Apache Traffic Control is an Open Source implementation of a Content Delivery Network.
Traffic Ops Golang parent.config
~Still WIP. I've tested against a single edge and mid; still need to test against a large number of configurations of edges and mids.~
Removing WIP - I think this is good to be merged. I've manually diffed versus the old Perl parent.config, against every edge and mid in our production CDN.
The only differences vs Perl, are where duplicate origins exist with different configurations (a data bug), and Perl arbitrarily selects one with no warning or error. Go now logs an error when that happens. Unfortunately, Perl is ordering them by an internal Perl hash of the object, which isn't feasible to replicate in Go. But again, it's a data bug to have that scenario at all.
Fixes #3071 in https://github.com/apache/trafficcontrol/pull/3075/commits/48ba440ce7f79d9c7701ed3cdc381a666372216d Does not fix #2725 - that's a much more invasive fix, I think should be a separate PR.
Includes API tests.
Rewrites the /user/reset_password API endpoint to Go
Functionality is unchanged, so no documentation required.
Configure SMTP to be used with a TO instance built from this branch, then attempt to send a password reset email via this endpoint.
No tests because it requires an SMTP server to send an email to a human which is hard to test.
Reworked the POST method handler of the /servers/{{ID}}/deliveryservices endpoint to both
a) respect CDN limitations in assignments b) respect tenancy permissions
Also updated Traffic Portal so that servers which are unavailable for DS assignment cloning do not appear in the selection menu.
Draft status pending testing.
Build and run Traffic Ops and Traffic Portal, attempt to assign a server to one or more Delivery Services in a different CDN, and/or to one or more Delivery Services to which access by your tenant is forbidden. Traffic Portal should not present you with the ability to do so, and Traffic Ops should reject your attempt should you bypass the UI.
Rewrites the /capabilities endpoint to Go. Also adds handlers for the PUT and DELETE request methods.
Run the associated tests in traffic_ops/testing/api/v14.
Introduces an Angular7-based subset of Traffic Portal, intended for use by users who want to monitor/configure limited parts of a syndicated CDN architecture. This is meant to first and foremost replace a certain, closed-source UI for which there is currently no open-source equivalent.
This project is overall a WIP, but I'd like it to be merged into experimental/ in case anyone else wants to help out with the development.
Here's what's implemented so far:
mojolicious cookie is valid./api/ is sent upstream to TOdisplayName using a fuzzy search bar(inactive) to the name), and an informational link that appears when the Delivery Service has an infoURL which, when clicked, opens said URL in a new browsing context (usually a "tab").Key: {{xml_id}} ({{numeric id}})longDesc field, if defined<meter>s which generally render as a bar that goes from red to green as conditions improve, and include hover text and fallback rendering that display the actual percent as a number.A README with instructions for setup, deployment and development can be found at the project root (i.e. in experimental/traffic-portal-angular-7)
This PR implements solution for the issue: https://github.com/apache/incubator-trafficcontrol/issues/1907
It places the backup policy in the CZF file
{ "coverageZones": { "GROUP2": { "backupList": ["GROUP1"], "network6": [ "1234:567a::/64", "1234:567b::/64" ], "network": [ "10.197.69.0/24" ] }, "GROUP1": { "backupList": ["GROUP2"], "network6": [ "1234:5677::/64", "1234:5676::/64" ], "network": [ "10.126.250.0/24" ] } } }
GROUP1 : Two cache Servers Group2 : One Cache Server GEO Limit set to CZF only
Request from GROUP1's subnet , with one server in GROUP1 down and make sure the request is getting redirected to the remaining server in GROUP1 Request from GROUP1's subnet , with both servers in GROUP1 down and make sure the request is getting redirected to the GROUP2
Regression cases Set GEO limit to None without backup list configured in CZF Request from GROUP1's subnet , with both servers in GROUP1 down and make sure the request is getting redirected to the GROUP2
Rewrites the "Jobs" endpoints from Perl to Go. This includes
DELETE method - NEW deletes an existing Job. Queues reval_pending on all servers.GET methodPUT method - NEW replaces an existing Job. Queues reval_pending on all servers.POST method - NEW creates a new Job. Queues reval_pending on all servers.GET methodPOST method - now requires privilege Role >= Portal, regardless of tenancy. No longer checks DS-to-user assignments when considering permissions.Input timestamps are now accepted in RFC3339 format (with or without nanosecond precision) as well as our proprietary format used for "Last Updated" fields.
Creating, deleting, editing, replacing and viewing Jobs. Output and behavior should match the provided documentation. Client code has associated tests, which should pass when run.
