TLS Client Authentication in Traffic Control

Someone else may find this useful, so I thought I would share. (Apologies for the earlier cross-post) Configuring TLS Client Authentication in Traffic Control (Experimental Testing Procedure) = Note: Trafficserver does not currently allow per-Delivery Service (per-remap) configuration

Re: ATC Spring Summit 2018 Registration and CFP

Apologies for the late change, but we’ve moved into a larger room to give everyone more space. The room is called Newburyport and will be immediately on your left as soon as you enter. Please still check in with the lobby ambassador for badge/wifi-credentials first. —Eric On Apr 23, 2018, at

Re: Traffic Server Secondary Streaming IPs Design

)" <zhilh...@cisco.com> > wrote: > > Updated the DB schema in section 3.1.1.4 > > Thanks, > Zhilin > > > > On 04/04/2018, 11:02 AM, "Zhilin Huang (zhilhuan)" <zhilh...@cisco.com> > wrote: > >Good points. I am happy to make th

Re: Traffic Control Last-resort Routing

er to my reply inline. > > Thanks, > John > > > On 2018/4/3, 8:36 PM, "Eric Friedrich (efriedri)" <efrie...@cisco.com> wrote: > >Hey John- >1)“Last Resort Alternate domain” is incredibly similar to the Bypass FQDN. > I’d rather see us

Re: Traffic Control Last-resort Routing

Hey John- 1)“Last Resort Alternate domain” is incredibly similar to the Bypass FQDN. I’d rather see us enhance the Bypass FQDN with an optional scheme and port number, rather than add something so close in functionality. 2) Is there a definite need for the “To content origin” checkbox? If this

Re: Traffic Server Secondary Streaming IPs Design

I would prefer a consistent way to store all interface and IP address information. Its good database design practice to store similar information in similar tables (i.e. all IP info in 1 table) rather than keep some IPs in the server table and some IPs in another table. I also think this

Re: Traffic Server Secondary Streaming IPs Design

For our particular use case, it is important that if a secondary IP is down, the traffic does not move to the primary IP. This use case relates to use of the source IP address to differentiate traffic for billing purposes. We don’t want traffic to move to the primary IP as this would

Re: [VOTE] Resolution for Traffic Control graduation to TLP

+1 > On Apr 2, 2018, at 4:11 PM, David Neuman wrote: > > Dear Traffic Control community members: > > I would like to call a vote on the resolution for Traffic Control to > graduate from to an Apache TLP. We have already voted on whether or not we > should start the

Re: TM: Question about the poll model of the Traffic Monitor

The use case behind this question probably deserves a longer dev@ email. I will oversimplify: we are extending TC to support multiple IPv4 (or multiple IPv6) addresses per edge cache (across 1 or more NICs). Assume all addresses are reachable from the TM. —Eric > On Mar 28, 2018, at 11:37

Re: Delivery Service Origin Refactor

> On Mar 22, 2018, at 12:27 PM, Rawlin Peters wrote: > > This Origin Refactor proposal was probably too much to parse at once. > Here's a slightly shorter version: > 1. Split Locations out of the Cachegroup table into their own table EF> Location is latitude/longitude?

Re: Delivery Service Origin Refactor

> On Wed, Mar 14, 2018 at 8:56 AM, Eric Friedrich (efriedri) > <efrie...@cisco.com> wrote: >> I understand the goals behind Client Steering Delivery Services, but I don’t >> fully understand the motivation behind these changes. >> >> We want redundancy in our liv

Re: Delivery Service Origin Refactor

I understand the goals behind Client Steering Delivery Services, but I don’t fully understand the motivation behind these changes. We want redundancy in our live delivery services. Take a national channel and make two copies of it on two origins. Clients can choose DiscoveryA or DiscoveryB

Re: Backup Cache Group Selection

67a::\/64", >>>>>>>>>"1234:567b::\/64" >>>>>>>>> ], >>>>>>>>> "network": [ >>>>>>>>>"10.197.69.0\/24" >>>>>>>>

