Displaying #traffic-server/2015-10-21.log:

Wed Oct 21 00:05:17 2015  _klk_:Joined the channel
Wed Oct 21 00:49:49 2015  jjr:Joined the channel
Wed Oct 21 00:51:12 2015  jrushford:Joined the channel
Wed Oct 21 01:02:40 2015  jrushford:Joined the channel
Wed Oct 21 01:03:55 2015  jrushford:Joined the channel
Wed Oct 21 01:07:45 2015  jjr:Joined the channel
Wed Oct 21 01:07:55 2015  psp:Joined the channel
Wed Oct 21 01:16:26 2015  jrushford:Joined the channel
Wed Oct 21 01:21:11 2015  jrushford:Joined the channel
Wed Oct 21 02:03:00 2015  _klk_:Joined the channel
Wed Oct 21 02:43:34 2015  es:Joined the channel
Wed Oct 21 04:26:28 2015  _klk_:Joined the channel
Wed Oct 21 04:34:39 2015  reveller1:Joined the channel
Wed Oct 21 05:15:28 2015  psp:Joined the channel
Wed Oct 21 07:29:17 2015  Amaryllis:does the 5.3 > 6.0 upgrade require clearing the disk cache?
Wed Oct 21 08:09:36 2015  mturk:Joined the channel
Wed Oct 21 08:09:38 2015  Lethalman:Joined the channel
Wed Oct 21 08:12:21 2015  bahumbug:Joined the channel
Wed Oct 21 08:12:21 2015  bahumbug:Joined the channel
Wed Oct 21 08:25:01 2015  jpeach:Amaryllis: nope
Wed Oct 21 09:00:02 2015  Amaryllis:thanks
Wed Oct 21 09:04:59 2015  Amaryllis:hm:
Wed Oct 21 09:04:59 2015  Amaryllis:[Oct 21 09:04:53.213] Server {0x2af125bfcc80} NOTE: <Plugin.cc:84 (plugin_load)> loading plugin '/opt/tbx/libexec/trafficserver/esi.so'
Wed Oct 21 09:05:00 2015  Amaryllis:[Oct 21 09:04:53.214] Server {0x2af125bfcc80} FATAL: <Plugin.cc:134 (plugin_load)> plugin not registered by calling TSPluginRegister
Wed Oct 21 09:08:33 2015  jpeach:Amaryllis: can you please file a bug?
Wed Oct 21 09:08:49 2015  jpeach:as a workaround you can use it as a remap plugin
Wed Oct 21 09:09:22 2015  Amaryllis:jpeach: thanks, i'll try that. do you think just adding TSPluginRegister() to its TSPluginInit would work?
Wed Oct 21 09:10:19 2015  Amaryllis:(i'm wonder if whether this indicates it hasn't been tested much and might not work at all...)
Wed Oct 21 09:10:34 2015  jpeach:yep I bet it would
Wed Oct 21 09:10:54 2015  jpeach:esi.so has a small number of production users
Wed Oct 21 09:11:13 2015  Amaryllis:okay, i guess they all use it as a remap plugin :)
Wed Oct 21 09:11:24 2015  Amaryllis:i'll test that anyway and submit a bug with a patch if it works
Wed Oct 21 09:11:35 2015  jpeach:Amaryllis: cool, I'll merge that
Wed Oct 21 09:34:44 2015  Amaryllis:wow, Debian still has ATS 3.0
Wed Oct 21 09:37:06 2015  Amaryllis:(ESI in remap.config seems to work fine, fwiw)
Wed Oct 21 10:09:16 2015  Amaryllis:is there a script to generate configure etc.?
Wed Oct 21 10:10:23 2015  Amaryllis:oh, found the documentation
Wed Oct 21 10:12:07 2015  Amaryllis:jpeach: should i create a pull request and a jira or is just the PR sufficient?
Wed Oct 21 11:16:36 2015  Amaryllis:i'm getting occasional weird binary data in my access log: https://www.dropbox.com/s/v2a8w62qxue290o/Screenshot%202015-10-21%2012.16.09.png?dl=0
Wed Oct 21 11:16:41 2015  Amaryllis:happened with both 5.3 and 6.0
Wed Oct 21 11:18:26 2015  Amaryllis:requesting the same page again returns the expected content type in the log (text/html) so it seems to be a log issue rather than something origin is doing
Wed Oct 21 11:36:01 2015  adedommelin:Joined the channel
Wed Oct 21 12:26:32 2015  JSeymour:Joined the channel
Wed Oct 21 12:43:53 2015  bahumbug:Joined the channel
Wed Oct 21 13:07:37 2015  shinrich1:Joined the channel
Wed Oct 21 13:17:24 2015  _iwc:Joined the channel
Wed Oct 21 13:45:36 2015  esproul:Joined the channel
Wed Oct 21 14:17:48 2015  davet_:Joined the channel
Wed Oct 21 14:59:29 2015  jrushford:Joined the channel
Wed Oct 21 15:08:11 2015  amc:Dang, is there really no way to schedule an event for a continuation from the plugin API?
