be the case for every network service in 2017 and test BASIC OPERATIONS?
>>>
>>> ReadOnlyDirectories=/etc
>>> ReadOnlyDirectories=/usr
>>> ReadOnlyDirectories=/var/lib
>>> ReadWriteDirectories=/etc/trafficserver/internal
>>> ReadWriteDirectories=/etc/trafficserver/snapshots
>>>
>>> [root@proxy:~]$ cat records.config | grep configuration
>>> # Main threads configuration (worker threads). Also see configurations for   #
>>> # parent proxy configuration     #
>>> CONFIG proxy.config.disable_configuration_modification INT 1
>>> CONFIG proxy.config.cluster.cluster_configuration STRING cluster.config
>>>
>>> IT JUST DON'T WORK

Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

Reindl Harald


Am 14.09.2017 um 00:38 schrieb Leif Hedstrom:

>> On Sep 12, 2017, at 2:41 PM, Reindl Harald <[hidden email]> wrote:
>>> Am 12.09.2017 um 22:31 schrieb Bryan Call:
>>> proxy.config.disable_configuration_modification was a feature that was requested and the group didn’t use it.
>>> We are planning on having the configuration to be read-only for ATS 8.
>>
>> frankly ATS 8 is way too late after years of complaining when you need to have Letsencrypt enabled in a few weeks because Google Chrome will warn on every page with a from tag and no SSL
>>
>> it's just UNACCEPTABLE that you have to HARD RESTART Trafficserver for every remamp/ssl change, it was UNACCEPTABLE the last years too but now it's becoming a joke
>>
>> where is the rocket science just read the fucking config file and shut up like every other software on this plant is able to do?
>
> You need to stop whining like a spoiled brat! There are / were several reasons why this was done, e.g. it's a requirement for the cluster config to work. Clustering is dead now, and gives us a way to remove this code and behavior for 8.0

it's not about "remove a feature" - it's just about a sinlg line of code
detecting "oh, /etc" is readonly and jst disbale all of that stuff
implicit instead break left and right and spit some pages of errors for
each and every config file

frankly, if ATS would have  been written in PHP (yes, i know wrong
programming language) it would have taken 5 minutes if at all to make
that conditional without any configuration 5 years ago

it's not about whinign - it's about a broken design which could have
been fixed years ago with *zero amount of work*
Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

Igor Cicimov
In reply to this post by Leif Hedstrom


On Thu, Sep 14, 2017 at 8:38 AM, Leif Hedstrom <[hidden email]> wrote:


> On Sep 12, 2017, at 2:41 PM, Reindl Harald <[hidden email]> wrote:
>
>
>
>> Am 12.09.2017 um 22:31 schrieb Bryan Call:
>> proxy.config.disable_configuration_modification was a feature that was requested and the group didn’t use it.
>> We are planning on having the configuration to be read-only for ATS 8.
>
> frankly ATS 8 is way too late after years of complaining when you need to have Letsencrypt enabled in a few weeks because Google Chrome will warn on every page with a from tag and no SSL
>
> it's just UNACCEPTABLE that you have to HARD RESTART Trafficserver for every remamp/ssl change, it was UNACCEPTABLE the last years too but now it's becoming a joke
>
> where is the rocket science just read the fucking config file and shut up like every other software on this plant is able to do?

You need to stop whining like a spoiled brat! There are / were several reasons why this was done, e.g. it's a requirement for the cluster config to work. Clustering is dead now, and gives us a way to remove this code and behavior for 8.0.

That much said, as much complaining as you have done on this subject, the amount of code contributions from you or anyone else that has a problem with this feature is exactly zero. Which open source projects lets you dictate others to do your work for you? We all have our priorities as (usually) dictated by the respective companies paying our salaries.

Sincerely,

-- Leif (not speaking on behalf of anyone other than myself)

>
> [root@proxy:/var/log/trafficserver]$ nano /etc/trafficserver/ssl_multicert.config
> [root@proxy:/var/log/trafficserver]$ cat *
> [root@proxy:/var/log/trafficserver]$ systemctl reload trafficserver.service
> [root@proxy:/var/log/trafficserver]$ cat *
> [Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: [Rollback::openFile] Open of ssl_multicert.config failed: Read-only file system
> [Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: [Rollback::internalUpdate] Unable to create new version of ssl_multicert.config : Read-only file system
> [Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: [Rollback::checkForUserUpdate] Failed to roll changed user file ssl_multicert.config: System Call Error
> [Sep 12 17:52:47.317] Manager {0x7f2581dea700} NOTE: User has changed config file ssl_multicert.config
> [root@proxy:/var/log/trafficserver]$
>
>>> On Sep 12, 2017, at 8:45 AM, Reindl Harald <[hidden email]> wrote:
>>>
>>>
>>>
>>>> Am 02.09.2017 um 04:51 schrieb Miles Libbey:
>>>>> On Fri, Sep 1, 2017 at 6:40 PM, Reindl Harald <[hidden email]> wrote:
>>>>>
>>>>>
>>>>>> Am 01.09.2017 um 22:43 schrieb Alan Carroll:
>>>>>>
>>>>>> Is that addressed by
>>>>>> https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html?highlight=records%20config#proxy-config-disable-configuration-modification
>>>>>
>>>>> sounds good - when is 8.0 planned to be released?
>>>> It's also available in 7.  We do a terrible job of having the
>>>> documentation match the actual version (eg why we default to a version
>>>> that won't be released for quite some time is beyond me,
>>>
>>> IT DON'T WORK
>>>
>>>>> that you currently need a hard restart for config changes is a pain and will
>>>>> be much more pain when you have to use letsencrypt with it's frequent
>>>>> certificate updates in the next month after Chrome is starting to warn about
>>>>> any site containing a from-tag without TLS
>>>> They don't. Remap, SSL cert, and parents just need reloads, not
>>>> restarts. Many record config values are also reloads
>>>
>>> IT DON'T RELOAD because of readonly /etc
>>>
>>> "/usr/bin/traffic_ctl config reload" don't do anything beause of this "[Rollback::Rollback] Config file is read-only : ssl_multicert.config" bullshit and i am currently working to implement letsencrypt for hundrets of domains which means that at every point in time certificates can be changed and a reload is needed and HARD RESTART IS A NO-GO
>>>
>>> why in the world is that broken-by-design not fixed after 5 years of complaining or at least a option called "proxy.config.disable_configuration_modification" not tested at all?
>>>
>>> is it really that hard to create a basic systemd unit and set the OS to redonly which should be the case for every network service in 2017 and test BASIC OPERATIONS?
>>>
>>> ReadOnlyDirectories=/etc
>>> ReadOnlyDirectories=/usr
>>> ReadOnlyDirectories=/var/lib
>>> ReadWriteDirectories=/etc/trafficserver/internal
>>> ReadWriteDirectories=/etc/trafficserver/snapshots
>>>
>>> [root@proxy:~]$ cat records.config | grep configuration
>>> # Main threads configuration (worker threads). Also see configurations for   #
>>> # parent proxy configuration     #
>>> CONFIG proxy.config.disable_configuration_modification INT 1
>>> CONFIG proxy.config.cluster.cluster_configuration STRING cluster.config
>>>
>>> IT JUST DON'T WORK