Re: Backup Cache Group Selection

ng these relations in whatever > script we're using to generate the CZF. We'd get benefits like > validation and typo safety, and who knows maybe in the future we could > have a map in TP to visualize the relationships between cache groups > for troubleshooting. > > - Rawlin >

Re: Backup Cache Group Selection

put the new backup config there as well. After that, > coordinates would only be needed in the CZF for coverage zones that > don't map to cache groups. > > - Rawlin > > On Fri, Mar 9, 2018 at 12:46 PM, Eric Friedrich (efriedri) > <efrie...@cisco.com> wrote: >>

Re: Backup Cache Group Selection

ncubator-trafficcontrol/pull/1908 > [2] > https://lists.apache.org/thread.html/b033b3943c22a606370ad3981fa05fb0e7039161b88bbc035bc49b25@%3Cdev.trafficcontrol.apache.org%3E > [3] > http://traffic-control-cdn.readthedocs.io/en/latest/admin/traffic_ops/using.html#the-coverage-zone-file-and-asn-ta

Re: [VOTE] Release Apache Traffic Control (incubating) 2.2.0-RC2

+1 I checked the following: - Release hashes and signatures good - Release builds via pkg - TO, TR, TM fresh install and start/retrieve config - Looked through RAT Nitpick in the below email: the SHA checksum is a SHA-512 not a SHA-1 —Eric > On Mar 5, 2018, at 1:25 PM, Robert Butts

Re: [VOTE] Traffic Control graduation to TLP

+1 for graduation > On Mar 1, 2018, at 12:13 PM, Jan van Doorn wrote: > > +1 > > On Thu, Mar 1, 2018 at 9:38 AM Chris Lemmons wrote: > >> The Traffic Control project has grown so much over the last year, it's >> incredible. >> >> +1 >> >> On Thu, Mar 1,

Re: Google Summer of Code 2018 Mentor Registration

mke <mark.torlue...@gmail.com> wrote: > > +1 on the API migration suggestion. > > On Mon, Feb 26, 2018 at 10:50 AM, Dave Neuman <neu...@apache.org> wrote: > >> I think any of the perl -> go API stuff would be great. >> >> On Mon, Feb 26, 201

Re: Steering Target Geo-Ordering

the content on the origins themselves go, they'd have to be interchangeable from the client's perspective, but I'm not sure if it would have to be identical or not. I imagine that would really depend on what the steering DS is providing the client. - Rawlin On Tue, Feb 27, 2018 at 10:37 AM, Eric

Re: Steering Target Geo-Ordering

In this example, what would be the assignments of delivery services to edge Cache Groups? Are all 3DS’ assigned to all 3 Cache Groups? I’ll also assume that the content on the origins, while interchangeable from a clients perspective, is not identical? (i.e. might contain regionalized

Re: Traffic Ops API Swagger Doc

Is it possible to take the swagger generated documentation and have that automatically included in the read-the-docs site? Asked another way: Can swagger generate docs in ReStructed Text (.rst) format? —Eric > On Feb 20, 2018, at 11:38 AM, Dave Neuman wrote: > > Sounds

Re: Traffic Router Enhancement - Default Maxmind Geolocation Override

ll, the postal code is null, and the subdivisions list is empty. If these > conditions are met, we check for an instance of maxmind.default.override with > the same country code. This allows users to have one MaxMind override per > country, per CDN. > > -Jesse > > On 2/15

Re: Traffic Router Enhancement - Default Maxmind Geolocation Override

How does the suggested fix know when maxmind is returning a “default location” versus an actual location? Hopefully the solution is applicable to CDNs which are spread across multiple countries and geographies? —Eric > On Feb 13, 2018, at 1:34 PM, Rawlin Peters

Re: Traffic Server DB Issue

Traffic Control alone cannot do this. Try looking at tools like Nagio, Sensu, Prometheus, or the InfluxData TICK stack for alerting. —Eric > On Feb 1, 2018, at 4:35 AM, Satheeshkumar wrote: > > One more doubt how to set email alert if any Mid and Edge server down > >

