atstccfg uses incorrect key/cert paths

apache / trafficcontrol

Apache Traffic Control is an Open Source implementation of a Content Delivery Network

https://trafficcontrol.apache.org/

Apache License 2.0

1.04k stars 339 forks source link

atstccfg uses incorrect key/cert paths #4677

Open ocket8888 opened 4 years ago

ocket8888 commented 4 years ago

I'm submitting a ...

bug report

Traffic Control components affected ...

Traffic Ops ORT (atstccfg)

Current behavior:

The locations for keys and certificates are currently hard-coded in atstccfg, and don't respect the location parameters.

Expected / new behavior:

atstccfg should respect "location" parameters and output files with correct Path headers.

Minimal reproduction of the problem with instructions:

Run atstccfg with your ssl_multicert's "location" parameter set to anything other than /opt/trafficserver/etc/trafficserver/ssl/.

rob05c commented 4 years ago

This is how ORT has always done it: https://github.com/apache/trafficcontrol/blob/3.1.x/traffic_ops/bin/traffic_ops_ort.pl#L2949

I agree, it shouldn't be hard-coded. But, should it be the ssl_multicert.config location Parameter? Or should it be the records.config CONFIG proxy.config.ssl.server.cert.path and CONFIG proxy.config.ssl.server.private_key.path Parameters? The latter are where ATS will look for them, I believe.

ocket8888 commented 4 years ago

Yeah, it's not a regression.

And that is where ATS will look. A smarter system could look at those instead, I certainly don't have a problem with that. But location parameters are how we typically handle that, and I know those Parameters exist in the default profiles (or did) because that's where I copied them from.

It just seems a bit inconsistent for this to not follow the same pattern as every other file. I hope in the future that location Parameters can be totally obliterated, and I'm on board if you wanna start that now, it just seems that a better time would be when ORT is rewritten.