> On Aug 4, 2015, at 4:30 PM, Nikhil Marathe <nmara...@linkedin.com.INVALID>
> wrote:
>
> Hi,
>
> This is Nikhil from Linkedin Engineering.
>
> A Key Rotation feature has been added to TLS session tickets; details:
> http://comments.gmane.org/gmane.comp.apache.trafficserver.devel/2084
>
> At present, this feature relies on periodic execution of traffic_line -x to
> reload new keys. However traffic_line -x reloads entire configuration, and
> so has a much wider impact than needed.
Well, that is definitely not true. It will only reload the configuration files
that have changed.
>
> In order to address this concern and to localize the impact of reloading
> keys, we would like to propose following approach:
>
> ATS will schedule periodic continuation which checks the session ticket key
> file. The reload interval will be records.configurable. If the session
> ticket key file has been modified, ATS will reload the keys from the file.
My gut feeling tells me that this should be an API. Something where you write a
plugin, that when it decides to, tells ATS to reload the specified config file
regardless of time stamp. This would slow for a generic pattern that allows
programmatic control over config reloads.
I'm not at a computer right now, but there might be APIs in the Mgmt APIs to
do this (talking to the admin socket)? If not, it should ;) If so, we could
implement this as an external watcher process too?
Cheers,
-- Leif
>
> Please comment on the proposal!
>
> Regards,
> Nikhil Marathe
