> On Feb 23, 2015, at 3:49 PM, James Peach <jpe...@apache.org> wrote: > > This failed because TS-3358 added explicit access checks to the management > socket. Unless "proxy.config.admin.api.restricted" is 0, access is restricted > to root processes. In the case of tsqa, we run the whole thing unprivileged. > This used to work because access was controlled by filesystem permissions. > > I'm open to suggestions as to what the right behaviour should be in thisc > case …
Hmmm, at a minimum, that seems like a incompatible change no matter what? So, maybe we should make proxy.config.admin.api.restricted = 0 by default, and use the file system permissions as people are used to ? It feels rather sketchy to require CI / Jenkins to run as user “root”. But if that’s what is required, we can try to modify Jenkins to run as “root” instead of Jenkins, it just gives me a really bad vibe to have a web UI running as “root”. — Leif > > >> On Feb 23, 2015, at 2:25 PM, jenk...@ci.trafficserver.apache.org wrote: >> >> See <https://ci.trafficserver.apache.org/job/tsqa-master/158/changes> >> >> Changes: >> >> [James Peach] TS-3358: peer credential checking on the management socket >> >> ------------------------------------------ >> [...truncated 14737 lines...] >> FAIL: failed to fetch value for proxy.config.log.extended2_log_name >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.log.extended2_log_header >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.log.separate_icp_logs >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.log.separate_host_logs >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.log.collation_host >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.log.collation_port >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.log.collation_secret >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.log.collation_host_tagged >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.log.collation_retry_sec >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.log.collation_max_send_buffers >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.log.collation_preproc_threads >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.log.rolling_offset_hr >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.log.sampling_frequency >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.log.space_used_frequency >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.log.file_stat_frequency >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.log.ascii_buffer_size >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.log.max_line_size >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.log.search_rolling_interval_sec >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.log.search_log_enabled >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.log.search_server_ip_addr >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.log.search_server_port >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.log.search_top_sites >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.log.search_url_filter >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.log.search_log_filters >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.url_remap.default_to_server_pac >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for >> proxy.config.url_remap.default_to_server_pac_port >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.url_remap.filename >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.url_remap.url_remap_mode >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.url_remap.handle_backdoor_urls >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.enabled >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.SSLv2 >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.SSLv3 >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.TLSv1 >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.TLSv1_1 >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.TLSv1_2 >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.client.SSLv2 >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.client.SSLv3 >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.client.TLSv1 >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.client.TLSv1_1 >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.client.TLSv1_2 >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.compression >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.client.cipher_suite >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.server.honor_cipher_order >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.server_port >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.client.certification_level >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.server.cert.path >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.server.cert_chain.filename >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.server.multicert.filename >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.server.ticket_key.filename >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.server.private_key.path >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.CA.cert.filename >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.CA.cert.path >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.client.cert.filename >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.client.cert.path >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.client.private_key.filename >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.client.private_key.path >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.client.CA.cert.path >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.session_cache >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.session_cache.size >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.session_cache.num_buckets >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for >> proxy.config.ssl.session_cache.skip_cache_on_bucket_contention >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.max_record_size >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.session_cache.timeout >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.session_cache.auto_clear >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.hsts_max_age >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.hsts_include_subdomains >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.allow_client_renegotiation >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.server.dhparams_file >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.ocsp.enabled >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.ocsp.cache_timeout >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.ocsp.request_timeout >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.ocsp.update_period >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.icp.stale_icp_enabled >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.icp.icp_interface >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.icp.icp_port >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.icp.multicast_enabled >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.icp.query_timeout >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.icp.icp_configuration >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.icp.lookup_local >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.icp.reply_to_unknown_peer >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.icp.default_reply_port >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.ssl.cert.load_elevated >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.wccp.addr >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.wccp.services >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.update.enabled >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.update.update_configuration >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.update.force >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.update.retry_count >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.update.retry_interval >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.update.concurrent_updates >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.update.max_update_state_machines >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.update.memory_use_mb >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.plugin.load_elevated >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.spdy.max_concurrent_streams_in >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.spdy.no_activity_timeout_in >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.spdy.initial_window_size_in >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.spdy.accept_no_activity_timeout >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.prefetch.prefetch_enabled >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.prefetch.child_port >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.prefetch.config_file >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.prefetch.url_buffer_size >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.prefetch.url_buffer_timeout >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.prefetch.keepalive_timeout >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.prefetch.push_cached_objects >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.prefetch.default_url_proto >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.prefetch.default_data_proto >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.prefetch.max_object_size >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.prefetch.max_recursion >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.prefetch.redirection >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.stat_api.max_stats_allowed >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.allocator.enable_reclaim >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.allocator.max_overage >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.allocator.reclaim_factor >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.allocator.debug_filter >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.allocator.thread_freelist_size >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for >> proxy.config.allocator.thread_freelist_low_watermark >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for proxy.config.remap.num_remap_threads >> traffic_line: [13] Operation not permitted. >> FAIL: failed to fetch value for >> proxy.config.cache.http.compatibility.4-2-0-fixup >> ./functions: line 177: 3328 Terminated ( tsexec traffic_cop >> --stdout > $log ) >> MSG: shutting down ... >> Success: test-trafficline-metrics >> >> >> RESULT SUMMARY >> ============== >> test-bootstrap ...OK >> test-log-configuration ...OK >> test-log-refcounting ...OK >> test-server-intercept ...OK >> test-trafficline-metrics ...OK >> test-ssl-certificates ...FAIL >> Build step 'Execute shell' marked build as failure >