​​Hallelujah! I'm not the only one finding this guy annoying! If I was head of this project he would had been off the mailing list long time ago.​ Using language like this about people that gave him a great tool to use for FREE is just unacceptable.

I have ATS compiled and installed from source and have /etc/trafficserver symlinked to /usr/local/etc/trafficserver and have never seen the issue he's talking about. There are million ways and at least half a dozen of tools that can help workaround and automate any issue you can think of. And if you are still complaining about something trivial like that for 5 years than really you should quit your job and start doing something else.

I guess that's what you get when you put PHP (haha PHP, now that's a real "joke") enthusiast doing a sysadmin job. You clearly explained the reason why was this not possible till now but he's still not getting it :-/

So thanks to everyone involved in this project, keep the good work and please ignore comments from people that have no talent or creativity to do anything else but complaining.


​Regards,​
--
Igor Cicimov | DevOps


p. +61 (0) 433 078 728
e. igorc@...
w. www.encompasscorporation.com
a. Level 4, 65 York Street, Sydney 2000

Reply | Threaded
Open this post in threaded view
|

Re: [VOTE] Release Apache Traffic Server 7.1.1 (RC1)

Reindl Harald


Am 14.09.2017 um 03:14 schrieb Igor Cicimov:
> ​​Hallelujah! I'm not the only one finding this guy annoying! If I was
> head of this project he would had been off the mailing list long time
> ago.​ Using language like this about people that gave him a great tool
> to use for FREE is just unacceptable.

i would even pay to get such major bugs fixed in a shorter timeframe
than a decade

> I have ATS compiled and installed from source and have
> /etc/trafficserver symlinked to /usr/local/etc/trafficserver and have
> never seen the issue he's talking about.

what the hell has this to do with "ReadOnlyDirectories=/etc" besides
that i then would have to set "ReadOnlyDirectories=/usr/local/etc" too?

no software has any bussiness even try to write in /etc, but even if it
tries and fails it's no justification to refuse *read* from there
without a hard restart

> There are million ways and at
> least half a dozen of tools that can help workaround and automate any
> issue you can think of. And if you are still complaining about something
> trivial like that for 5 years than really you should quit your job and

no there is no single way that ATS realods it's config when the config
folder is readonly and it's only insane to detect "
User has changed config file ssl_multicert.config" but refuse to *read*
the file becuase you can't write to it

[root@proxy:/var/log/trafficserver]$ cat *
[root@proxy:/var/log/trafficserver]$ touch
/etc/trafficserver/ssl_multicert.config
[root@proxy:/var/log/trafficserver]$ /usr/bin/traffic_ctl config reload
[root@proxy:/var/log/trafficserver]$ cat *
[Sep 14 11:16:28.625] Manager {0x7f8d3efea700} NOTE:
[Rollback::openFile] Open of ssl_multicert.config failed: Read-only file
system
[Sep 14 11:16:28.625] Manager {0x7f8d3efea700} NOTE:
[Rollback::internalUpdate] Unable to create new version of
ssl_multicert.config : Read-only file system
[Sep 14 11:16:28.625] Manager {0x7f8d3efea700} NOTE:
[Alarms::signalAlarm] Skipping Alarm: '[TrafficManager] Configuration
File Update Failed: Read-only file system'
[Sep 14 11:16:28.625] Manager {0x7f8d3efea700} NOTE:
[Rollback::checkForUserUpdate] Failed to roll changed user file
ssl_multicert.config: System Call Error
[Sep 14 11:16:28.625] Manager {0x7f8d3efea700} NOTE: User has changed
config file ssl_multicert.config

> I guess that's what you get when you put PHP (haha PHP, now that's a
> real "joke") enthusiast doing a sysadmin job. You clearly explained the
> reason why was this not possible till now but he's still not getting it :-/

i keep the i-word for myself....