Wed Oct 21 15:09:39 2015  jpeach:what kind of event?
Wed Oct 21 15:10:24 2015  amc:Anything, really. I have another thread and I want to wake up an ET_NET based continuation.
Wed Oct 21 15:10:32 2015  amc:But I think I found it - TSContSchedule()
Wed Oct 21 15:11:30 2015  jpeach:I think you want TSContCall()
Wed Oct 21 15:15:40 2015  amc:No, I specifically need the event to run on an ET_NET thread and the caller is on a plugin created thread.
Wed Oct 21 15:16:15 2015  jpeach:ah, TSContSchedule will push it over to any old ethread
Wed Oct 21 15:20:10 2015  amc:No, you can pass a thread pool argument.
Wed Oct 21 15:20:44 2015  jpeach:yeh I think we are in agreement :)
Wed Oct 21 15:24:41 2015  jpeach:zwoop: xDebugHeader should be static
Wed Oct 21 15:25:10 2015  zwoop:k
Wed Oct 21 15:27:08 2015  _klk_:Joined the channel
Wed Oct 21 15:47:00 2015  boargod2:Joined the channel
Wed Oct 21 15:49:40 2015  jrickman:Joined the channel
Wed Oct 21 15:58:19 2015  reveller:Joined the channel
Wed Oct 21 16:24:54 2015  gancho:Joined the channel
Wed Oct 21 16:37:34 2015  es:Joined the channel
Wed Oct 21 16:39:21 2015  blattj:Joined the channel
Wed Oct 21 16:39:23 2015  Becoming_:Joined the channel
Wed Oct 21 16:43:23 2015  es1:Joined the channel
Wed Oct 21 17:09:15 2015  biilmann:Joined the channel
Wed Oct 21 17:11:18 2015  biilmann:how well does the ssl_multicert config scale? ie. how many certs could you have in a config like that? And if you were to do 100k certs would that be the way to do it or would I need to do a plugin for managing certs?
Wed Oct 21 17:21:15 2015  bahumbug:Joined the channel
Wed Oct 21 17:25:46 2015  leprechau:Joined the channel
Wed Oct 21 17:26:08 2015  Top_Cat:Joined the channel
Wed Oct 21 17:28:19 2015  ggherdov:Joined the channel
Wed Oct 21 17:57:03 2015  rhand_:Joined the channel
Wed Oct 21 17:57:16 2015  biilmann:Joined the channel
Wed Oct 21 17:58:01 2015  psp:Joined the channel
Wed Oct 21 18:03:58 2015  blattj:Joined the channel
Wed Oct 21 18:06:25 2015  blattj:Joined the channel
Wed Oct 21 18:07:18 2015  sunwael:Joined the channel
Wed Oct 21 18:07:50 2015  _klk_:Joined the channel
Wed Oct 21 18:10:01 2015  pdm:is there a likely setting for copletely disabling request cacheing with ats? we have cache size set to -1 in a couple of places but dev just complained to me still seems to be caching
Wed Oct 21 18:10:08 2015  pdm:he turned off backend and it still returned result
Wed Oct 21 18:13:07 2015  bcall:pdm: for 1 request of all requests?
Wed Oct 21 18:13:12 2015  bcall:or
Wed Oct 21 18:13:32 2015  pdm:like I never want to cache
Wed Oct 21 18:13:43 2015  pdm:content
Wed Oct 21 18:13:46 2015  bcall:proxy.config.http.cache.http 0
Wed Oct 21 18:14:14 2015  pdm:hmm, well that is painfully obvious :)
Wed Oct 21 18:14:42 2015  pdm:I see throughout the file my predecessor has set a lot of things to -1 for cache sizes
Wed Oct 21 19:33:52 2015  boargod:Joined the channel
Wed Oct 21 20:00:58 2015  _klk_:Joined the channel
Wed Oct 21 20:08:07 2015  _klk_:Joined the channel
Wed Oct 21 20:16:05 2015  jpeach:biilmann: I would not recommend multicert for 100K certs
Wed Oct 21 20:17:22 2015  sunwael:Joined the channel
Wed Oct 21 20:22:56 2015  biilmann:jpeach: yeah, figured a config file with that amount of entries in itself would be kinda crazy
Wed Oct 21 20:24:18 2015  biilmann:jpeach: is there a good way to potentially handle that kind of certs already? And apart from the plugin file for it, would it become a performance issue for traffic server to handle that amounts of certs?
