This is an automated email from the ASF dual-hosted git repository. kichan pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/trafficserver-ingress-controller.git
The following commit(s) were added to refs/heads/master by this push: new c2b8f62 Change to non-root user (#84) c2b8f62 is described below commit c2b8f6225f5f58e54cda6da0b6de7ccb188d9693 Author: Kit Chan <kic...@apache.org> AuthorDate: Tue May 25 15:04:19 2021 -0700 Change to non-root user (#84) * Change to non-root user * fixed Dockerfile error * fix config files * port changes for the tutorial * fix library path for ats lua script * fixed k8s deployment yaml * Update tutorial documentation * updated helm chart --- Dockerfile | 76 +++++++++++++--------- bin/entry.sh | 19 +++--- bin/records-config.sh | 4 +- bin/tls-config.sh | 2 +- bin/tls-reload.sh | 2 +- charts/ats-ingress/templates/deployment.yaml | 4 +- charts/ats-ingress/values.yaml | 16 ++--- config/healthchecks.config | 2 +- config/plugin.config | 4 +- config/records.config | 4 +- config/redis.conf | 2 +- docs/TUTORIAL.md | 18 ++--- k8s/traffic-server/ats-deployment.yaml | 27 ++++---- pluginats/connect_redis.lua | 6 +- redis/redis.go | 2 +- .../data/setup/traffic-server/ats-deployment.yaml | 2 +- 16 files changed, 100 insertions(+), 90 deletions(-) diff --git a/Dockerfile b/Dockerfile index 01c1708..2acc454 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,7 +20,7 @@ FROM alpine:3.12.7 as builder RUN apk add --no-cache --virtual .tools \ bzip2 curl git automake libtool autoconf make sed file perl openrc openssl -# ATS +# ATS dependencies RUN apk add --no-cache --virtual .ats-build-deps \ build-base openssl-dev tcl-dev pcre-dev zlib-dev \ libexecinfo-dev linux-headers libunwind-dev \ @@ -28,23 +28,28 @@ RUN apk add --no-cache --virtual .ats-build-deps \ RUN apk add --no-cache --virtual .ats-extra-build-deps --repository https://dl-cdn.alpinelinux.org/alpine/edge/community hwloc-dev +RUN addgroup -Sg 1000 ats + +RUN adduser -S -D -H -u 1000 -h /tmp -s /sbin/nologin -G ats -g ats ats + +# download and build ATS RUN curl -L https://downloads.apache.org/trafficserver/trafficserver-9.0.0.tar.bz2 | bzip2 -dc | tar xf - \ && cd trafficserver-9.0.0/ \ && autoreconf -if \ - && ./configure --enable-debug=yes \ + && ./configure --enable-debug=yes --prefix=/opt/ats --with-user=ats \ && make \ && make install -COPY ["./config/plugin.config", "/usr/local/etc/trafficserver/plugin.config"] -COPY ["./config/healthchecks.config", "/usr/local/etc/trafficserver/healthchecks.config"] -COPY ["./config/records.config", "/usr/local/etc/trafficserver/records.config"] -COPY ["./config/logging.yaml", "/usr/local/etc/trafficserver/logging.yaml"] +COPY ["./config/plugin.config", "/opt/ats/etc/trafficserver/plugin.config"] +COPY ["./config/healthchecks.config", "/opt/ats/etc/trafficserver/healthchecks.config"] +COPY ["./config/records.config", "/opt/ats/etc/trafficserver/records.config"] +COPY ["./config/logging.yaml", "/opt/ats/etc/trafficserver/logging.yaml"] # enable traffic.out for alpine/gentoo -RUN sed -i "s/TM_DAEMON_ARGS=\"\"/TM_DAEMON_ARGS=\" --bind_stdout \/usr\/local\/var\/log\/trafficserver\/traffic.out --bind_stderr \/usr\/local\/var\/log\/trafficserver\/traffic.out \"/" /usr/local/bin/trafficserver -RUN sed -i "s/TS_DAEMON_ARGS=\"\"/TS_DAEMON_ARGS=\" --bind_stdout \/usr\/local\/var\/log\/trafficserver\/traffic.out --bind_stderr \/usr\/local\/var\/log\/trafficserver\/traffic.out \"/" /usr/local/bin/trafficserver +RUN sed -i "s/TM_DAEMON_ARGS=\"\"/TM_DAEMON_ARGS=\" --bind_stdout \/opt\/ats\/var\/log\/trafficserver\/traffic.out --bind_stderr \/opt\/ats\/var\/log\/trafficserver\/traffic.out \"/" /opt/ats/bin/trafficserver +RUN sed -i "s/TS_DAEMON_ARGS=\"\"/TS_DAEMON_ARGS=\" --bind_stdout \/opt\/ats\/var\/log\/trafficserver\/traffic.out --bind_stderr \/opt\/ats\/var\/log\/trafficserver\/traffic.out \"/" /opt/ats/bin/trafficserver -# Installing lua 5.1.4 +# Installing lua 5.1.4 and provide header files to compile luasocket RUN curl -R -O http://www.lua.org/ftp/lua-5.1.4.tar.gz \ && tar zxf lua-5.1.4.tar.gz \ && cd lua-5.1.4 \ @@ -58,12 +63,12 @@ RUN wget https://github.com/diegonehab/luasocket/archive/v3.0-rc1.tar.gz \ && sed -i "s/LDFLAGS_linux=-O -shared -fpic -o/LDFLAGS_linux=-O -shared -fpic -L\/usr\/lib -lluajit-5.1 -o/" src/makefile \ && ln -sf /usr/lib/libluajit-5.1.so.2.1.0 /usr/lib/libluajit-5.1.so \ && make \ - && make install-unix + && make install-unix prefix=/opt/ats # redis.lua RUN wget https://github.com/nrk/redis-lua/archive/v2.0.4.tar.gz \ && tar zxf v2.0.4.tar.gz \ - && cp redis-lua-2.0.4/src/redis.lua /usr/local/share/lua/5.1/redis.lua + && cp redis-lua-2.0.4/src/redis.lua /opt/ats/share/lua/5.1/redis.lua # ingress-ats RUN apk add --no-cache --virtual .ingress-build-deps \ @@ -71,12 +76,12 @@ RUN apk add --no-cache --virtual .ingress-build-deps \ # Installing Golang https://github.com/CentOS/CentOS-Dockerfiles/blob/master/golang/centos7/Dockerfile RUN wget https://dl.google.com/go/go1.15.11.src.tar.gz \ - && tar -C /usr/local -xzf go1.15.11.src.tar.gz && cd /usr/local/go/src/ && ./make.bash -ENV PATH=${PATH}:/usr/local/go/bin -ENV GOPATH="/usr/local/go/bin" + && tar -C /opt/ats -xzf go1.15.11.src.tar.gz && cd /opt/ats/go/src/ && ./make.bash +ENV PATH=${PATH}:/opt/ats/go/bin +ENV GOPATH="/opt/ats/go/bin" # ----------------------- Copy over Project Code to Go path ------------------------ -RUN mkdir -p /usr/local/go/bin/src/ingress-ats +RUN mkdir -p /opt/ats/go/bin/src/ingress-ats COPY ["./main/", "$GOPATH/src/ingress-ats/main"] COPY ["./proxy/", "$GOPATH/src/ingress-ats/proxy"] @@ -89,27 +94,33 @@ COPY ["./redis/", "$GOPATH/src/ingress-ats/redis"] COPY ["./go.mod", "$GOPATH/src/ingress-ats/go.mod"] # Building Project Main -WORKDIR /usr/local/go/bin/src/ingress-ats +WORKDIR /opt/ats/go/bin/src/ingress-ats ENV GO111MODULE=on RUN go build -o ingress_ats main/main.go # redis conf -COPY ["./config/redis.conf", "/usr/local/etc/redis.conf"] +COPY ["./config/redis.conf", "/opt/ats/etc/redis.conf"] # entry.sh + other scripts -COPY ["./bin/tls-config.sh", "/usr/local/bin/tls-config.sh"] -COPY ["./bin/tls-reload.sh", "/usr/local/bin/tls-reload.sh"] -COPY ["./bin/records-config.sh", "/usr/local/bin/records-config.sh"] -COPY ["./bin/entry.sh", "/usr/local/bin/entry.sh"] -WORKDIR /usr/local/bin/ +COPY ["./bin/tls-config.sh", "/opt/ats/bin/tls-config.sh"] +COPY ["./bin/tls-reload.sh", "/opt/ats/bin/tls-reload.sh"] +COPY ["./bin/records-config.sh", "/opt/ats/bin/records-config.sh"] +COPY ["./bin/entry.sh", "/opt/ats/bin/entry.sh"] +WORKDIR /opt/ats/bin/ RUN chmod 755 tls-config.sh RUN chmod 755 tls-reload.sh RUN chmod 755 records-config.sh RUN chmod 755 entry.sh -FROM alpine:3.12.7 +# redis +RUN mkdir -p /opt/ats/var/run/redis/ \ + && touch /opt/ats/var/run/redis/redis.sock \ + && mkdir -p /opt/ats/var/log/redis -COPY --from=builder /usr/local /usr/local +# set up ingress log location +RUN mkdir -p /opt/ats/var/log/ingress/ + +FROM alpine:3.12.7 # essential library RUN apk add --no-cache -U \ @@ -134,15 +145,16 @@ RUN apk add --no-cache -U \ RUN apk add --no-cache -U --repository https://dl-cdn.alpinelinux.org/alpine/edge/community hwloc -# redis -RUN mkdir -p /var/run/redis/ \ - && touch /var/run/redis/redis.sock \ - && mkdir -p /var/log/redis - # symlink for luajit RUN ln -sf /usr/lib/libluajit-5.1.so.2.1.0 /usr/lib/libluajit-5.1.so -# set up ingress log location -RUN mkdir -p /usr/local/var/log/ingress/ +# create ats user/group +RUN addgroup -Sg 1000 ats + +RUN adduser -S -D -H -u 1000 -h /tmp -s /sbin/nologin -G ats -g ats ats + +COPY --from=builder --chown=ats:ats /opt/ats /opt/ats + +USER ats -ENTRYPOINT ["/usr/local/bin/entry.sh"] +ENTRYPOINT ["/opt/ats/bin/entry.sh"] diff --git a/bin/entry.sh b/bin/entry.sh index dc7ac9f..3641b80 100755 --- a/bin/entry.sh +++ b/bin/entry.sh @@ -19,31 +19,30 @@ set +x # TLS auto reload script -/usr/local/bin/tls-reload.sh >> /usr/local/var/log/ingress/ingress_ats.err & +#/opt/ats/bin/tls-reload.sh >> /opt/ats/var/log/ingress/ingress_ats.err & # generate TLS cert config file for ats -/usr/local/bin/tls-config.sh +/opt/ats/bin/tls-config.sh # append specific environment variables to records.config -/usr/local/bin/records-config.sh +/opt/ats/bin/records-config.sh # append extra plugins to plugin.config if [ ! -f "${EXTRA_PLUGIN_FNAME}" ]; then - cat $EXTRA_PLUGIN_FNAME >> /usr/local/etc/trafficserver/plugin.config + cat $EXTRA_PLUGIN_FNAME >> /opt/ats/etc/trafficserver/plugin.config fi # start redis -redis-server /usr/local/etc/redis.conf +redis-server /opt/ats/etc/redis.conf # create health check file and start ats -touch /var/run/ts-alive -chown -R nobody:nobody /usr/local/etc/trafficserver -DISTRIB_ID=gentoo /usr/local/bin/trafficserver start +touch /opt/ats/var/run/ts-alive +# chown -R nobody:nobody /opt/ats/etc/trafficserver +DISTRIB_ID=gentoo /opt/ats/bin/trafficserver start if [ -z "${INGRESS_NS}" ]; then INGRESS_NS="all" fi -sleep 20 -/usr/local/go/bin/src/ingress-ats/ingress_ats -atsIngressClass="$INGRESS_CLASS" -atsNamespace="$POD_NAMESPACE" -namespaces="$INGRESS_NS" -ignoreNamespaces="$INGRESS_IGNORE_NS" -useInClusterConfig=T 2>>/usr/local/var/log/ingress/ingress_ats.err +/opt/ats/go/bin/src/ingress-ats/ingress_ats -atsIngressClass="$INGRESS_CLASS" -atsNamespace="$POD_NAMESPACE" -namespaces="$INGRESS_NS" -ignoreNamespaces="$INGRESS_IGNORE_NS" -useInClusterConfig=T 2>>/opt/ats/var/log/ingress/ingress_ats.err diff --git a/bin/records-config.sh b/bin/records-config.sh index fd2823b..a8a58dd 100755 --- a/bin/records-config.sh +++ b/bin/records-config.sh @@ -19,9 +19,9 @@ set +x if [ ! -z "${LOG_CONFIG_FNAME}" ]; then - echo "CONFIG proxy.config.log.config.filename STRING ${LOG_CONFIG_FNAME}" >> /usr/local/etc/trafficserver/records.config + echo "CONFIG proxy.config.log.config.filename STRING ${LOG_CONFIG_FNAME}" >> /opt/ats/etc/trafficserver/records.config fi if [ ! -z "${SSL_SERVERNAME_FNAME}" ]; then - echo "CONFIG proxy.config.ssl.servername.filename STRING ${SSL_SERVERNAME_FNAME}" >> /usr/local/etc/trafficserver/records.config + echo "CONFIG proxy.config.ssl.servername.filename STRING ${SSL_SERVERNAME_FNAME}" >> /opt/ats/etc/trafficserver/records.config fi diff --git a/bin/tls-config.sh b/bin/tls-config.sh index dd0dc99..4dd02e6 100755 --- a/bin/tls-config.sh +++ b/bin/tls-config.sh @@ -37,4 +37,4 @@ if [ ! -f "${tlskey}" ]; then exit 1 fi -echo "dest_ip=* ssl_cert_name=${tlscrt} ssl_key_name=${tlskey}" > /usr/local/etc/trafficserver/ssl_multicert.config +echo "dest_ip=* ssl_cert_name=${tlscrt} ssl_key_name=${tlskey}" > /opt/ats/etc/trafficserver/ssl_multicert.config