Pattern-based consistent hashing is a new feature that allows the user to influence cache selection (and delivery service selection for steering ds's) by adjusting the request path before it is passed to the consistent hasher in Traffic Router by applying a regex group matching. This is accomplished via a new delivery service field on HTTP and Steering delivery services called "Consistent Hash Regex" that is propagated to TR through the CRConfig.
Traffic Router parses the new optional regex field from the CRConfig and uses it during cache selection (HTTP delivery services) or delivery service selection (Steering delivery services).
For HTTP delivery services:
For Steering delivery services:
Additionally, I've included a Traffic Portal "Test Tool" so that users can test a regex against a request path to determine exactly what will be used by Traffic Router's consistent hasher. There is a link to the test tool underneath the form field in Traffic Portal.
This adds an app, which serves Traffic Ops endpoints as they're written (currently, just monitoring.json), and reverse-proxies everything else to the old Perl Traffic Ops.
Includes RPM and Service files, to deploy it alongside the old TO.
This can be trivially deployed alongside the old TO with no config (Puppet) changes. It reads the old TO config, and Postinstall sets the new port it needs.
Things left before this can be merged:
/traffic_ops dir for build.shtocookie out of experimental.json and without[Issue 1907] Backup edge cache group TO API / TR cr-config changes
https://github.com/apache/incubator-trafficcontrol/issues/1907
Contains the following changes: Traffic Router - Backup edge configuration parsing and decision making code changes Traffic Ops - Mojolicious Perl CRUD APIs
This is the initial version of code. Only minimal testing has been done. Will run more cases and update. Hosting it in advance to get review comments :-)
Add a new API for creating, reading, and deleting (not updating) server capabilities:
POST /api/1.4/server_capabilities
GET /api/1.4/server_capabilities[?name=<name>]
DELETE /api/1.4/server_capabilities?name=<name>
expected POST body:
{"name": "bar"}
expected POST response:
{
"alerts": [
{
"text": "server capability was created.",
"level": "success"
}
],
"response": {
"name": "bar",
"lastUpdated": "2019-10-07 22:10:00+00"
}
}
expected GET response (can use ?name=... qparam to filter by name):
{
"response": [
{
"name": "bar",
"lastUpdated": "2019-10-07 20:38:24+00"
}
]
}
expected DELETE response:
{
"alerts": [
{
"text": "server capability was deleted.",
"level": "success"
}
]
}
Documentation will be done in a follow-up PR.
Read the added TO API tests to verify they're sufficient, then run the TO API tests.
Replace go install with the golang docker image
Build docker images and verify they are still working
Closes: #7221 Closes: #7225
Bumps fast-json-patch from 3.1.0 to 3.1.1.
Sourced from fast-json-patch's releases.
3.1.1
Security Fix for Prototype Pollution - huntr.dev #262
9d313ac fix(tests): Updated tests to reflect new error messagee4f4eb3 3.1.1d7903fb fix: typescript codegen changes5f04488 Bumping version number7e9fe13 Typescript provided097864a Documentation updated51964ed feat: Cleaned up vars vs consts8a6a360 New buildadeb422 Update .gitignore59336fe Merge pull request #292 from Starcounter-Jack/dependabot/npm_and_yarn/ajv-6.12.6Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR@dependabot recreate will recreate this PR, overwriting any edits that have been made to it@dependabot merge will merge this PR after your CI passes on it@dependabot squash and merge will squash and merge this PR after your CI passes on it@dependabot cancel merge will cancel a previously requested merge and block automerging@dependabot reopen will reopen this PR if it is closed@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and languageYou can disable automated security fix PRs for this repo from the Security Alerts page.
Fix support of http rpm resources in Dockerfile (--build-arg TMCAT & RPM) of Traffic Router like other components.
Useful in CI/CD build context and work as expected with the current Example Build and Run of Dockerfile
Try docker build with--build-arg=TMCAT=https://<internal mirror>/tomcat-9.0.67-1.el8.noarch.rpm --build-arg=RPM=https://<internal mirror>/traffic_router.rpm
Changes between API versions are extensive, and generally aren't enumerated in the changelog - for example, in APIv5 the format of a timestamp in a Delivery Service structure changed from the TO custom timestamp to RFC3339, but that is not listed in the changelog. Such things are usually implementation details of larger changes listed in the CHANGELOG and are usually quite extensive for any given (major) version gap, so it's not reasonable to expect people to add all of that to a regular CHANGELOG. Especially not since we (try to) always require .. versionadded::, .. versionchanged::, and .. deprecated:: directives to the documentation for Traffic Ops endpoints whenever these changes occur.