Wed Oct 21 20:28:49 2015  biilmann:looks like the ssl_cert_loader plugin would be the right way to do it
Wed Oct 21 20:30:35 2015  blattj:Joined the channel
Wed Oct 21 20:33:15 2015  sunwael:Joined the channel
Wed Oct 21 20:39:48 2015  jpeach:it is pretty slow to load and parse 100K certs and the way the config system works, if one changes you have to reload them all
Wed Oct 21 20:40:30 2015  jpeach:so at runtime, dealing with 100K certs ought to be alright (I think reveller has tried it), but the configuration churn really hurts
Wed Oct 21 20:41:09 2015  jpeach:I would expect that with that many certs you are always adding or removing something so a system that looks more like a database would work better
Wed Oct 21 20:41:20 2015  biilmann:yeah, makes sense
Wed Oct 21 20:42:13 2015  jpeach:I would like to try using the kernel keychain as an abstraction for this stuff
Wed Oct 21 20:45:42 2015  Amaryllis:a plugin API for that would probably be a good start (if there isn't one already)
Wed Oct 21 20:46:03 2015  jpeach:for keychain or for certificate loading?
Wed Oct 21 20:46:17 2015  Amaryllis:For certificates
Wed Oct 21 20:46:58 2015  jpeach:there's enough plugin API that you can give ATS a cert (SSL_CTX) that you have
Wed Oct 21 21:03:39 2015  shinrich1:Joined the channel
Wed Oct 21 21:07:32 2015  Amaryllis:Would there be any interest in integrating the cache-gen-id plugin? (reads cache generation from a kyotocabinet database)
Wed Oct 21 21:09:20 2015  mturk_:Joined the channel
Wed Oct 21 21:09:20 2015  mturk_:Joined the channel
Wed Oct 21 21:15:43 2015  zwoop:yeah, I don't see why not
Wed Oct 21 21:16:30 2015  reveller:biilmann: jpeach: yeah, we run with > 10k certs. Static configuration (ssl_multicert.config) is painful at startup and improved significantly when we started using openssl-1.0.2. We want to go to something more dynamic, and when I get some time set aside I want to revisit the ssl_cert_loader plugin that shinrich started.
Wed Oct 21 21:17:04 2015  reveller:I also want to look into jpeach's idea of using the kernel keychain
Wed Oct 21 21:17:36 2015  reveller:but for now, I am stuck working on a problem with kswapd on our web servers running httpd.
Wed Oct 21 21:22:18 2015  biilmann:reveller: cool - where are you based and would you have time to chat for a bit sometime? we might be able to collaborate on the ssl_cert_loader plugin and would love to hear about your experience with that volume of certs
Wed Oct 21 21:25:51 2015  _klk_1:Joined the channel
Wed Oct 21 21:30:06 2015  Amaryllis:i'm unsure how to interpret this output from traffic_top: https://www.dropbox.com/s/khutx8x0f30my98/Screenshot%202015-10-21%2022.29.38.png?dl=0 ... 300% of requests were GET?
Wed Oct 21 21:30:28 2015  jpeach:biilmann: are you in the bay area?
Wed Oct 21 21:31:06 2015  blattj1:Joined the channel
Wed Oct 21 21:31:09 2015  jpeach:bcall: traffic_top? ^^
Wed Oct 21 21:31:15 2015  biilmann:jpeach: yeah, I'm in SF
Wed Oct 21 21:32:57 2015  Amaryllis:oh... i wonder if it's confused by ESI
Wed Oct 21 21:33:11 2015  Amaryllis:we do two ESI requests per page on that site, so 1 client request would be 3 origin requests
Wed Oct 21 21:34:09 2015  jpeach:biilmann: sigh, I was in the city yesterday :(
Wed Oct 21 21:34:27 2015  bcall:Amaryllis: checking out traffic_top
Wed Oct 21 21:34:52 2015  bcall:seems like a bug in traffic top
Wed Oct 21 21:34:58 2015  bcall:I saw something like that this week
Wed Oct 21 21:35:17 2015  bcall:does it happen all the time?
Wed Oct 21 21:35:36 2015  biilmann:jpeach: you in the south bay?