diff --git a/bin/tls-reload.sh b/bin/tls-reload.sh index f7efb89..57b2452 100755 --- a/bin/tls-reload.sh +++ b/bin/tls-reload.sh @@ -41,7 +41,7 @@ inotifywait -e modify,move,create,delete -mr --timefmt '%d/%m/%y %H:%M' --format if [ "$newcksum" != "$oldcksum" ]; then echo "At ${time} on ${date}, tls cert/key files update detected." oldcksum=$newcksum - touch /usr/local/etc/trafficserver/ssl_multicert.config + touch /opt/ats/etc/trafficserver/ssl_multicert.config traffic_ctl config reload fi done diff --git a/charts/ats-ingress/templates/deployment.yaml b/charts/ats-ingress/templates/deployment.yaml index b249ad8..fef27be 100644 --- a/charts/ats-ingress/templates/deployment.yaml +++ b/charts/ats-ingress/templates/deployment.yaml @@ -115,10 +115,10 @@ spec: value: {{ .value }} {{- end }} ports: - - containerPort: 80 + - containerPort: 8080 name: http protocol: TCP - - containerPort: 443 + - containerPort: 8443 name: https protocol: TCP resources: diff --git a/charts/ats-ingress/values.yaml b/charts/ats-ingress/values.yaml index 4f68208..6ac2a07 100644 --- a/charts/ats-ingress/values.yaml +++ b/charts/ats-ingress/values.yaml @@ -85,13 +85,13 @@ controller: labels: {} http: - port: 80 - targetPort: 80 - nodePort: 30000 + port: 8080 + targetPort: 8080 + nodePort: 30080 https: - port: 443 - targetPort: 443 - nodePort: 30043 + port: 8443 + targetPort: 8443 + nodePort: 30443 # clusterIP: "" @@ -121,9 +121,9 @@ controller: ## log location for ATS and controller program log: trafficserver: - dir: /usr/local/var/log/trafficserver + dir: /opt/ats/var/log/trafficserver ingress: - dir: /usr/local/var/log/ingress + dir: /opt/ats/var/log/ingress ## Additional labels to add to the deployment or daemonset metadata ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ diff --git a/config/healthchecks.config b/config/healthchecks.config index 96617cc..eb0dd53 100644 --- a/config/healthchecks.config +++ b/config/healthchecks.config @@ -1 +1 @@ -/status.html /var/run/ts-alive text/plain 200 404 +/status.html /opt/ats/var/run/ts-alive text/plain 200 404 diff --git a/config/plugin.config b/config/plugin.config index 9fda2cf..a79f813 100644 --- a/config/plugin.config +++ b/config/plugin.config @@ -14,6 +14,6 @@ # See the License for the specific language governing permissions and # limitations under the License. -healthchecks.so /usr/local/etc/trafficserver/healthchecks.config -tslua.so /usr/local/go/bin/src/ingress-ats/pluginats/connect_redis.lua +healthchecks.so /opt/ats/etc/trafficserver/healthchecks.config +tslua.so /opt/ats/go/bin/src/ingress-ats/pluginats/connect_redis.lua stats_over_http.so diff --git a/config/records.config b/config/records.config index aa2ed44..94d2279 100644 --- a/config/records.config +++ b/config/records.config @@ -36,7 +36,7 @@ CONFIG proxy.config.exec_thread.affinity INT 1 # Specify server addresses and ports to bind for HTTP and HTTPS. Docs: # https://docs.trafficserver.apache.org/records.config#proxy.config.http.server_ports ############################################################################## -CONFIG proxy.config.http.server_ports STRING 80 443:ssl 80:ipv6 443:ssl:ipv6 +CONFIG proxy.config.http.server_ports STRING 8080 8443:ssl 8080:ipv6 8443:ssl:ipv6 ############################################################################## # Via: headers. Docs: @@ -195,6 +195,6 @@ CONFIG proxy.config.http.slow.log.threshold INT 0 ############################################################################## # Additional Logging and debugging for now ############################################################################## -CONFIG proxy.config.log.logfile_dir STRING /usr/local/var/log/trafficserver/ +CONFIG proxy.config.log.logfile_dir STRING /opt/ats/var/log/trafficserver/ diff --git a/config/redis.conf b/config/redis.conf index 7cca60d..cc4595c 100644 --- a/config/redis.conf +++ b/config/redis.conf @@ -15,6 +15,6 @@ # limitations under the License. port 0 -unixsocket /var/run/redis/redis.sock +unixsocket /opt/ats/var/run/redis/redis.sock unixsocketperm 777 daemonize yes diff --git a/docs/TUTORIAL.md b/docs/TUTORIAL.md index 2b54efd..8fb4af8 100644 --- a/docs/TUTORIAL.md +++ b/docs/TUTORIAL.md @@ -99,16 +99,16 @@ The following steps can be executed in any order ATS proxying should have started to work. To see proxy in action, we can use [curl](https://linux.die.net/man/1/curl): -1. `$ curl -vH "HOST:test.media.com" "$(minikube ip):30000/app1"` -2. `$ curl -vH "HOST:test.media.com" "$(minikube ip):30000/app2"` -3. `$ curl -vH "HOST:test.edge.com" "$(minikube ip):30000/app1"` -4. `$ curl -vH "HOST:test.edge.com" "$(minikube ip):30000/app2"` -5. `$ curl -vH "HOST:test.edge.com" -k "https://$(minikube ip):30043/app2"` +1. `$ curl -vH "HOST:test.media.com" "$(minikube ip):30080/app1"` +2. `$ curl -vH "HOST:test.media.com" "$(minikube ip):30080/app2"` +3. `$ curl -vH "HOST:test.edge.com" "$(minikube ip):30080/app1"` +4. `$ curl -vH "HOST:test.edge.com" "$(minikube ip):30080/app2"` +5. `$ curl -vH "HOST:test.edge.com" -k "https://$(minikube ip):30443/app2"` You may have problem with minikube using docker driver as localhost (i.e. 127.0.0.1) will be used as the cluster ip. So you will need to forward the traffic designated for the port to the ports of the ATS pods inside the cluster before the above curl commands will work. Each command below needs to be run in separate terminal. -- `$ kubectl port-forward <pod name> 30043:443 -n trafficserver-test` -- `$ kubectl port-forward <pod name> 30000:80 -n trafficserver-test` +- `$ kubectl port-forward <pod name> 30443:443 -n trafficserver-test` +- `$ kubectl port-forward <pod name> 30080:80 -n trafficserver-test` #### ConfigMap @@ -145,9 +145,9 @@ You can specify extra plugins for [plugin.config](https://docs.trafficserver.apa #### Fluentd -This project ships with [Fluentd](https://docs.fluentd.org/) already integrated with the Apache Traffic Server. The configuration file used for the same can be found [here](../k8s/configmaps/fluentd-configmap.yaml) +The above tutorial is already integrated with [Fluentd](https://docs.fluentd.org/). The configuration file used for the same can be found [here](../k8s/configmaps/fluentd-configmap.yaml) -As can be seen from the default configuration file, Fluentd reads the Apache Traffic Server access logs located at `/usr/local/var/log/trafficserver/squid.log` and outputs them to `stdout`. The ouput plugin for Fluentd can be changed to send the logs to any desired location supported by Fluentd including Elasticsearch, Kafka, MongoDB etc. You can read more about output plugins [here](https://docs.fluentd.org/output). +As can be seen from the default configuration file, Fluentd reads the Apache Traffic Server access logs located at `/opt/ats/var/log/trafficserver/squid.log` and outputs them to `stdout`. The ouput plugin for Fluentd can be changed to send the logs to any desired location supported by Fluentd including Elasticsearch, Kafka, MongoDB etc. You can read more about output plugins [here](https://docs.fluentd.org/output). #### Prometheus and