So how do you know the API differences? There are two equally tedious methods today. You can read all of the documentation for one version, then all of the documentation for the other and compare what's different. Or, you could read through all of the changes for all of the PRs that went into a release that solidified the version in question, and by examining the changes to Go code and documentation you can figure out what's different.
However, because we (try to) always add the Sphinx directives above, there's a much easier way that just isn't being utilized at the moment.
You can get a list of the changes in a version with the changes Sphinx builder. The only problem is that we have a project-wide version that doesn't match our API version, so the changes get messed up. There's a simple way around that, and what this PR does is expose that through our docs' makefile. Now, if you want to see the things that were added, changed, and deprecated in API version, say 4.0, you can do:
make VERSION=4.0 apichanges
... and it spits out an HTML document summarizing those changes into docs/build/apichanges/. Note that if you don't specify a version, it'll default to the project version - 7.1.0 at the time of this writing.
This PR also adds the ability to override the version for the already-supported changes target, which summarizes changes to the entire project. This is because (in the API docs specifically, but also some other places throughout the docs) the prefix ATCv is prepended to the version number for those directives, to make it clear that it's the project version and not an API version. So make changes may not give you the whole truth; it may be necessary to also look at e.g. make VERSION=ATCv7.1.
I intend to follow this PR up with another that syncs this disparate usage across the docs to make this functionality easier to use, along with a guidelines section on the topic.
make VERSION=4.0 apichanges and verify outputLooks like Traffic Router creates a default self-signed certificate. 2 files seems to be generated:
When one changes the hostname of the server. A new certificate is not generated and Traffic Router complaints with a few messages like:
ERROR 2022-12-14T20:11:54.307 [Thread-21] org.apache.traffic_control.traffic_router.secure.CertificateRegistry - Failed to load default certificate. Received class java.lang.NullPointerException with message: null
ERROR 2022-12-14T20:11:54.308 [Thread-21] org.apache.traffic_control.traffic_router.secure.CertificateRegistry - Failed to initialize the API Default certificate.
Traffic Router should regenerate a new certificate that matches the hostname.
ALPN Pass This tool will listen on a given port, strip SSL encryption, forward traffic through a plain TCP proxy, then encrypt the returning traffic a
httpcap A simple network analyzer that captures http network traffic. support Windows/MacOS/Linux/OpenWrt(x64) https only capture clienthello colorful
Headscale - An open source, self-hosted implementation of the Tailscale control server
https://goreplay.org/ GoReplay is an open-source network monitoring tool which can record your live traffic, and use it for shadowing, load testing, m
https://goreplay.org/ GoReplay is an open-source network monitoring tool which can record your live traffic, and use it for shadowing, load testing, m
Catch breaking changes faster Akita builds models of your APIs to help you: Catch breaking changes on every pull request, including added/removed endp
Basenine Schema-free, document-oriented streaming database that optimized for monitoring network traffic in real-time. Featured Aspects Has the fastes
sniffer A modern alternative network traffic sniffer inspired by bandwhich(Rust) and nethogs(C++). sniffer.mov Introduction 中文介绍 sniffer is designed f
Capdns is a network capture utility designed specifically for DNS traffic. This utility is based on tcpdump. Some of its features include: Unde
goproxy Go Http Proxy with Authentication, Schedule Control, and Portal Control Why this tool? You may need to restrict my kids's youtube watch time i
What is free5GC The free5GC is an open-source project for 5th generation (5G) mobile core networks. The ultimate goal of this project is to implement
It is an open source, free, and lightweight P2P sharing network. As long as any device joins in, you can access them anywhere
Introduction Kebe intends to be a full replacement for the Snap Store. Quickstart Once you have an environment setup (for instance using https://githu
Try browsing the code on Sourcegraph! IPÊ An open source Pusher server implementation compatible with Pusher client libraries written in Go. Why I wro
RocketMQ Client Go A product ready RocketMQ Client in pure go, which supports almost the full features of Apache RocketMQ, such as pub and sub message
paster_core Paster 服务端核心模块,使用字节跳动开源的微服务 RPC 框架 KiteX ,以 Apache Thrift 作为通信协议。 Todo: 实现 KiteX 服务注册扩展接口,使用 Consul 服务注册 新增 frame 层,通过 PreProcessor, PostP
apache dubbo gateway,L7 proxy,virtual host,k8s ingress controller.
Message Relay Message relay written in golang for PostgreSQL and Apache Kafka Requirements Docker and Docker Compose Local installation and using dock
Traefik Modsecurity Plugin Traefik plugin to proxy requests to owasp/modsecurity-crs:apache Traefik Modsecurity Plugin Demo Full Configuration with do