Wed Oct 21 21:35:50 2015  Amaryllis:bcall: this is the first time i've run it, but over the last five minutes it's had similar numbers, yes
Wed Oct 21 21:36:02 2015  Amaryllis:(currenly 164.1% GET)
Wed Oct 21 21:36:10 2015  bcall:k, I will file a bug - thx
Wed Oct 21 21:36:35 2015  jpeach:yeh mt view; happy to meet up try to look at SSL stuff
Wed Oct 21 21:38:02 2015  bcall:Amaryllis: can I use that picture as an attachment on the bug?
Wed Oct 21 21:38:59 2015  Amaryllis:bcall: sure
Wed Oct 21 21:39:15 2015  Amaryllis:bcall: do you want any config or traffic_ctl output for debugging?
Wed Oct 21 21:39:28 2015  bcall:what version are you running?
Wed Oct 21 21:39:35 2015  Amaryllis:6.0.0
Wed Oct 21 21:39:38 2015  bcall:k
Wed Oct 21 21:39:42 2015  Amaryllis:(with unrelated local patches)
Wed Oct 21 21:52:28 2015  jpeach:sudheerv: sign up for zwoop's git class :)
Wed Oct 21 21:52:42 2015  sudheerv:lol, yeah i should
Wed Oct 21 21:58:26 2015  biilmann:jpeach: that would be cool - would be happy to meet up somewhere in the south bay next week - or anywhere in the city if you make it up here
Wed Oct 21 21:58:49 2015  zwoop:biilmann you should come to the Summit and Hackathon in November too
Wed Oct 21 21:59:00 2015  biilmann:yeah, signed up for the summit :)
Wed Oct 21 21:59:47 2015  zwoop:cool
Wed Oct 21 22:01:11 2015  blattj:Joined the channel
Wed Oct 21 22:01:34 2015  reveller:biilmann: I work remotely from the US Virgin Islands but come into AZ once quarter for a few weeks. I am sure could spend some time sharing our experiences with you. Would love to collaborate on the ssl_cert_loader.
Wed Oct 21 22:02:41 2015  _klk_:Joined the channel
Wed Oct 21 22:03:58 2015  jpeach:hackathon at reveller's house
Wed Oct 21 22:04:54 2015  reveller:jpeach: zwoop: next ATS Summit!
Wed Oct 21 22:05:11 2015  zwoop:jpeach you hate to travel :)
Wed Oct 21 22:11:07 2015  biilmann:reveller: awesome :)
Wed Oct 21 22:21:41 2015  Amaryllis:okay, probably needs documentation, but the code seems okay: https://github.com/apache/trafficserver/compare/master...torchbox:merge-cache-genid
Wed Oct 21 22:21:57 2015  Amaryllis:since it originally came from godaddy, i assume they may need to do something copyright-wise?
Wed Oct 21 22:27:06 2015  boargod:Joined the channel
Wed Oct 21 22:29:53 2015  blattj:Joined the channel
Wed Oct 21 22:30:29 2015  zwoop:yeah, probably. check with reveller
Wed Oct 21 22:31:59 2015  blattj:Joined the channel
Wed Oct 21 23:03:42 2015  jpeach:Amaryllis: what is the granularity you purge at?
Wed Oct 21 23:03:58 2015  Amaryllis:jpeach: domain
Wed Oct 21 23:04:11 2015  Amaryllis:(well, usually page, but PURGE works fine for that)
Wed Oct 21 23:04:21 2015  jpeach:but IIRC you don't have a remap rule per domain?
Wed Oct 21 23:04:58 2015  Amaryllis:we do, but they're all of the form map http://example.com/ http://example.com/, and we use parent.config to route requests
Wed Oct 21 23:05:35 2015  Amaryllis:the genid database is a host<>generation map, so it works as a global plugin
Wed Oct 21 23:06:08 2015  _klk_:Joined the channel
Wed Oct 21 23:17:20 2015  sunwael:Joined the channel
Wed Oct 21 23:19:27 2015  sunwael:Joined the channel
Wed Oct 21 23:21:20 2015  jrickman:Joined the channel
Wed Oct 21 23:21:55 2015  sunwael:Joined the channel
Wed Oct 21 23:24:26 2015  Amaryllis:TS-3984
Wed Oct 21 23:24:41 2015  Amaryllis:security issue?
Wed Oct 21 23:27:15 2015  reveller:zwoop: what am I checking?
Wed Oct 21 23:27:45 2015  zwoop:Amaryllis made some changes to one of your (GD's) plugins, and he's asking if it can be included in the main repo
Wed Oct 21 23:42:46 2015  reveller:thats not one of mine... doing some research on my side to make sure its all clear
Wed Oct 21 23:44:45 2015  gancho:Joined the channel
Wed Oct 21 23:56:28 2015  _klk_:Joined the channel

Comments