Re: TC 2.2 Release - Outstanding Issues

His PR will update server.xml back to BIO —Eric > On Jan 30, 2018, at 12:03 PM, David Neuman <david.neuma...@gmail.com> wrote: > > Jeff is planning to open a PR to actually fix the leak or to update the > server.xml to use the BIO connector? > > On Tue, Jan 30, 2018 at

Re: TC 2.2 Release - Outstanding Issues

Thanks Dave- I’d like to keep it as a must-have in 2.2. We had a severe issue in production with the NIO connection when deploying 2.1. Jeff M is planning to open a PR to fix it in the 2.2 release. I understand the issue will be moot after upgrading to Tomcat, but the current 2.1 release

Re: Starting the 2.2 Branch for Next Release of TC

Hey Rob- Thanks for taking on the RM duties! We’ve got 22 major open bugs in Github Issues currently:

Re: [VOTE] CHANGELOG.md file (second try)

[X] +1 to adding a changelog.MD file [] -1 to adding a changelog.MD file [] +1 to adding a changelog label in github [X] -1 to adding a changelog label in github I don’t think an auto-generated changelog will provide enough value to our users. Asking for updates to changelog.md in each PR will

Re: Changing max_dns_answers default

> > On 12/4/17, 1:22 PM, "Eric Friedrich (efriedri)" <efrie...@cisco.com> wrote: > >It looks like this will modify existing values as well (so its not really > a default)? > >> On Dec 4, 2017, at 3:03 PM, Durfey, Ryan <ryan_dur...@comcast.com> wro

Re: [VOTE] Release Apache Traffic Control (incubating) 2.1.0-RC2

ng), Router and Stats. > Also got a redirect. > Note that I missed the last commit ("Change cdn.name to cdn.domain_name in > DeliveryServiceInfoForDomainList"), but as far as I see it could not break > the installation. > Nir > > On Tue, Nov 14, 2017 at 8:10 PM, Eri

Re: [VOTE] Release Apache Traffic Control (incubating) 2.1.0-RC2

hew_mi...@comcast.com>> wrote: FYI, Go itself has the same file https://github.com/golang/go/blob/master/PATENTS On 11/14/17, 10:36:43 AM, "Eric Friedrich (efriedri)" <efrie...@cisco.com> wrote: I’ve been going through licensing for the 2.1 release and found this file

Re: [VOTE] Release Apache Traffic Control (incubating) 2.1.0-RC2

I’ve been going through licensing for the 2.1 release and found this file: ./traffic_stats/vendor/golang.org/x/net/PATENTS This looks like it places some of the same restrictions that caused the whole Facebook React.js and rocksDb controversy a few months ago.

Re: [VOTE] Release Apache Traffic Control (incubating) 2.1.0-RC1

Do PRs/issues that don’t have a milestone assigned still end up in this changelog? I know theres a bunch more that went into 2.1 that isn’t in this list. Should we make sure that every PR/Issue is assigned a milestone before its merged? > On Oct 26, 2017, at 12:52 PM, Hank Beatty

Re: Anonymous IP Blocking Flowchart

; > On Thu, Oct 19, 2017 at 1:55 PM, Eric Friedrich (efriedri) > <efrie...@cisco.com> wrote: >> Just realized the first diagram I put up was outdated >> >> The response to anonymous IP blocking is actually configurable between a >> slate (302 redirect to a new UR

Re: Traffic Ops API Semantic Versioning

t; >> What's the consensus here? Does everyone agree with Semantic Versioning? Do >> we want to commit to requiring it? Is there a consensus? Or should we take >> a vote, whether to require Semantic Versioning, Absolute Versioning, or No >> Version? >> >>

Anonymous IP Blocking Flowchart

Here is flowchart requested at the summit. I’ll put this diagram along with the rest of the slides up soon Its a link to a PNG despite the horribly formatted URL https://cisco.box.com/s/4rwd6kk069vdmzxpp2ak0vt2elds0ufc —Eric

Traffic Ops API Semantic Versioning

Does Traffic Ops expose a semantic version number as part of its API? http://semver.org/ "Given a version number MAJOR.MINOR.PATCH, increment the: 1. MAJOR version when you make incompatible API changes, 2. MINOR version when you add functionality in a backwards-compatible manner, and

