This is an automated email from the ASF dual-hosted git repository.
zrhoffman pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficcontrol.git
The following commit(s) were added to refs/heads/master by this push:
new d96720180a Update cdn config (Remove hypnotoad section and update
listen field) (#7450)
d96720180a is described below
commit d96720180a0c698bba9d6549c487ffbd8d7903a4
Author: Rima Shah <[email protected]>
AuthorDate: Wed May 31 14:24:16 2023 -0600
Update cdn config (Remove hypnotoad section and update listen field) (#7450)
* Removed Listen field and added key and cert fields.
* Removed Listen field and added key and cert fields-1
* Corrected path in cdn.json files
* Added listen section in traffic_ops_golang and removed key and cert field
since invalidationjobs (L671) uses URL field of Config struct.
* Updated CHANGELOG.md
* Fixed indentation.
* Addressed review comments.
* Fixed traffic_ops_golang.go
* Fixed postinstall issues.
* Removed unused variable
* adding comma and double quotes
---
.github/actions/to-integration-tests/cdn.json | 12 +----
.github/actions/tp-integration-tests/cdn.json | 12 +----
.github/actions/tpv2-integration-tests/cdn.json | 12 +----
CHANGELOG.md | 1 +
dev/traffic_ops/cdn.json | 9 ++--
docs/source/admin/traffic_ops.rst | 18 +++----
.../ansible/roles/traffic_ops/defaults/main.yml | 14 ------
.../roles/traffic_ops/templates/cdn.conf.j2 | 13 +----
infrastructure/cdn-in-a-box/traffic_ops/config.sh | 7 +--
traffic_ops/app/conf/cdn.conf | 12 +----
traffic_ops/etc/init.d/traffic_ops | 2 -
traffic_ops/install/bin/_postinstall.pl | 1 -
traffic_ops/install/bin/_postinstall.py | 31 +++++-------
traffic_ops/install/bin/generateCert | 24 ++++++----
traffic_ops/install/bin/postinstall.test.sh | 32 ++++++-------
traffic_ops/install/lib/GenerateCert.pm | 24 ++++++----
traffic_ops/traffic_ops_golang/config/config.go | 56 ++++++++++------------
.../traffic_ops_golang/config/config_test.go | 15 ++----
.../traffic_ops_golang/traffic_ops_golang.go | 7 ++-
19 files changed, 114 insertions(+), 188 deletions(-)
diff --git a/.github/actions/to-integration-tests/cdn.json
b/.github/actions/to-integration-tests/cdn.json
index e7b78e497d..0da5adbe8e 100644
--- a/.github/actions/to-integration-tests/cdn.json
+++ b/.github/actions/to-integration-tests/cdn.json
@@ -1,18 +1,10 @@
{
- "hypnotoad": {
- "listen": [
-
"https://not-a-real-host.test:1?cert=$PWD/localhost.crt&key=$PWD/localhost.key&verify=0x00&ciphers=AES128-GCM-SHA256:HIGH:!RC4:!MD5:!aNULL:!EDH:!ED";
- ],
- "user": "trafops",
- "group": "trafops",
- "heartbeat_timeout": 20,
- "pid_file": "/var/run/traffic_ops.pid",
- "workers": 12
- },
"disable_auto_cert_deletion": false,
"use_ims": true,
"role_based_permissions": true,
"traffic_ops_golang": {
+ "cert": "$PWD/localhost.crt",
+ "key": "$PWD/localhost.key",
"insecure": true,
"port": "6443",
"log_location_error": "traffic.ops.log",
diff --git a/.github/actions/tp-integration-tests/cdn.json
b/.github/actions/tp-integration-tests/cdn.json
index fa6d2895a9..6d617d66fa 100644
--- a/.github/actions/tp-integration-tests/cdn.json
+++ b/.github/actions/tp-integration-tests/cdn.json
@@ -1,18 +1,10 @@
{
- "hypnotoad": {
- "listen": [
-
"https://not-a-real-host.test:1?cert=$PWD/localhost.crt&key=$PWD/localhost.key&verify=0x00&ciphers=AES128-GCM-SHA256:HIGH:!RC4:!MD5:!aNULL:!EDH:!ED";
- ],
- "user": "trafops",
- "group": "trafops",
- "heartbeat_timeout": 20,
- "pid_file": "/var/run/traffic_ops.pid",
- "workers": 12
- },
"disable_auto_cert_deletion": false,
"use_ims": true,
"role_based_permissions": true,
"traffic_ops_golang": {
+ "cert": "$PWD/localhost.crt",
+ "key": "$PWD/localhost.key",
"insecure": true,
"port": "6443",
"log_location_error": "stderr",
diff --git a/.github/actions/tpv2-integration-tests/cdn.json
b/.github/actions/tpv2-integration-tests/cdn.json
index c4f60a624f..76779ac4d2 100644
--- a/.github/actions/tpv2-integration-tests/cdn.json
+++ b/.github/actions/tpv2-integration-tests/cdn.json
@@ -1,18 +1,10 @@
{
- "hypnotoad": {
- "listen": [
-
"https://not-a-real-host.test:1?cert=$GITHUB_WORKSPACE/traffic_ops/traffic_ops_golang/localhost.crt&key=$GITHUB_WORKSPACE/traffic_ops/traffic_ops_golang/localhost.key&verify=0x00&ciphers=AES128-GCM-SHA256:HIGH:!RC4:!MD5:!aNULL:!EDH:!ED";
- ],
- "user": "trafops",
- "group": "trafops",
- "heartbeat_timeout": 20,
- "pid_file": "/var/run/traffic_ops.pid",
- "workers": 12
- },
"disable_auto_cert_deletion": false,
"use_ims": true,
"role_based_permissions": true,
"traffic_ops_golang": {
+ "cert":
"$GITHUB_WORKSPACE/traffic_ops/traffic_ops_golang/localhost.crt",
+ "key":
"$GITHUB_WORKSPACE/traffic_ops/traffic_ops_golang/localhost.key",
"insecure": true,
"port": "6443",
"log_location_error": "stderr",
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8585ae9efd..0418990302 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,7 @@ The format is based on [Keep a
Changelog](http://keepachangelog.com/en/1.0.0/).
