Comments (6)
I don't believe this will be backported to 2.1. Moving to 2.2
from trafficcontrol.
During some of my testing, I've had a few issues with the API call related to getting certificate for a CDN. I have a few questions here.
-
The API
GET /api/1.2/cdns/name/:name/sslkeys
brings up all certificates from Riak for a CDN no matter if the delivery service is configured or not in Traffic Ops. I believe this impacts both ORT and Traffic Router and can lead to some issues hard to resolve. If this is implemented, this might help with this situation. -
On delete, should we keep the version of certificates around and only remove -latest? This way there is a recovery path, but what would happen if we recreate the delivery service?
-
Is the wanted behavior to delete certs for both API and UI? (This issue is only for API).
from trafficcontrol.
"On delete, should we keep the version of certificates around and only remove -latest? This way there is a recovery path, but what would happen if we recreate the delivery service?"
IMO, on DS delete thru the API all related SSL keys in riak should just go away. No recovery path. Too messy to think about recovery paths. I like to keep it simple if possible. If you end up recreating the DS, you're going to have to regenerate or enter the keys. Thoughts?
from trafficcontrol.
"Is the wanted behavior to delete certs for both API and UI? (This issue is only for API)."
in the old UI, this bug has been around for quite sometime i guess so IMO it stays there.
Our time is better served IMO tightening up the future (the API) but if you disagree @smalenfant maybe another issue would make sense for the "UI side".
after thinking about this more, you're probably right...if you delete thru api or UI then riak ssl keys should be deleted...
from trafficcontrol.
"The API GET /api/1.2/cdns/name/:name/sslkeys brings up all certificates from Riak for a CDN no matter if the delivery service is configured or not in Traffic Ops. I believe this impacts both ORT and Traffic Router and can lead to some issues hard to resolve. If this is implemented, this might help with this situation."
maybe that warrents a different issue @smalenfant. if you agree, you want to create one? I kinda feel like this issue should just stick to deleting riak ssl keys when a ds is deleted...
from trafficcontrol.
This should happen on the CRConfig Snapshot, rather than the DS deletion. Because it's valid for an operator to delete a DS still receiving traffic, and not expect the "live" change to apply, and at some point the future to Snapshot the CRConfig to actually deploy the deletion.
from trafficcontrol.
Related Issues (20)
- Missing $scope.refresh function in CDNs table HOT 1
- problem with files download with macos HOT 5
- t3c makes too many environment-level assumptions w/o any ability to override HOT 1
- t3c: Can't detect SystemD in Rocky Linux 9 HOT 1
- Rocky Linux 9: /usr/lib/rpm/rpmdb_verify is not available - CRITICAL FAILURE
- GET `/servers/{id}/deliveryservices` includes topology-based DSes in other CDNs
- (Transcribed from Confluence) Feature Proposal: Enforce Geo Limits at the edge caches
- (Transcribed from Confluence) Feature Request: Enable localization for more DNS request types
- (Transcribed from Confluence) Feature Request: Popularity-based routing
- (Transcribed from Confluence) Feature Request: SDN integration
- (Transcribed from Confluence) Feature Request: Use client metrics to improve routing
- (Transcribed from Confluence) Add URL sig query parameters during HTTP routing
- (Transcribed from Confluence) Feature Request: Create a pdf guide or a video for new users
- (Transcribed from Confluence) Feature Request: URL Signing
- (Transcribed from Confluence) Add DS type descriptions to the UI HOT 1
- (Transcribed from Confluence) All IPv6 HOT 2
- (Transcribed from Confluence) Feature Request: Generic Input Interface HOT 1
- cp: cannot stat '../../dist/traffic_ops-8.0.0-0..el8.x86_64.rpm': No such file or directory HOT 2
- TPv2 Can't install node modules due to conflict between required node versions.
- service "trafficportalv2" has neither an image nor a build context specified: invalid compose project
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from trafficcontrol.