Re: Apache Cwiki vs. Github Wiki vs. Github Docs

I’m pretty solidly against getting rid of the Wiki altogether for the reasons Jan laid out. I’d also like to know more about the Github Wiki workflow before we make a decision. For example, can someone actually open a PR against a Wiki page? —Eric > On Sep 26, 2017, at 8:46 PM, Durfey, Ryan

Re: Removing installation dependencies

a changes… > > I’ll be more careful pulling in something new like that next time, sorry… > > Cheers, > JvD > > >> On Sep 14, 2017, at 10:06 AM, Eric Friedrich (efriedri) <efrie...@cisco.com> >> wrote: >> >> As we’re moving to TC2.1, we’ve found

Removing installation dependencies

As we’re moving to TC2.1, we’ve found that the goose migration requires not just the goose binary to be installed, but also the go compiler and a fairly large set of dependencies. Most of these are a result of the migration of the MSO parent_retry parameters from the DS table into the

Re: Traffic Controller on RedHat Servers

We’ve successfully run Traffic Control on Red Hat Servers. Some of the RPM versions are slightly different but there are no major changes required —Eric > On Sep 13, 2017, at 1:24 PM, Burak Sarp wrote: > > Hi all, > I know that traffic controller requires

Re: Configuration Management - Rules Engine

guration effect on the cache, but are used for various things. > > -MM > > On 9/5/17, 7:01:29 AM, "Eric Friedrich (efriedri)" <efrie...@cisco.com> wrote: > >Actual Wiki link is here: > https://cwiki.apache.org/confluence/display/TC/Configuration+Management

Re: Configuration Management - Rules Engine

Actual Wiki link is here: https://cwiki.apache.org/confluence/display/TC/Configuration+Management#ConfigurationManagement-Rules_Engine What is the difference between a parameter and a service rule? From the examples, it looks like parameters are all the legacy behaviors we have today and

Re: Github Issue Organization and Admin Document Updates

The JIRA site is currently marked as read-only. I would expect that any changes there will fail. —Eric > On Aug 31, 2017, at 10:49 AM, Durfey, Ryan wrote: > > With the transition of issues to Github, we will be making efforts to > organize the github issues and

Re: [VOTE] Bugtracking in Github Issues

Thanks Leif- I’ll check with the Incubator gurus. We already pulled the trigger, so at this point its more about asking for forgiveness. —Eric On Aug 29, 2017, at 6:47 PM, Leif Hedstrom <zw...@apache.org<mailto:zw...@apache.org>> wrote: On Aug 28, 2017, at 10:38 AM, Eric Friedri

[VOTE] Bugtracking in Github Issues

We currently use JIRA Issues to track all of the Traffic Control bugs. Now that we have write access to Github, we can move back to GH Issues for bug tracking. This will be a better workflow because its one fewer tool and account to have to interact with. This will hopefully lower the bar

Re: Preventing routing to individual caches

") that already exists? It doesn't appear to be checked when > generating CRConfig right now, but maybe it should be? > >> > >> --Rawlin > >> > >> On 2017-08-22 11:45, "Gelinas, Derek" <derek_geli...@comcast.com> > wrote: >

RE: Preventing routing to individual caches

22, 2017 at 8:45 PM, Gelinas, Derek <derek_geli...@comcast.com<mailto:derek_geli...@comcast.com>> wrote: I'd agree with you if this was designed to drain, but this is intended as a permanent state for a pretty good long list of caches. DG On Aug 22, 2017, at 1:28 PM, Eric Friedri

Re: Preventing routing to individual caches

und we’re using at the moment - setting them to > admin_down. That’s a temporary measure, though - we want something more > permanent. > > DG >> On Aug 22, 2017, at 1:09 PM, Eric Friedrich (efriedri) <efrie...@cisco.com> >> wrote: >> >> How does your use case d