## [unreleased]
### Added
+- [#7450](https://github.com/apache/trafficcontrol/pull/7450) *Traffic Ops*
Removed hypnotoad section and added listen field to traffic_ops_golang section
in order to simplify cdn config.
- [#7290](https://github.com/apache/trafficcontrol/pull/7302) *Traffic
Monitor* Update TM results with hostname from via header, syncronize health on
caches with same service address
- [#7291](https://github.com/apache/trafficcontrol/pull/7291) *Traffic Ops*
Extended Layered Profile feature to aggregate parameters for all server
profiles.
- [#7314](https://github.com/apache/trafficcontrol/pull/7314) *Traffic Portal*
Added capability feature to Delivery Service Form (HTTP, DNS).
diff --git a/dev/traffic_ops/cdn.json b/dev/traffic_ops/cdn.json
index 6d4a2ee0ae..561564c306 100644
--- a/dev/traffic_ops/cdn.json
+++ b/dev/traffic_ops/cdn.json
@@ -1,11 +1,8 @@
{
- "hypnotoad" : {
- "listen" : [
-
"https://[::]:60443?cert=/server.crt&key=/server.key&verify=0x00&ciphers=AES128-GCM-SHA256:HIGH:!RC4:!MD5:!aNULL:!EDH:!ED";
- ]
- },
"traffic_ops_golang" : {
- "port" : "443",
+ "cert": "/server.crt",
+ "key": "/server.key",
+ "port": "443",
"log_location_error": "stderr",
"log_location_warning": "stderr",
"log_location_info": "stdout",
diff --git a/docs/source/admin/traffic_ops.rst
b/docs/source/admin/traffic_ops.rst
index 245cbf0d02..7cd30dc1ac 100644
--- a/docs/source/admin/traffic_ops.rst
+++ b/docs/source/admin/traffic_ops.rst
@@ -343,15 +343,6 @@ This file deals with the configuration parameters of
running Traffic Ops itself.
.. seealso:: :ref:`tp-tools-generate-iso`
-:hypnotoad: This is a group of options that mainly no longer have any meaning..
-
- :group: Serves no known purpose anymore.
- :heartbeat_timeout: Serves no known purpose anymore.
- :listen: This must always be an array containing a single
string. This very odd string is apparently a URL. The scheme of the URL doesn't
matter, as `traffic_ops_golang`_ ignores that and always uses HTTPS. The host
(and optionally port) of the URL used to have a purpose, but no longer does.
The "cert" query parameter sets the location of the SSL certificate to use for
encrypting connections, while the "key" query parameter is the certificate's
corresponding private key. The [...]
- :pid_file: Serves no known purpose anymore.
- :user: Serves no known purpose anymore.
- :workers: Serves no known purpose anymore.
-
:inactivity_timeout: Serves no known purpose anymore.
:influxdb_conf_path: An optional field which gives `traffic_ops_golang`_ the
absolute or relative path to an `influxdb.conf`_ file. Default if not specified
is to first check if the :envvar:`MOJO_MODE` environment variable is set. If it
is, then Traffic Ops will look in the current working directory for a
subdirectory named ``conf/``, then inside that for a subdirectory with the name
that is the value of the :envvar:`MOJO_MODE` variable, and inside that
directory for a file named ``influ [...]
@@ -409,6 +400,7 @@ This file deals with the configuration parameters of
running Traffic Ops itself.
:traffic_ops_golang: This group configuration options is used exclusively by
`traffic_ops_golang`_.
+ :cert: The "cert" field sets the location of the SSL certificate to use
for encrypting connections.
:crconfig_emulate_old_path: An optional boolean that controls the value
of a part of :term:`Snapshots` that report what :ref:`to-api` endpoint is used
to generate :term:`Snapshots`. If this is ``true``, it forces Traffic Ops to
report that a legacy, deprecated endpoint is used, whereas if it's ``false``
Traffic Ops will report the actual, current endpoint. Default if not specified
is ``false``.
.. deprecated:: 3.0
@@ -428,6 +420,7 @@ This file deals with the configuration parameters of
running Traffic Ops itself.
