[GitHub] [trafficcontrol] traeak opened a new pull request, #7090: t3c/parentdotconfig: enforce mso.parent_retry ds parameter
traeak opened a new pull request, #7090: URL: https://github.com/apache/trafficcontrol/pull/7090 Currently during t3c parent.config line generation the parent_retry is always set to "both". During t3c parent.config line generation the t3c code uses the `mso.parent_retry` ds parameter only to fill in default unavailable_server_retry_responses or simple_server_retry_responses with default values if none were specified. The value of the mso.parent_retry isn't stored by the ParentAbstractionService struct. It is later inferred by the contents of "max_simple_retries", "unavailable_server_retries", "simple_server_retry_responses" and "unavailable_server_retry_responses". This PR examines the value of mso.parent_retry and attempts to force the ParentAbstrationService to have valid values in it for that condition specified. ## Which Traffic Control components are affected by this PR? - Documentation - Traffic Control Cache Config (`t3c`, formerly ORT) - Traffic Control Health Client (tc-health-client) - Traffic Control Client - Traffic Monitor - Traffic Ops - Traffic Portal - Traffic Router - Traffic Stats - Grove - CDN in a Box - Automation - unknown ## What is the best way to verify this PR? ## If this is a bugfix, which Traffic Control versions contained the bug? ## PR submission checklist - [x] This PR has tests - [x] This PR has documentation - [x] This PR has a CHANGELOG.md entry - [x] This PR **DOES NOT FIX A SERIOUS SECURITY VULNERABILITY** (see [the Apache Software Foundation's security guidelines](https://apache.org/security) for details) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@trafficcontrol.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [trafficcontrol] srijeet0406 commented on a diff in pull request #7079: Assign multiple servers to a capability
srijeet0406 commented on code in PR #7079: URL: https://github.com/apache/trafficcontrol/pull/7079#discussion_r981477784 ## traffic_ops/traffic_ops_golang/server/servers_server_capability.go: ## @@ -527,3 +527,70 @@ func AssignMultipleServerCapabilities(w http.ResponseWriter, r *http.Request) { api.WriteAlertsObj(w, r, http.StatusOK, alerts, msc) return } + +// AssignMultipleServersToCapability helps assign multiple servers to a given capability. +func AssignMultipleServersToCapability(w http.ResponseWriter, r *http.Request) { + inf, userErr, sysErr, errCode := api.NewInfo(r, nil, nil) + tx := inf.Tx.Tx + if userErr != nil || sysErr != nil { + api.HandleErr(w, r, inf.Tx.Tx, errCode, userErr, sysErr) + return + } + defer inf.Close() + + var mspc tc.MultipleServersToCapability + if err := json.NewDecoder(r.Body).Decode(); err != nil { + api.HandleErr(w, r, tx, http.StatusBadRequest, err, nil) Review Comment: It'll help us debug if we add some context into the error, alongwith the actual error. Something like `error decoding request body into multipleServersToCapability object: ` ## traffic_ops/testing/api/v4/server_server_capabilities_test.go: ## @@ -223,7 +233,14 @@ func TestServerServerCapabilities(t *testing.T) { }) case "PUT": t.Run(name, func(t *testing.T) { - alerts, reqInf, err := testCase.ClientSession.AssignMultipleServerCapability(msc, testCase.RequestOpts, serverId) + var alerts tc.Alerts Review Comment: Could we also add some `GET` call that checks whether or not the capability was actually added to the servers? ## traffic_ops/traffic_ops_golang/server/servers_server_capability.go: ## @@ -527,3 +527,70 @@ func AssignMultipleServerCapabilities(w http.ResponseWriter, r *http.Request) { api.WriteAlertsObj(w, r, http.StatusOK, alerts, msc) return } + +// AssignMultipleServersToCapability helps assign multiple servers to a given capability. +func