Re: Preventing routing to individual caches

How does your use case differ from marking a server as offline in Traffic Ops and snapshotting? Thats the easiest way I can think of to get a server in this state —Eric > On Aug 22, 2017, at 1:00 PM, Gelinas, Derek wrote: > > We’ve run across a situation in which

Re: Adding support for per-DeliveryService routing names

ice rather than a fully-customized domain. > That way > they can change their DS more freely without the HOST_REGEXP requiring > constant updating. > > --Rawlin > > On 8/4/17, 10:50 AM, "Eric Friedrich (efriedri)" <efrie...@cisco.com> wrote: > >As I

Re: Adding support for per-DeliveryService routing names

o makes it so we don't have to have a CDN wide setting. (and Rawlin, I think you mean to say DS_PROFILE rather than TR_PROFILE type to add the param to if we chose to do that?? Or was it the default that goes into TR_PROFILE and the override into DS_PROFILE?). In any case - if we make the columns NO

Re: Traffic Ops Golang Migration Proposal

ll that, and then change the config of the Golang TO to serve on the real port (443). As proposed, once all endpoints are rewritten, we simply remove the old TO from the RPM and Service, and users just upgrade, and it keeps working, with no changes to config, Puppet, RPM, or anything else. I'd ful

Re: 2.1 RM

Hey Hank- Many Thanks. Your RM baseball cap will be in the mail! I need to clean up the Release Management wiki page a bit for you. I’ll try to do that in the next few days. When’s the release branch get pulled? ;-) —Eric > On Jul 17, 2017, at 3:03 PM, Dan Kirkwood

Re: 2.1 RM

Any takers for 2.1 release manager? Dan and I will both make ourselves available to help out and the process is pretty well known at this point. —Eric > On Jul 6, 2017, at 2:12 PM, Dan Kirkwood wrote: > > fwiw, 1.8.0 was lengthy because of the transition to Apache

Re: Promote Golang Traffic Monitor to Default

I think I remember Rob making this point in Miami, but all of TMs APIs (REST, CRConfig, Health.json, etc…) are identical between the Java and Golang version, right? What about compatibility with earlier versions of TC? For example: - Can a TC1.7 traffic ops configure a Golang TM? - Does the

Re: Support custom routing selection logics

Thanks John- A few more questions: - Are there any extensions to the Track class needed here? - Can we indicate in the access log how the plugins caused the request to be routed? If a plugin wanted to add additional detail to a Track object is that possible? - Can a plugin

Re: Custom Delivery Service Domain Support

Thanks Zhilin- Could I use a domain of just “topdomain-cdn.com” or does it require a minimum of three levels? Is configuration just in delivery service or does the domain_name parameter need to be modified too? > On Jun 21, 2017, at 4:56 AM, Zhilin Huang (zhilhuan) >

Re: [VOTE] Release Apache Traffic Control 2.0.0-incubating (RC6)

eb of >> trust, but according to >> http://www.apache.org/dev/release-distribution.html#sigs-and-sums : >> >> "Signing keys SHOULD be linked into a strong web of trust." >> >> We should get Eric's key signed at the earliest opportunity, but it'

[VOTE] Release Apache Traffic Control 2.0.0-incubating (RC6)

Hello All, I've prepared the next candidate release for incubator-trafficcontrol v2.0.0 (RC6) Changes since 1.8.1:

[VOTE] Release Apache Traffic Control 2.0.0-incubating (RC5)

Hello All, I've prepared the next candidate release for incubator-trafficcontrol v2.0.0 (RC5) Changes since 1.8.0: https://github.com/apache/incubator-trafficcontrol/compare/RELEASE-1.8.1-RC0...RELEASE-2.0.0-RC5 This corresponds to git: Hash: b64848e38a09ee372c9a21a3652ea210962ccffa Tag:

Re: Traffic Ops Default Profile Management

Can we include an ORIGIN profile? Does TRAFFIC_PORTAL need a profile too? (I’ve never set it up) —Eric > On Jun 12, 2017, at 1:14 PM, Dewayne Richardson wrote: > > Based upon the discussion around how we manage the default profiles Traffic > Ops profiles for 2.0 and 2.1, I

