Re: Immutable DS CDN - resolving Riak/Postgres data coherency

2018-02-20 Thread Nir Sopher
Jeremy, As I see it, you are parctically pointing at the problem of DS configuration mixture: "content delivery" fields (e.g. cache url) and "operational" fields (e.g. "active", "geo limit", "cdn" and even ssl keys) sitting in the same table subject to same api. I believe a DS should be assigned t

Re: Immutable DS CDN - resolving Riak/Postgres data coherency

2018-02-19 Thread Jeremy Mitchell
First, I'm +100 on doing a riak clean-up on DS delete but not a partial cleanup (just latest) but a full cleanup (ALL SSL keys (if applicable), ALL url sig keys (if applicable), ALL URI signing keys (if applicable)). Otherwise, when a DS gets created down the road with that same xml-id, problems ma

Re: Immutable DS CDN - resolving Riak/Postgres data coherency

2018-02-14 Thread Nir Sopher
See WIP PR: https://github.com/apache/incubator-trafficcontrol/pull/1868/files Deleting only the latest On Wed, Feb 14, 2018 at 4:56 PM, Steve Malenfant wrote: > Would deleting the certificate only remove the "latest" copy/alias? The > certificate and keys should still be retrievable manually.

Re: Immutable DS CDN - resolving Riak/Postgres data coherency

2018-02-14 Thread Steve Malenfant
Would deleting the certificate only remove the "latest" copy/alias? The certificate and keys should still be retrievable manually. Yes/No? On Tue, Feb 13, 2018 at 5:40 PM, Dave Neuman wrote: > I think I can get on board with not allowing a user to change the CDN. If > you want to change the CD

Re: Immutable DS CDN - resolving Riak/Postgres data coherency

2018-02-13 Thread Dave Neuman
I think I can get on board with not allowing a user to change the CDN. If you want to change the CDN you need to delete your DS and re-create it or create a new DS with a different XML_ID and a regex that matches the first DS. We have gone back and forth several times on deleting the keys from ri

Immutable DS CDN - resolving Riak/Postgres data coherency

2018-02-13 Thread Nir Sopher
Hi, I created a delivery service and later on realized it is in the wrong CDN. I then changed the CDN. The ssl-keys record in the riak kept referring to the old CDN, even if I generated new certificates. Traffic router was therefore unable to pull the certificate. See issue 1847