AssignMultipleServersToCapability(w http.ResponseWriter, r *http.Request) { + inf, userErr, sysErr, errCode := api.NewInfo(r, nil, nil) + tx := inf.Tx.Tx + if userErr != nil || sysErr != nil { + api.HandleErr(w, r, inf.Tx.Tx, errCode, userErr, sysErr) + return + } + defer inf.Close() + + var mspc tc.MultipleServersToCapability + if err := json.NewDecoder(r.Body).Decode(); err != nil { + api.HandleErr(w, r, tx, http.StatusBadRequest, err, nil) + return + } + + //loop through server list to check if the type is MID and/or EDGE + for _, sid := range mspc.ServersIDs { + correctType := true + if err := tx.QueryRow(scCheckServerTypeQuery(), sid).Scan(); err != nil { + api.HandleErr(w, r, tx, http.StatusInternalServerError, nil, fmt.Errorf("checking server type: %w", err)) + return + } + if !correctType { + userErr := fmt.Errorf("server %d has an incorrect server type. Server capability can only be assigned to EDGE or MID servers", sid) + api.HandleErr(w, r, tx, http.StatusBadRequest, userErr, nil) + return + } + } + + multipleServersPerCapability := make([]string, 0, len(mspc.ServersIDs)) + + //Delete existing rows from server_server_capability for a given server capability + _, err := tx.Exec("DELETE FROM server_server_capability ssc WHERE ssc.server_capability=$1", mspc.ServerCapability) + if err != nil { + useErr, sysErr, statusCode := api.ParseDBError(err) + api.HandleErr(w, r, tx, statusCode, useErr, sysErr) + return + } + + mspcQuery := `WITH inserted AS ( + INSERT INTO server_server_capability + SELECT $2, "server" + FROM UNNEST($1::int[]) AS tmp("server") + RETURNING server + ) + SELECT ARRAY_AGG(server) + FROM ( + SELECT server + FROM inserted + ) AS returned(server)` + + err = tx.QueryRow(mspcQuery, pq.Array(mspc.ServersIDs), mspc.ServerCapability).Scan(pq.Array()) + if err != nil { + useErr, sysErr, statusCode := api.ParseDBError(err) + api.HandleErr(w, r, tx, statusCode, useErr, sysErr) + return + } + for i, val := range multipleServersPerCapability { + mspc.ServersIDs[i], _ = strconv.Atoi(val) Review
[GitHub] [trafficcontrol] mkrug1981 commented on issue #7089: Traffic Router default certificate configuration for port 443
mkrug1981 commented on issue #7089: URL: https://github.com/apache/trafficcontrol/issues/7089#issuecomment-1259362218 What I have tried already is to try and set a certificate via keyStore file with **CN=default.invalid** `[root@sn-tr0001-blstg conf]# keytool -list -v -keystore /opt/traffic_router/conf/keyStore.jks Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry Alias name: sn-tr0001-blstg Creation date: 26 Sep 2022 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=default.invalid, OU=APIDefault, O=Apache Traffic Control, L=Denver, ST=Colorado, C=US Issuer: CN=default.invalid, OU=APIDefault, O=Apache Traffic Control, L=Denver, ST=Colorado, C=US Serial number: 7816ef6f Valid from: Mon Sep 26 19:55:54 UTC 2022 until: Thu Sep 23 19:55:54 UTC 2032 Certificate fingerprints: SHA1: A7:8A:35:BE:9F:76:3E:C8:36:98:3A:A8:74:63:2E:78:24:34:30:00 SHA256: 9A:F3:0A:13:3E:33:FE:5F:B5:38:C4:ED:27:A8:81:BC:70:6F:A9:6C:9C:A8:82:06:A7:F4:01:F4:05:2B:51:5D Signature algorithm name: SHA256withRSA Subject Public Key Algorithm: 2048-bit RSA key Version: 3` Unfortunately I still get the certificate back which the java code generates during TR startup [trafficcontrol/traffic_router/connector/src/main/java/org/apache/traffic_control/traffic_router/secure/CertificateRegistry.java](https://github.com/apache/trafficcontrol/blob/070df30363152ce63aa4111e7ad7678ca6c1d280/traffic_router/connector/src/main/java/org/apache/traffic_control/traffic_router/secure/CertificateRegistry.java#L81-L129) **curl Examples:** --- 1st the CN from the certificate -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@trafficcontrol.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org