Grafana diff --git a/k8s/traffic-server/ats-deployment.yaml b/k8s/traffic-server/ats-deployment.yaml index 3e2b632..9f12438 100644 --- a/k8s/traffic-server/ats-deployment.yaml +++ b/k8s/traffic-server/ats-deployment.yaml @@ -53,9 +53,9 @@ spec: name: ats-ssl readOnly: true - name: log-trafficserver - mountPath: "/usr/local/var/log/trafficserver" + mountPath: "/opt/ats/var/log/trafficserver" - name: log-ingress - mountPath: "/usr/local/var/log/ingress" + mountPath: "/opt/ats/var/log/ingress" imagePullPolicy: IfNotPresent env: - name: POD_NAME @@ -70,18 +70,16 @@ spec: # - name: INGRESS_CLASS # value: "ats" # - name: LOG_CONFIG_FNAME -# value: "/usr/local/etc/trafficserver/logging.yaml" +# value: "/opt/ats/etc/trafficserver/logging.yaml" # - name: SSL_SERVERNAME_FNAME -# value: "/usr/local/etc/trafficserver/ssl_server_name.yaml" +# value: "/opt/ats/etc/trafficserver/ssl_server_name.yaml" - name: POD_TLS_PATH value: "/etc/ats/ssl" ports: - - containerPort: 80 - hostPort: 80 + - containerPort: 8080 name: http protocol: TCP - - containerPort: 443 - hostPort: 443 + - containerPort: 8443 name: https protocol: TCP - name: log-collector @@ -96,6 +94,7 @@ spec: - name: trafficserver-exporter image: ats-ingress-exporter:latest imagePullPolicy: IfNotPresent + args: ["--endpoint=http://127.0.0.1:8080/_stats"] ports: - containerPort: 9122 volumes: @@ -121,14 +120,14 @@ spec: type: NodePort ports: - name: http - port: 80 + port: 8080 protocol: TCP - targetPort: 80 - nodePort: 30000 + targetPort: 8080 + nodePort: 30080 - name: https - port: 443 + port: 8443 protocol: TCP - targetPort: 443 - nodePort: 30043 + targetPort: 8443 + nodePort: 30443 selector: app: trafficserver-test diff --git a/pluginats/connect_redis.lua b/pluginats/connect_redis.lua index 4a71426..da90994 100644 --- a/pluginats/connect_redis.lua +++ b/pluginats/connect_redis.lua @@ -14,13 +14,13 @@ -- See the License for the specific language governing permissions and -- limitations under the License. -ts.add_package_cpath('/usr/local/lib/lua/5.1/socket/?.so;/usr/local/lib/lua/5.1/mime/?.so') -ts.add_package_path('/usr/local/share/lua/5.1/?.lua;/usr/local/share/lua/5.1/socket/?.lua') +ts.add_package_cpath('/opt/ats/lib/lua/5.1/?.so;/opt/ats/lib/lua/5.1/socket/?.so;/opt/ats/lib/lua/5.1/mime/?.so') +ts.add_package_path('/opt/ats/share/lua/5.1/?.lua;/opt/ats/share/lua/5.1/socket/?.lua') local redis = require 'redis' -- connecting to unix domain socket -local client = redis.connect('unix:///var/run/redis/redis.sock') +local client = redis.connect('unix:///opt/ats/var/run/redis/redis.sock') -- helper function to split a string function ipport_split(s, delimiter) diff --git a/redis/redis.go b/redis/redis.go index be37067..11a7647 100644 --- a/redis/redis.go +++ b/redis/redis.go @@ -30,7 +30,7 @@ type Client struct { } const ( - redisSocketAddr string = "/var/run/redis/redis.sock" + redisSocketAddr string = "/opt/ats/var/run/redis/redis.sock" // RSUCCESS is the success code returned by a Redis op RSUCCESS int64 = 1 // RFAIL is the failure code returned by a Redis op diff --git a/tests/data/setup/traffic-server/ats-deployment.yaml b/tests/data/setup/traffic-server/ats-deployment.yaml index f4b29fb..d432c4a 100644 --- a/tests/data/setup/traffic-server/ats-deployment.yaml +++ b/tests/data/setup/traffic-server/ats-deployment.yaml @@ -52,7 +52,7 @@ spec: name: ats-ssl readOnly: true - name: varlog - mountPath: /usr/local/var/log/trafficserver + mountPath: /opt/ats/var/log/trafficserver imagePullPolicy: IfNotPresent env: - name: POD_NAME