Re: [VOTE] Release Apache Traffic Control 2.0.0-incubating (RC4)

gt;> Can't use an undefined value as an ARRAY reference at >>>> /opt/traffic_ops/install/bin/_postinstall line 211, line 13. >>>> >>>> And I've already started looking into it... >>>> >>>> It is trying to load the secre

RE: Update on RFC7871 - Client Subnet in DNS Support

local caching DNS. On Tue, Jun 6, 2017 at 2:50 PM, Eric Friedrich (efriedri) < efrie...@cisco.com> wrote: > Thanks Ryan- >We will certainly have the option to disable use of this if you don’t > want to use it. > > This is useful feedback though and I’ll be sure to push on

[CANCEL] [VOTE] Release Apache Traffic Control 2.0.0-incubating (RC3)

Jun 5, 2017 at 9:53 AM, Jeff Elsloo <els...@apache.org> wrote: >> +1 on this, signature and hashes validate. >> -- >> Thanks, >> Jeff >> >> >> On Mon, Jun 5, 2017 at 7:03 AM, Eric Friedrich (efriedri) >> <efrie...@cisco.com> wrote: >>>

[VOTE] Release Apache Traffic Control 2.0.0-incubating (RC3)

Hello All, I've prepared the next candidate release for incubator-trafficcontrol v2.0.0 (RC3) Changes since 1.8.0: https://github.com/apache/incubator-trafficcontrol/compare/RELEASE-1.8.1-RC0...RELEASE-2.0.0-RC3 This corresponds to git: Hash: 795ea3adf2003dd27523b6b9ff4691f23d41ce30 Tag:

[CANCEL][VOTE] Release Apache Traffic Control 2.0.0-incubating (RC2)

; The source tar ball does not extract a proper directory structure. > > Thanks, > Dave > > On Thu, Jun 1, 2017 at 9:31 AM, Jeff Elsloo <jeff.els...@gmail.com> wrote: > >> I'm +1 on this. Thanks for creating the RC Eric! >> -- >> Thanks, >> Jef

Update on RFC7871 - Client Subnet in DNS Support

We are planning to add support for RFC7871 to Traffic Router. Here is a brief description of the feature. Comments appreciated! Background Clients do not make DNS requests directly to TR. Typically TR requests come from DNS resolvers within the infrastructure. Today, Cache Group selection for

[VOTE] Release Apache Traffic Control 2.0.0-incubating (RC2)

Hello All, I've prepared the next candidate release for incubator-trafficcontrol v2.0.0 (RC2) Changes since 1.8.0: https://github.com/apache/incubator-trafficcontrol/compare/RELEASE-1.8.1-RC0...RELEASE-2.0.0-RC2 This corresponds to git: Hash: 795ea3adf2003dd27523b6b9ff4691f23d41ce30 Tag:

Re: LDAP Access

Is there an option to entirely block someone from even basic TO access despite authenticating with LDAP? > On May 31, 2017, at 11:24 AM, Robert Butts wrote: > > We have a PR https://github.com/apache/incubator-trafficcontrol/pull/627 to > change Traffic Ops to only

Re: Getting CZF data from BGP?

Hey Jan- Are you looking to build a static CZF based off of BGP inputs? Are you looking for something that will listen to BGP and create a “real-time CZF” that responds to routing/CG changes? Or something else? > On May 30, 2017, at 1:00 PM, Jan van Doorn wrote: > > Hi,

Re: Duplicate TO API routes

Thumbs up on removal > On May 19, 2017, at 1:58 PM, Jeremy Mitchell wrote: > > @Eric_Friedrich - any concerns from you regarding removal of these > duplicate routes? Here they are to summarize: > > remove GET /api/$version/deliveryservices/list in favor of GET >

Re: [VOTE] Move Traffic Control to full GitHub

I don’t think we can begin moving stuff over until we have write access to the Github repo. It looks like the Issues and Wiki tabs are disabled currently —Eric On May 19, 2017, at 11:34 AM, Durfey, Ryan > wrote: Unless there are any

