Hello! This is just a short note to introduce myself, and share a new packaging effort for Fedora and EPEL-using (RHEL, CentOS, etc.) Linuxes.
You can review and test ATS 9.1.2 packages for these platforms here, but I intend for them to be in the official repo soon. [ https://copr.fedorainfracloud.org/coprs/jered/trafficserver/ | https://copr.fedorainfracloud.org/coprs/jered/trafficserver/ ] A few notes on these packages: 1) traffic_manager and traffic_server do not run as root; instead they run as the "trafficserver" user and systemd grants CAP_NET_BIND_SERVICE for access to privileged ports. 2) I've written an SELinux policy module that is run as enforcing. It works for me, but it's possible that I am missing permissions for some plugin behaviors. If something isn't working right for you, please check your SELinux logs first and let me know if tuning is needed. One this is accepted into Fedora there will be an official bug tracker. 3) There is no build for CentOS Stream 9 because the tscore HKDF tests fail with OpenSSL 3.0.2 and cs9 doesn't include a compat-openssl1.1 package (nor will RHEL 9). This is probably an OpenSSL bug but I haven't investigated further yet. This is noted in the overall ATS/OpenSSL 3.0 ticket: [ https://github.com/apache/trafficserver/issues/7341 | https://github.com/apache/trafficserver/issues/7341 ] As for who I am, I standardized some years ago on ATS for my personal infrastructure on Debian. A few years ago I joined Red Hat and this month finally decided I should migrate to our distros as part of a platform refresh, but ATS was not packaged.... so I foolishly decided that becoming the Fedora package maintainer would be easier than migrating to a different reverse proxy. :-) Regards, --Jered