.. deprecated:: 5.0
Future versions of Traffic Ops will not support this
legacy configuration option, see tls_config: { InsecureSkipVerify: <bool> }
instead
+ :key: The "key" field is the certificate's corresponding private key.
:log_location_debug: This optional field, if specified, should either
be the location of a file to which debug-level output will be logged, or one of
the special strings ``"stdout"`` which indicates that STDOUT should be used,
``"stderr"`` which indicates that STDERR should be used or ``"null"`` which
indicates that no output of this level should be generated. An empty string
(``""``) and literally ``null`` are equivalent to ``"null"``. Default if not
specified is ``"null"``.
:log_location_error: This optional field, if specified, should either
be the location of a file to which error-level output will be logged, or one of
the special strings ``"stdout"`` which indicates that STDOUT should be used,
``"stderr"`` which indicates that STDERR should be used or ``"null"`` which
indicates that no output of this level should be generated. An empty string
(``""``) and literally ``null`` are equivalent to ``"null"``. Default if not
specified is ``"null"``. This field [...]
:log_location_event: This optional field, if specified, should either
be the location of a file to which event-level output will be logged, or one of
the special strings ``"stdout"`` which indicates that STDOUT should be used,
``"stderr"`` which indicates that STDERR should be used or ``"null"`` which
indicates that no output of this level should be generated. An empty string
(``""``) and literally ``null`` are equivalent to ``"null"``. Default if not
specified is ``"null"``.
@@ -728,10 +721,11 @@ If necessary, install the :abbr:`CA (Certificate
Authority)` certificate's ``.pe
You will need to update `cdn.conf`_ with any necessary changes.
.. code-block:: text
- :caption: Sample 'listen' Line When Path to ``trafficops.crt`` and
``trafficops.key`` are Known
+ :caption: Sample 'cert' and 'key' Line When Path to ``trafficops.crt``
and ``trafficops.key`` are Known
- 'hypnotoad' => ...
- 'listen' =>
'https://[::]:443?cert=/etc/pki/tls/certs/trafficops.crt&key=/etc/pki/tls/private/trafficops.key&ca=/etc/pki/tls/certs/localhost.ca&verify=0x00&ciphers=AES128-GCM-SHA256:HIGH:!RC4:!MD5:!aNULL:!EDH:!ED'
+ 'traffic_ops_golang' => ...
+ 'cert' => '/etc/pki/tls/certs/trafficops.crt'
+ 'key' => '/etc/pki/tls/private/trafficops.key'
...
.. _admin-to-ext-script:
diff --git a/infrastructure/ansible/roles/traffic_ops/defaults/main.yml
b/infrastructure/ansible/roles/traffic_ops/defaults/main.yml
index c368069358..1f156c0608 100644
--- a/infrastructure/ansible/roles/traffic_ops/defaults/main.yml
+++ b/infrastructure/ansible/roles/traffic_ops/defaults/main.yml
@@ -46,7 +46,6 @@ to_use_ims: true
to_use_rbp: true
to_user_cache_refresh_interval_sec: 0
to_server_update_status_cache_refresh_interval_sec: 0
-to_heartbeat_timeout: 20
to_hypnotoad_number_of_workers: 12
to_cors_access_control_allow_origin: "http://localhost:8080";
to_base_url: https://localhost
@@ -64,19 +63,6 @@ to_influxdb_conf_path: "{{ to_conf_installdir
}}/influxdb.conf"
to_gen_new_secret: "yes"
to_no_of_secrets_to_keep: "2"
-to_hypnotoad_accept_interval: 0.1
-to_hypnotoad_heartbeat_timeout: 120
