This is an automated email from the ASF dual-hosted git repository.
rawlin pushed a commit to branch 4.1.x
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git
The following commit(s) were added to refs/heads/4.1.x by this push:
new fad4c21 Change ORT to not update ip_allow except badass (#5041)
(#5051)
fad4c21 is described below
commit fad4c21121b90c5af9f8803a8546036968eaae35
Author: Robert O Butts <[email protected]>
AuthorDate: Fri Sep 18 15:40:08 2020 -0600
Change ORT to not update ip_allow except badass (#5041) (#5051)
* Change ORT to not update ip_allow except badass
ATS has a known bug where changing ip_allow.config causes random
blocking on config reload. We changed ORT a while back to not reload
when it changes, but other files can later trigger a reload.
This changes ORT to not update the file at all, and log an error.
This will cause any added servers to not be added to the allow,
likely breaking Edges. But breaking an Edge is better than
breaking a Mid.
Further, the error log will allow users to create alarms, so
they know to go in and manually badass and restart the machine.
* Add ORT flag to update ip_allow.config in syncds
(cherry picked from commit 492290d810e9608afb5d265b98cd3f3e153e776b)
---
traffic_ops/ort/traffic_ops_ort.pl | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/traffic_ops/ort/traffic_ops_ort.pl
b/traffic_ops/ort/traffic_ops_ort.pl
index 8a353bb..674f2e2 100755
--- a/traffic_ops/ort/traffic_ops_ort.pl
+++ b/traffic_ops/ort/traffic_ops_ort.pl
@@ -41,6 +41,7 @@ my $rev_proxy_disable = 0;
my $skip_os_check = 0;
my $override_hostname_short = '';
my $to_timeout_ms = 30000;
+my $syncds_updates_ipallow = 0;
GetOptions( "dispersion=i" => \$dispersion, # dispersion (in seconds)
"retries=i" => \$retries,
@@ -50,6 +51,7 @@ GetOptions( "dispersion=i" => \$dispersion, #
dispersion (in seconds)
"skip_os_check=i" => \$skip_os_check,
"override_hostname_short=s" => \$override_hostname_short,
"to_timeout_ms=i" => \$to_timeout_ms,
+ "syncds_updates_ipallow=i" => \$syncds_updates_ipallow,
);
if ( $#ARGV < 1 ) {
@@ -320,6 +322,7 @@ sub usage {
print "\t skip_os_check=<0|1> => bypass the check for a
supported CentOS version. Default = 0.\n";
print "\t override_hostname_short=<text> => override the short
hostname of the OS for config generation. Default = ''.\n";
print "\t to_timeout_ms=<time> => the Traffic Ops request
timeout in milliseconds. Default = 30000 (30 seconds).\n";
+ print "\t syncds_updates_ipallow=<0|1> => Update ip_allow.config in
syncds mode, which may trigger an ATS bug blocking random addresses on load!
Default = 0, only update on badass and restart.\n";
print
"====-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-====\n";
exit 1;
}
@@ -387,6 +390,15 @@ sub process_cfg_file {
}
}
+ if ($change_needed && $cfg_file eq "ip_allow.config" &&
$syncds_updates_ipallow != 1) {
+ if ($script_mode == $BADASS) {
+ $trafficserver_restart_needed++;
+ } else {
+ ( $log_level >> $ERROR ) && print "ERROR Not in badass
mode, but ip_allow.config changed! Changing that file will cause ATS to break
the next time it Reloads! Ignoring file!! This will cause this server to reject
any new servers! ORT must be run in badass mode to get the ip_allow.config
change and permit the necessary client!\n";
+ $change_needed = undef;
+ }
+ }
+
if ( $change_needed ) {
$cfg_file_tracker->{$cfg_file}{'change_needed'}++;
( $log_level >> $ERROR ) && print "ERROR $file needs
updated.\n";
