Awesome! Thanks for your work! — Masaori
On Fri, Jun 17, 2022 at 12:26 AM Jered Floyd <je...@convivian.com> wrote: > > To (finally) follow up on this, ATS 9.1.2 is now in the Fedora and EPEL8 > repos, and should land in EPEL7 and EPEL9 shortly: > https://bodhi.fedoraproject.org/updates/?packages=trafficserver > > Regards, > --Jered > > > ----- On Apr 18, 2022, at 6:12 PM, Jered Floyd je...@convivian.com wrote: > > > Hello! This is just a short note to introduce myself, and share a new > packaging > > effort for Fedora and EPEL-using (RHEL, CentOS, etc.) Linuxes. > > > > You can review and test ATS 9.1.2 packages for these platforms here, but > I > > intend for them to be in the official repo soon. > > [ https://copr.fedorainfracloud.org/coprs/jered/trafficserver/ | > > https://copr.fedorainfracloud.org/coprs/jered/trafficserver/ ] > > > > A few notes on these packages: > > > > 1) traffic_manager and traffic_server do not run as root; instead they > run as > > the "trafficserver" user and systemd grants CAP_NET_BIND_SERVICE for > access to > > privileged ports. > > > > 2) I've written an SELinux policy module that is run as enforcing. It > works for > > me, but it's possible that I am missing permissions for some plugin > behaviors. > > If something isn't working right for you, please check your SELinux logs > first > > and let me know if tuning is needed. One this is accepted into Fedora > there > > will be an official bug tracker. > > > > 3) There is no build for CentOS Stream 9 because the tscore HKDF tests > fail with > > OpenSSL 3.0.2 and cs9 doesn't include a compat-openssl1.1 package (nor > will > > RHEL 9). This is probably an OpenSSL bug but I haven't investigated > further > > yet. This is noted in the overall ATS/OpenSSL 3.0 ticket: [ > > https://github.com/apache/trafficserver/issues/7341 | > > https://github.com/apache/trafficserver/issues/7341 ] > > > > As for who I am, I standardized some years ago on ATS for my personal > > infrastructure on Debian. A few years ago I joined Red Hat and this month > > finally decided I should migrate to our distros as part of a platform > refresh, > > but ATS was not packaged.... so I foolishly decided that becoming the > Fedora > > package maintainer would be easier than migrating to a different reverse > proxy. > > :-) > > > > Regards, > > --Jered >