-to_hypnotoad_port: 60443
-to_hypnotoad_pidfile: /var/run/traffic_ops.pid
-to_hypnotoad_ciphers:
- - AES128-GCM-SHA256
- - HIGH
- - "!RC4"
- - "!MD5"
- - "!aNULL"
- - "!EDH"
- - "!ED"
-
to_portal_base_url: "http://localhost:8080";
to_portal_docs_url:
"https://traffic-control-cdn.readthedocs.io/en/latest/admin/traffic_portal/usingtrafficportal.html#usingtrafficportal";
to_portal_email_from: "TrafficControl <[email protected]>"
diff --git a/infrastructure/ansible/roles/traffic_ops/templates/cdn.conf.j2
b/infrastructure/ansible/roles/traffic_ops/templates/cdn.conf.j2
index 5dfeaccfca..90facb2ea6 100644
--- a/infrastructure/ansible/roles/traffic_ops/templates/cdn.conf.j2
+++ b/infrastructure/ansible/roles/traffic_ops/templates/cdn.conf.j2
@@ -15,17 +15,6 @@
"cors" : {
"access_control_allow_origin" : "{{ to_cors_access_control_allow_origin
}}"
},
- "hypnotoad" : {
- "accept_interval" : {{ to_hypnotoad_accept_interval }},
- "group" : "{{ to_group }}",
- "heartbeat_timeout" : {{ to_hypnotoad_heartbeat_timeout }},
- "listen" : [
- "https://[::]:{{ to_hypnotoad_port }}?cert={{ to_certs_cert }}&key={{
to_certs_key }}&ca={{ to_certs_ca }}&verify={{ to_certs_verify}}&ciphers={{
to_hypnotoad_ciphers | join(":") }}"
- ],
- "pid_file" : "{{ to_hypnotoad_pidfile }}",
- "user" : "{{ to_user }}",
- "workers" : {{ to_hypnotoad_number_of_workers }}
- },
"inactivity_timeout" : {{ to_inactivity_timeout }},
"influxdb_conf_path" : "{{ to_influxdb_conf_path }}",
"portal" : {
@@ -55,6 +44,8 @@
"use_ims": {{ to_use_ims | bool | lower }},
"role_based_permissions": {{ to_use_rbp | bool | lower }},
"traffic_ops_golang" : {
+ "cert" : {{ to_certs_cert }},
+ "key" : {{ to_certs_key }},
"idle_timeout" : {{ to_go_inactive_timeout }},
"log_location_debug" : "{{ to_go_logging_file_debug }}",
"log_location_error" : "{{ to_go_logging_file_error }}",
diff --git a/infrastructure/cdn-in-a-box/traffic_ops/config.sh
b/infrastructure/cdn-in-a-box/traffic_ops/config.sh
index c44525a839..6d75c67143 100755
--- a/infrastructure/cdn-in-a-box/traffic_ops/config.sh
+++ b/infrastructure/cdn-in-a-box/traffic_ops/config.sh
@@ -74,11 +74,6 @@ fi;
cdn_conf=/opt/traffic_ops/app/conf/cdn.conf
>"$cdn_conf" echo "$(jq -s '.[0] * .[1]' "$cdn_conf" <(cat <<-EOF
{
- "hypnotoad" : {
- "listen" : [
-
"https://[::]?cert=$crt&key=$key&verify=0x00&ciphers=AES128-GCM-SHA256:HIGH:!RC4:!MD5:!aNULL:!EDH:!ED";
- ]
- },
"disable_auto_cert_deletion": false,
"use_ims": true,
"server_update_status_cache_refresh_interval_sec": 0,
@@ -98,6 +93,8 @@ cdn_conf=/opt/traffic_ops/app/conf/cdn.conf
"query_timeout_seconds": ${DEBUGGING_TIMEOUT:-60},
"aes_key_location": "$TV_AES_KEY_LOCATION"
},
+ "cert" : "$crt",
+ "key" : "$key",
"proxy_timeout" : ${DEBUGGING_TIMEOUT:-60},
"proxy_tls_timeout" : ${DEBUGGING_TIMEOUT:-60},
"proxy_read_header_timeout" : ${DEBUGGING_TIMEOUT:-60},
diff --git a/traffic_ops/app/conf/cdn.conf b/traffic_ops/app/conf/cdn.conf
index 9200ac7fa0..c4b6a8831b 100644
--- a/traffic_ops/app/conf/cdn.conf
+++ b/traffic_ops/app/conf/cdn.conf
@@ -1,15 +1,7 @@
{
- "hypnotoad" : {
- "listen" : [
-
"https://[::]:60443?cert=/etc/pki/tls/certs/localhost.crt&key=/etc/pki/tls/private/localhost.key&verify=0x00&ciphers=AES128-GCM-SHA256:HIGH:!RC4:!MD5:!aNULL:!EDH:!ED";
