Open ocket8888 opened 4 years ago
This is how ORT has always done it: https://github.com/apache/trafficcontrol/blob/3.1.x/traffic_ops/bin/traffic_ops_ort.pl#L2949
I agree, it shouldn't be hard-coded. But, should it be the ssl_multicert.config
location
Parameter? Or should it be the records.config
CONFIG proxy.config.ssl.server.cert.path
and CONFIG proxy.config.ssl.server.private_key.path
Parameters? The latter are where ATS will look for them, I believe.
Yeah, it's not a regression.
And that is where ATS will look. A smarter system could look at those instead, I certainly don't have a problem with that. But location
parameters are how we typically handle that, and I know those Parameters exist in the default profiles (or did) because that's where I copied them from.
It just seems a bit inconsistent for this to not follow the same pattern as every other file. I hope in the future that location
Parameters can be totally obliterated, and I'm on board if you wanna start that now, it just seems that a better time would be when ORT is rewritten.
I'm submitting a ...
Traffic Control components affected ...
Current behavior:
The locations for keys and certificates are currently hard-coded in atstccfg, and don't respect the
location
parameters.Expected / new behavior:
atstccfg should respect "location" parameters and output files with correct
Path
headers.Minimal reproduction of the problem with instructions:
Run atstccfg with your ssl_multicert's "location" parameter set to anything other than
/opt/trafficserver/etc/trafficserver/ssl/
.