Traffic Control SLA

Hi All- We had some discussion around what level of support we want to offer to users of our software. I'd like to suggest a policy that for all releases we will fix all security issues and we will fix regressions at discretion of the release manager. There was also discussion about

Re: [VOTE] Adding a CHANGELOG.md file

e categories are mutually >>>>> exclusive in Jira and labels in github are not. You could also have a >>>>> developer run the script regularly, or have CI do it. >>>>> >>>>> To Eric's comment, if you can make that indication in

Re: [VOTE] Adding a CHANGELOG.md file

What about a compromise where developer chooses whether or not a feature/important fix is worth mentioning in the release notes. This would be at feature granularity not individual commit. Then at release build time, a script gathers from JIRA/Github API all fixes that were committed in that

Re: 2.0 release?

another look at 2.0 and see if it is a viable release > that we should move forward with, is that everyone else's understanding as > well? > Does anyone know of any showstopper issues that still exist? > > Thanks, > Dave > > On Mon, Apr 10, 2017 at 9:19 PM, Eric Friedrich (ef

Re: Moving Traffic Control the "full" github

I am all for one less tool to use. Also I think it will lower bar to bringing more people into our project if they don’t have to sign up for the ASF JIRA separately. —Eric > On May 17, 2017, at 10:57 AM, Mark Torluemke wrote: > > Also +1. Part of the move from

Re: API GW route configuration

e missed it, but how is the route from the Gateway to TO > secured? > > On Fri, May 12, 2017 at 8:41 AM David Neuman <david.neuma...@gmail.com> > wrote: > >> +1 on keeping in on the mailing list >> >> On Fri, May 12, 2017 at 7:52 AM, Eric Friedrich (efrie

Re: API GW route configuration

also migates this angle.) > > He > > > >> knows > > > >> > > that as soon as he starts his nefarious deed, alarms are going > to > > go > > > >> off, > > > >> > > so he also uses this local b

Re: Backup Cache Group Selection

oo <jeff.els...@gmail.com> wrote: Yes, that's correct. -- Thanks, Jeff On Thu, Mar 30, 2017 at 11:20 AM, Eric Friedrich (efriedri) <efrie...@cisco.com> wrote: Thanks Jeff- Could I think of it as the following? Echoing back to be sure I understand... If there is a lat/long for a cache g

Re: API GW route configuration

From a higher level- what is purpose of the API Gateway? It seems like there may have been some previous discussions about API Gateway. Are there any notes or description that I can catch up on? How will it be deployed? (Is it a standalone service or something that runs inside the

Re: Delivery-Service Configuration Versioning

Thanks Nir- Comments inline > On May 1, 2017, at 1:12 PM, Nir Sopher wrote: > > Dear all, > > Planning the efforts toward "self-service", we are considering > "delivery-service configuration versioning" (DSCV) as one of our next > steps. > In a very high level, by DSCV we refer

Re: Access Control - Limiting Roles / Capabilities Tenant Admins can Assign to Users

Could we further differentiate the user creation capabilities to: - Create CDN Admin user - Create CDN Ops user - Create CDN Viewer user - Create Tenant Admin user - Create Tenant Ops user - Create Tenant Viewer user Then only the CDN-Admin role would have the capability to create a cdn admin

Re: Goose installer script

;> >>> >>> >>> On Sun, Apr 30, 2017 at 10:20 PM, Mark Torluemke <mtorlue...@apache.org> >>> wrote: >>>> On Sun, Apr 30, 2017 at 7:05 PM, Gelinas, Derek < >>> derek_geli...@comcast.com> >>>> wrote: >>>> &

Re: Proposed changes to xml_id on a delivery service (from the API perspective)

I’m also OK with making xml_id immutable. I’d like us to look at having less restrictions in naming of DS Regexs rather than more. We have many use cases where the existing DS Regex is not sufficient and I think fixing it to xmlID would only worsen the problem. A specific case: xml_id is

Re: Goose installer script

ll the Perl version then >>> become obsolete? >>> >>> On Fri, Apr 28, 2017 at 11:58 AM, Dave Neuman <neu...@apache.org> wrote: >>> >>>> Maybe it's time we take a look at what goose really buys us and >> consider >>>> writing our own