- ],
- "user" : "trafops",
- "group" : "trafops",
- "heartbeat_timeout" : 20,
- "pid_file" : "/var/run/traffic_ops.pid",
- "workers" : 12
- },
"traffic_ops_golang" : {
+ "cert" : "/etc/pki/tls/certs/localhost.crt",
+ "key" : "/etc/pki/tls/private/localhost.key",
"port" : "443",
"proxy_timeout" : 60,
"proxy_keep_alive" : 60,
diff --git a/traffic_ops/etc/init.d/traffic_ops
b/traffic_ops/etc/init.d/traffic_ops
index 12674c981b..a12f370616 100755
--- a/traffic_ops/etc/init.d/traffic_ops
+++ b/traffic_ops/etc/init.d/traffic_ops
@@ -19,12 +19,10 @@
# chkconfig: 2345 55 25
# description: Traffic Ops is the administrative web UI for IPCDN.
#
-# processname: hypnotoad
# pidfile:
#
### BEGIN INIT INFO
-# Provides: hypnotoad
# Required-Start: $local_fs $network $syslog
# Required-Stop: $local_fs $syslog
# Should-Start: $syslog
diff --git a/traffic_ops/install/bin/_postinstall.pl
b/traffic_ops/install/bin/_postinstall.pl
index 980328ce5a..ef15725260 100755
--- a/traffic_ops/install/bin/_postinstall.pl
+++ b/traffic_ops/install/bin/_postinstall.pl
@@ -225,7 +225,6 @@ sub generateCdnConf {
$cdnConf->{"traffic_ops_golang"}{"log_location_error"} =
"/var/log/traffic_ops/error.log";
$cdnConf->{"traffic_ops_golang"}{"log_location_event"} =
"/var/log/traffic_ops/access.log";
- $cdnConf->{hypnotoad}{workers} = $cdnConfiguration{workers};
#InstallUtils::logger("cdnConf: " . Dumper($cdnConf), "info" );
InstallUtils::writeJson( $fileName, $cdnConf );
InstallUtils::logger( "CDN configuration has been saved", "info" );
diff --git a/traffic_ops/install/bin/_postinstall.py
b/traffic_ops/install/bin/_postinstall.py
index 5b30e8fe3f..192eaf516a 100755
--- a/traffic_ops/install/bin/_postinstall.py
+++ b/traffic_ops/install/bin/_postinstall.py
@@ -888,30 +888,28 @@ def setup_certificates(conf, root, ops_user, ops_group):
# type: (SSLConfig, str
if (
not isinstance(cdn_conf, dict) or
- "hypnotoad" not in cdn_conf or
- not isinstance(cdn_conf["hypnotoad"], dict)
+ "traffic_ops_golang" not in cdn_conf or
+ not isinstance(cdn_conf["traffic_ops_golang"], dict)
):
- logging.critical("Malformed %s; improper object and/or missing
'hypnotoad' key", cdn_conf_path)
+ logging.critical("Malformed %s; improper object and/or missing
'traffic_ops_golang' key", cdn_conf_path)
return 1
- hypnotoad = cdn_conf["hypnotoad"]
+ to_golang = cdn_conf["traffic_ops_golang"]
if (
- "listen" not in hypnotoad or
- not isinstance(hypnotoad["listen"], list) or
- not hypnotoad["listen"] or
- not isinstance(hypnotoad["listen"][0], str)
+ "cert" not in to_golang or
+ not isinstance(to_golang["cert"], str)
):
- log_msg = """ The "listen" portion of %s is missing from %s
+ log_msg = """ The "cert" portion of %s is missing from %s
Please ensure it contains the same structure as the one originally
installed"""
logging.error(log_msg, cdn_conf_path, cdn_conf_path)
return 1
- listen = hypnotoad["listen"][0]
-
- if "cert={certpath}".format(certpath=certpath) not in listen or
"key={keypath}".format(keypath=keypath) not in listen:
- log_msg = """ The "listen" portion of %s does not reference
the same "cert=" and "key=" values as are created here.
- Please modify %s to add the following as parameters:
- ?cert=/path/to/SSL/certificate&key=/path/to/SSL/key"""
+ if (
+ "key" not in to_golang or
+ not isinstance(to_golang["key"], str)
+ ):
+ log_msg = """ The "key" portion of %s is missing from %s
+ Please ensure it contains the same structure as the one originally
installed"""
logging.error(log_msg, cdn_conf_path, cdn_conf_path)
return 1
@@ -1020,9 +1018,6 @@ def generate_cdn_conf(questions, fname, automatic, root):
# type: (list[Question
traffic_vault_backend = "postgres"
tv_aes_key_location = os.path.join(root,
TRAFFIC_VAULT_AES_KEY_FILE.lstrip('/'))
- if "hypnotoad" not in existing_conf or not
isinstance(existing_conf["hypnotoad"], dict):
- existing_conf["hypnotoad"]["workers"] = conf.num_workers
-
with open(path, "w+") as conf_file:
json.dump(existing_conf, conf_file, indent=indent)
print(file=conf_file)
diff --git a/traffic_ops/install/bin/generateCert
b/traffic_ops/install/bin/generateCert
index eafce341e7..12742c0f2b 100755
--- a/traffic_ops/install/bin/generateCert
+++ b/traffic_ops/install/bin/generateCert
@@ -54,23 +54,31 @@ sub checkCdnConf {
$conf = decode_json(scalar <$fh>);
}
- my $listen = $conf->{hypnotoad}{listen}[0];
+ my $key_conf = $conf->{traffic_ops_golang}{key};
+ my $cert_conf = $conf->{traffic_ops_golang}{cert};
my $msg;
- if (!defined $listen) {
+ if (!defined $cert_conf) {
my $msg = <<"EOF";
- The "listen" portion of $cdn_conf is missing from $cdn_conf.
+ The "cert" portion of $cdn_conf is missing from $cdn_conf.
Please ensure it contains the same structure as the one originally
installed.
EOF
}
- if ($listen !~ m@cert=$cert@ || $listen !~ m@key=$key@) {
+ if (!defined $key_conf) {
+ my $msg = <<"EOF";
+ The "key" portion of $cdn_conf is missing from $cdn_conf.
+ Please ensure it contains the same structure as the one originally
installed.
+EOF
+ }
+
+ if ($cert_conf !~ m@cert=$cert@ || $key_conf !~ m@key=$key@) {
$msg = << "EOF";
- The "listen" portion of $cdn_conf is:
- $listen
+ The "cert and key" portion of $cdn_conf is:
+ $cert_conf $key_conf
and does not reference the same "cert=" and "key=" values as are
created here.
- Please modify $cdn_conf to add the following as parameters:
- ?cert=$cert&key=$key
+ Please modify $cdn_conf to add the following as fields:
+ cert: $cert, key: $key
EOF
}
diff --git a/traffic_ops/install/bin/postinstall.test.sh
b/traffic_ops/install/bin/postinstall.test.sh
index a53bc1b870..5507e3c58d 100755
--- a/traffic_ops/install/bin/postinstall.test.sh
+++ b/traffic_ops/install/bin/postinstall.test.sh
@@ -102,11 +102,10 @@ mkdir "$ROOT_DIR/opt/traffic_ops/app/db/trafficvault";
mkdir -p "$ROOT_DIR/opt/traffic_ops/app/conf/production";
cat > "$ROOT_DIR/opt/traffic_ops/app/conf/cdn.conf" <<EOF
{
- "hypnotoad": {
- "listen": [
-
"https://[::]:60443?cert=$ROOT_DIR/etc/pki/tls/certs/localhost.crt&key=$ROOT_DIR/etc/pki/tls/private/localhost.key";
- ]
- }
+ "traffic_ops_golang": {
+ "cert" : "$ROOT_DIR/etc/pki/tls/certs/localhost.crt",
+ "key" : "$ROOT_DIR/etc/pki/tls/private/localhost.key"
+ }
}
EOF
@@ -446,19 +445,10 @@ except Exception as e:
print('Error loading cdn.conf file:', e, file=sys.stderr)
exit(1)
-if not isinstance(conf, dict) or len(conf) != 4 or 'hypnotoad' not in conf or
'secrets' not in conf or 'to' not in conf or 'traffic_ops_golang' not in conf:
+if not isinstance(conf, dict) or len(conf) != 3 or 'secrets' not in conf or
'to' not in conf or 'traffic_ops_golang' not in conf:
print('Malformed cdn.conf file - not an object or missing keys',
file=sys.stderr)
exit(1)
-if not isinstance(conf['hypnotoad'], dict) or len(conf['hypnotoad']) != 1 or
'listen' not in conf['hypnotoad'] or not
isinstance(conf['hypnotoad']['listen'], list) or
len(conf['hypnotoad']['listen']) != 1 or not
isinstance(conf['hypnotoad']['listen'][0], str):
- print('Malformed hypnotoad object in cdn.conf:', conf['hypnotoad'],
file=sys.stderr)
- exit(1)
-
-listen =
'https://[::]:60443?cert=$ROOT_DIR/etc/pki/tls/certs/localhost.crt&key=$ROOT_DIR/etc/pki/tls/private/localhost.key'
-if conf['hypnotoad']['listen'][0] != listen:
- print('Incorrect hypnotoad.listen[0] in cdn.conf, expected:', listen,
'got:', conf['hypnotoad']['listen'][0], file=sys.stderr)
- exit(1)
-
if not isinstance(conf['secrets'], list) or len(conf['secrets']) != 1 or not
isinstance(conf['secrets'][0], str):
print('Malformed secrets object in cdn.conf:', conf['secrets'],
file=sys.stderr)
exit(1)
@@ -475,10 +465,20 @@ if conf['to']['base_url'] != 'http://localhost:3000':
print('Incorrect to.base_url in cdn.conf, expected:
http://localhost:3000, got:', conf['to']['base_url'], file=sys.stderr)
exit(1)
-if not isinstance(conf['traffic_ops_golang'], dict) or
len(conf['traffic_ops_golang']) != 3 or 'port' not in
conf['traffic_ops_golang'] or 'log_location_error' not in
conf['traffic_ops_golang'] or 'log_location_event' not in
conf['traffic_ops_golang']:
+if not isinstance(conf['traffic_ops_golang'], dict) or
len(conf['traffic_ops_golang']) != 5 or 'cert' not in
conf['traffic_ops_golang'] or 'key' not in conf['traffic_ops_golang'] or 'port'
not in conf['traffic_ops_golang'] or 'log_location_error' not in
conf['traffic_ops_golang'] or 'log_location_event' not in
conf['traffic_ops_golang']:
print('Malformed traffic_ops_golang object in cdn.conf:',
conf['traffic_ops_golang'], sys.stderr)
exit(1)
+cert='$ROOT_DIR/etc/pki/tls/certs/localhost.crt'
+if conf['traffic_ops_golang']['cert']!= cert:
+ print('Incorrect cert in cdn.conf, expected:', cert, 'got:',
conf['traffic_ops_golang']['cert'], file=sys.stderr)
+ exit(1)
+
+key='$ROOT_DIR/etc/pki/tls/private/localhost.key'
+if conf['traffic_ops_golang']['key']!= key:
+ print('Incorrect key in cdn.conf, expected:', key, 'got:',
conf['traffic_ops_golang']['key'], file=sys.stderr)
+ exit(1)
+
if conf['traffic_ops_golang']['port'] != '443':
print('Incorrect traffic_ops_golang.port, expected: 443, got:',
conf['traffic_ops_golang']['port'], file=sys.stderr)
exit(1)
diff --git a/traffic_ops/install/lib/GenerateCert.pm
b/traffic_ops/install/lib/GenerateCert.pm
index 1b9ebaedfc..a79fe5f4f4 100644
--- a/traffic_ops/install/lib/GenerateCert.pm
+++ b/traffic_ops/install/lib/GenerateCert.pm
@@ -53,23 +53,31 @@ sub checkCdnConf {
$conf = decode_json(scalar <$fh>);
}
- my $listen = $conf->{hypnotoad}{listen}[0];
+ my $key_conf = $conf->{key};
+ my $cert_conf = $conf->{cert};
my $msg;
- if (!defined $listen) {
+ if (!defined cert_conf) {
my $msg = <<"EOF";
- The "listen" portion of $cdn_conf is missing from $cdn_conf.