Re: Goose installer script

Hey Dew- What calls this script? If its called from the Traffic Ops Spec file, then this will cause some pain for those of us that need to install without internet access. —Eric > On Apr 28, 2017, at 12:41 PM, Dewayne Richardson wrote: > > I'm working toward a more

Re: Proposal for CDN definition file based configuration management

) and we have *1K *revisions per DS. > In such a case versioning will use 10GB, which I believe is not an issue > for postgres to hold (yet, I'm not a postgres expert). > > Nir > > > On Thu, Apr 13, 2017 at 3:53 PM, Eric Friedrich (efriedri) < > efrie...@cisco.com>

Re: Proposal for CDN definition file based configuration management

n <ryan_dur...@comcast.com> >>> wrote: >>> >>>> Started a new wiki page to discuss this here https://cwiki.apache.org/ >>>> confluence/display/TC/Configuration+Management >>>> >>>> I will do my best to summarize the discussion bel

Re: Recent changes to ATS config file generation

Thanks Derek- - ORT will not update regex_revalidate unless the parents have been cleared. EF> Is this based on the parent’s upd_pending or the parent’s reval_pending? - ORT will ignore the upd_pending state of the parents during syncds. EF> Isn’t it important that parent’s upd_pending be

Re: API GW, new AAA model and legacy AAA model in Traffic Ops

Thanks Amir- > On Apr 3, 2017, at 11:03 AM, Amir Yeshurun <am...@qwilt.com> wrote: > > Hi Eric, please see response inline > > On Mon, Apr 3, 2017 at 3:20 PM Eric Friedrich (efriedri) <efrie...@cisco.com> > wrote: > >> Hey Amir- >> Makes sense. >

Re: API GW, new AAA model and legacy AAA model in Traffic Ops

Hey Amir- Makes sense. 1) Will API Gateway be a service external to TO (like a trafficserver/nginx proxy responsible just for authorization)? 2) The API GW will be performing the authorization, so will it need access to the TO DB to read the policy stored there? This seems like it may be

Re: Backup Cache Group Selection

; John >>>>> >>>>> >>>>> On 27/01/2017, 10:51 PM, "Jeff Elsloo" <jeff.els...@gmail.com> wrote: >>>>> >>>>>Steve: I don't think the patch is required, however, as Eric found, >>>>>wi

Re: adding new edge server

rak On Monday, March 20, 2017 8:31 PM, Eric Friedrich (efriedri) <efrie...@cisco.com<mailto:efrie...@cisco.com>> wrote: Did you add the IP of the Traffic Monitor to the ip_allow config parameter in Traffic Ops? —Eric > On Mar 20, 2017, at 1:20 PM, Burak Sarp > <sarp_bu

Re: adding new edge server

Did you add the IP of the Traffic Monitor to the ip_allow config parameter in Traffic Ops? —Eric > On Mar 20, 2017, at 1:20 PM, Burak Sarp wrote: > > Hi all, > I added new Edge server, I can reach contents from edge servee, so traffic > server is running and

Re: Update Delivery Service URL

You will also need to queue updates for the caches assigned to this delivery service and run the ORT script in “syncds” mode to update the configuration on the caches. This is how remap.config is changed. CRConfig only goes out to Traffic Monitor and Traffic Router. This is pretty safe to do

Re: Public CI Builds for Traffic Control

ld slave), assuming that doesn't break Apache's rules. The CI doesn't need a ton of gas, but the more oomph it has, the more granularly it can build and more aggressively we can test. On Sun, Mar 12, 2017 at 6:54 PM Eric Friedrich (efriedri) < efrie...@cisco.com> wrote: Hey All- I’d played around

Re: Public CI Builds for Traffic Control

e most flexibility if we could get one or more companies to donate a publicly accessible host (or even theoretically, a build slave), assuming that doesn't break Apache's rules. The CI doesn't need a ton of gas, but the more oomph it has, the more granularly it can build and more aggressively we can test. On

  1   2   >