+ The "cert" portion of $cdn_conf is missing from $cdn_conf.
Please ensure it contains the same structure as the one originally
installed.
EOF
}
- if ($listen !~ m@cert=$cert@ || $listen !~ m@key=$key@) {
+ if (!defined $key_conf) {
+ my $msg = <<"EOF";
+ The "key" portion of $cdn_conf is missing from $cdn_conf.
+ Please ensure it contains the same structure as the one originally
installed.
+EOF
+ }
+
+ if ($cert_conf !~ m@cert=$cert@ || $key_conf !~ m@key=$key@) {
$msg = << "EOF";
- The "listen" portion of $cdn_conf is:
- $listen
+ The "cert and key" portion of $cdn_conf is:
+ $cert_conf $key_conf
and does not reference the same "cert=" and "key=" values as are
created here.
- Please modify $cdn_conf to add the following as parameters:
- ?cert=$cert&key=$key
+ Please modify $cdn_conf to add the following as fields:
+ cert: $cert, key: $key
EOF
}
diff --git a/traffic_ops/traffic_ops_golang/config/config.go
b/traffic_ops/traffic_ops_golang/config/config.go
index 84eb3c8799..1a79231fe3 100644
--- a/traffic_ops/traffic_ops_golang/config/config.go
+++ b/traffic_ops/traffic_ops_golang/config/config.go
@@ -70,7 +70,6 @@ type Config struct {
URL *url.URL `json:"-"`
CertPath string `json:"-"`
KeyPath string `json:"-"`
- ConfigHypnotoad `json:"hypnotoad"`
ConfigTrafficOpsGolang `json:"traffic_ops_golang"`
ConfigTO *ConfigTO `json:"to"`
SMTP *ConfigSMTP `json:"smtp"`
@@ -98,17 +97,14 @@ type Config struct {
ClientCertAuth *ClientCertAuth
`json:"client_certificate_authentication"`
}
-// ConfigHypnotoad carries http setting for hypnotoad (mojolicious) server
-type ConfigHypnotoad struct {
- Listen []string `json:"listen"`
- // NOTE: don't care about any other fields for now
-}
-
// ConfigTrafficOpsGolang carries settings specific to traffic_ops_golang
server
type ConfigTrafficOpsGolang struct {
// Deprecated in 5.0
Insecure bool `json:"insecure"`
// end deprecated
+ //Moved from Hypnotoad-listen section
+ Cert string `json:"cert"`
+ Key string `json:"key"`
Port string `json:"port"`
ProxyTimeout int
`json:"proxy_timeout"`
ProxyKeepAlive int
`json:"proxy_keep_alive"`
@@ -437,20 +433,20 @@ func LoadConfig(cdnConfPath string, dbConfPath string,
appVersion string) (Confi
return cfg, []error{}, AllowStartup
}
-// GetCertPath - extracts path to cert .cert file
+// GetCertPath - get the path to cert .cert file
func (c Config) GetCertPath() string {
- v, ok := c.URL.Query()["cert"]
- if ok {
- return v[0]
+ cert := c.Cert
+ if cert != "" {
+ return cert
}
return ""
}
-// GetKeyPath - extracts path to cert .key file
+// GetKeyPath - get the path to cert .key file
func (c Config) GetKeyPath() string {
- v, ok := c.URL.Query()["key"]
- if ok {
- return v[0]
+ key := c.Key
+ if key != "" {
+ return key
}
return ""
}
@@ -463,6 +459,12 @@ const (
// ParseConfig validates required fields, and parses non-JSON types
func ParseConfig(cfg Config) (Config, error) {
missings := ""
+ if cfg.Cert == "" {
+ missings += `"cert", `
+ }
+ if cfg.Key == "" {
+ missings += `"key", `
+ }
if cfg.Port == "" {
missings += "port, "
}
@@ -502,19 +504,15 @@ func ParseConfig(cfg Config) (Config, error) {
invalidTOURLStr := ""
var err error
- if len(cfg.Listen) < 1 {
- missings += `"listen", `
- } else {
- listen := cfg.Listen[0]
- if cfg.URL, err = url.Parse(listen); err != nil {
- invalidTOURLStr = fmt.Sprintf("invalid Traffic Ops URL
'%s': %v", listen, err)
- }
- cfg.KeyPath = cfg.GetKeyPath()
- cfg.CertPath = cfg.GetCertPath()
-
- newURL := url.URL{Scheme: cfg.URL.Scheme, Host: cfg.URL.Host,
Path: cfg.URL.Path}
- cfg.URL = &newURL
+ rawURL := fmt.Sprintf("cert=%s&key=%s", cfg.Cert, cfg.Key)
+ if cfg.URL, err = url.Parse(rawURL); err != nil {
+ invalidTOURLStr = fmt.Sprintf("invalid Traffic Ops URL '%s':
%v", rawURL, err)
}
+ cfg.KeyPath = cfg.GetKeyPath()
+ cfg.CertPath = cfg.GetCertPath()
+
+ newURL := url.URL{Scheme: "https", Host: cfg.URL.Host}
+ cfg.URL = &newURL
if cfg.ConfigTO == nil {
missings += "to, "
@@ -539,10 +537,6 @@ func ParseConfig(cfg Config) (Config, error) {
errStr += "; "
}
errStr += invalidTOURLStr
- if errStr != "" {
- return Config{}, fmt.Errorf(errStr)
- }
-
if err := ValidateRoutingBlacklist(cfg.RoutingBlacklist); err != nil {
return Config{}, err
}
diff --git a/traffic_ops/traffic_ops_golang/config/config_test.go
b/traffic_ops/traffic_ops_golang/config/config_test.go
index 24043868fd..2e66bb5232 100644
--- a/traffic_ops/traffic_ops_golang/config/config_test.go
+++ b/traffic_ops/traffic_ops_golang/config/config_test.go
@@ -40,8 +40,7 @@ const (
var debugLogging = flag.Bool("debug", false, "enable debug logging in test")
var cfg = Config{
- URL: nil,
- ConfigHypnotoad: ConfigHypnotoad{},
+ URL: nil,
ConfigTrafficOpsGolang: ConfigTrafficOpsGolang{
LogLocationError: logError,
LogLocationWarning: logWarning,
@@ -88,20 +87,12 @@ func tempFileWith(content []byte) (string, error) {
const (
goodConfig = `
{
- "hypnotoad" : {
- "listen" : [
-
"https://[::]:60443?cert=/etc/pki/tls/certs/localhost.crt&key=/etc/pki/tls/private/localhost.key&verify=0x00&ciphers=AES128-GCM-SHA256:HIGH:!RC4:!MD5:!aNULL:!EDH:!ED";
- ],
- "user" : "trafops",
- "group" : "trafops",
- "heartbeat_timeout" : 20,
- "pid_file" : "/var/run/traffic_ops.pid",
- "workers" : 12
- },
"user_cache_refresh_interval_sec": 30,
"server_update_status_cache_refresh_interval_sec": 15,
"disable_auto_cert_deletion": true,
"traffic_ops_golang" : {
+ "cert" : "/etc/pki/tls/certs/localhost.crt",
+ "key" : "/etc/pki/tls/private/localhost.key",
"port" : "443",
"proxy_timeout" : 60,
"proxy_keep_alive" : 60,
diff --git a/traffic_ops/traffic_ops_golang/traffic_ops_golang.go
b/traffic_ops/traffic_ops_golang/traffic_ops_golang.go
index 154cf7eef3..2bbbf40391 100644
--- a/traffic_ops/traffic_ops_golang/traffic_ops_golang.go
+++ b/traffic_ops/traffic_ops_golang/traffic_ops_golang.go
@@ -208,12 +208,12 @@ func main() {
go func() {
if cfg.KeyPath == "" {
- log.Errorf("key cannot be blank in %s",
cfg.ConfigHypnotoad.Listen)
+ log.Errorf("key cannot be blank in %s", cfg.KeyPath)
os.Exit(1)
}
if cfg.CertPath == "" {
- log.Errorf("cert cannot be blank in %s",
cfg.ConfigHypnotoad.Listen)
+ log.Errorf("cert cannot be blank in %s", cfg.CertPath)
os.Exit(1)
}
@@ -428,7 +428,6 @@ func logConfig(cfg config.Config) {
Db Name: %s
Db Ssl: %t
Max Db Connections: %d
- TO URL: %s
Insecure: %t
Cert Path: %s
Key Path: %s
@@ -446,5 +445,5 @@ func logConfig(cfg config.Config) {
Debug Log: %s
Event Log: %s
LDAP Enabled: %v
- InfluxDB Enabled: %v`, cfg.Port, cfg.DB.Hostname,
cfg.DB.User, cfg.DB.DBName, cfg.DB.SSL, cfg.MaxDBConnections, cfg.Listen[0],
cfg.Insecure, cfg.CertPath, cfg.KeyPath,
time.Duration(cfg.ProxyTimeout)*time.Second,
time.Duration(cfg.ProxyKeepAlive)*time.Second,
time.Duration(cfg.ProxyTLSTimeout)*time.Second,
time.Duration(cfg.ProxyReadHeaderTimeout)*time.Second,
time.Duration(cfg.ReadTimeout)*time.Second,
time.Duration(cfg.ReadHeaderTimeout)*time.Second, time.Duration(cfg.WriteTimeou
[...]
+ InfluxDB Enabled: %v`, cfg.Port, cfg.DB.Hostname,
cfg.DB.User, cfg.DB.DBName, cfg.DB.SSL, cfg.MaxDBConnections, cfg.Insecure,
cfg.CertPath, cfg.KeyPath, time.Duration(cfg.ProxyTimeout)*time.Second,
time.Duration(cfg.ProxyKeepAlive)*time.Second,
time.Duration(cfg.ProxyTLSTimeout)*time.Second,
time.Duration(cfg.ProxyReadHeaderTimeout)*time.Second,
time.Duration(cfg.ReadTimeout)*time.Second,
time.Duration(cfg.ReadHeaderTimeout)*time.Second,
time.Duration(cfg.WriteTimeout)*time.Second, [...]
}
