Skip to content

Apache Traffic Control 8.0.0
Compare
Choose a tag to compare
@rimashah25 rimashah25 released this 31 Jan 02:11
· 216 commits to master since this release
v8.0.0
2190789

Traffic Ops

  • Client Certificate Authentication: The ability for a Traffic Ops (TO) instance to accept TLS certificates from a client request and verify them against specified Root CA’s certificate as a form of login. This is not to be confused with mTLS, albeit a similar design. Should a client not send a TLS certificate as part of the request login functionality will default to standard form authentication.
  • Assignment of multiple Server Capabilities to a Server and vice-versa: Previous releases only allowed 1:1 assignment of server to a capability and vice-versa. This release now supports multiple assignments (1:many).
  • Simplification of CDN configs by removing hypnotoad section (used in deploying TO locally or in CIAB) was no longer being used.
  • Layered Profile: Aggregation of parameters based on profile priority.
  • Delivery Services: Regional field added to aid maxOriginConnections
  • Permission and Roles: Added new permissions (e.g.: SSL-KEY_EXPIRATION:READ, ACME:READ, etc.) to various roles. Also created a new role (trouter) to monitor Traffic Ops resources. Return empty array when no permission are given for a roles API (PUT, POST)
  • Reporting: Added a feature to indicate success and failure during server upgrade.
  • OAuth Added OAuth security when using Microsoft Authenticator and an optional field oauth_user_attribute for OAuth login credentials along with usage of ID token instead of Access Token for authentication.
  • #7674 Added the ability to indicate if a server failed its revalidate/config update.
  • Python Client uses APIv5
  • Fixed the following issues/bugs:
    • #7891 Created clause to distinguish api versions < 5 when handling 403 in middleware wrappers and updated job routes for v4 and v5.
    • #7890 Fixed missing changelog entries to v5 routes.
    • #7887 Limit Delivery Services returned for GET /servers/{id}/deliveryservices to ones in the same CDN
    • #7878 Fixed the case where TO was failing to assign delivery services to a server, due to a bug in the way the list of preexisting delivery services was being returned.
    • #4428 Fixed Internal Server Error with POST to profileparameters when POST body is empty
    • #7047 Allow apply_time query parameters on the servers/{id-name}/update when the CDN is locked.
    • #7046 API deliveryservices/sslkeys/add now checks that each cert in the chain is related.
    • #6340 Fixed alert messages for POST and PUT invalidation job APIs.
    • #7519 Fixed TO API /servers/{id}/deliveryservices endpoint to responding with all DS’s on cache that are directly assigned and inherited through topology.
    • #7130 Fixed service_categories response to POST API.
    • #6229 Fixed error message for assignment of non-existent parameters to a profile.
    • #6775 Invalid “orgServerFqdn” in Delivery Service creation/update causes Internal Server Error
    • #6385 Fixed reserved consistentHashQueryParameters from causing internal server error to a client error
    • #4393 Fixed the error code and alert structure when TO is queried for a delivery service with no ssl keys.
    • #7762 Fixed /phys_locations PUT API to remove error related to mismatching region name and ID.
    • #7511 Fixed the changelog registration message to include the username instead of duplicate email entry.
    • #7441 Fixed the invalidation jobs endpoint to respect CDN locks.
    • #7282 Fixed issue with user getting correctly logged when using an access or bearer token authentication.
    • #7231 Fixed sharedUserNames display while retrieving CDN locks.
    • #7628 Fixed an issue where certificate chain validation failed based on leading or trailing whitespace.
    • #7688 Fixed ability to view secured parameters when role has correct permissions.
    • #7697 Fixed display of iloPassword and xmppPassword, now based on permissions and instead of priv-level.

Breaking changes:

  • Fixed DS “ACTIVE” flag (Blueprint): Previously setting a Delivery Service (DS) to “Inactive” actually only sets it to “not routed”. There is no way to create a Delivery Service (with assigned servers) that will not be distributed to cache server configuration. This fix changes the Active property of Delivery Services from a boolean to an enumerated string constant that can represent three different “Activity States” for a Delivery Service.
  • Updated LastUpdated field across multiple APIs to use RFC3339 instead of deprecated time.Time.
  • Capabilities are now part of DS structure instead of a separate struct.

Traffic Portal

  • Delivery Service (DS):
    • Added server capability (removed from DS context menu), lastUpdated fields to the DS forms.
    • Added the ability to tell if a DS has the target of another steering DS.
    • New config options in traffic_portal_properties.json for DS active flag feature.
  • Certs: Added visuals to DS cert expiration grid rows and the the ability to inspect a user provider cert, or the cert chain on DS SSL keys, and to delete a cert. Also added a revert certificate functionality.
  • Servers: Improved information about profile priorities with respect to layered profile.
  • Change Log: Ability to view entire log message by clicking on it.
  • CDN: Added TTLOverride field to allow a quick turnaround time when performing TR maintenance that involves restarts.
  • UI Beautification: Added better labels for widgets, simplifying DS button bar by moving DS changes/ DSRs under More menu, obscure sensitive text in raw remap fields, private SSL keys, “Header Rewrite” rules, and ILO interface passwords.
  • Dependent on NodeJS version 16 or later
  • Fixed the following issues/bugs:
    • #7885 Fixed the issue where Compare Profiles page was not being displayed.
    • #7879 Fixed broken capability links for delivery service and added required capability as a column in DS table.
    • #7049, #7052 Fixed server table’s quick search and filter option for multiple profiles.
    • #7080, #6335 Fixed redirect links for server capability.
    • #7414 Fixed DSR difference for DS required capability.
    • #5557 Moved Fair Queueing Pacing Rate Bps DS field to Cache Configuration Settings section.
    • #7216 Fixed sort for Server’s Capabilities Table
    • #7179 Fixed search filter for Delivery Service Table
    • #7174 Fixed topologies sort (table and Delivery Service’s form)
    • #5970 Fixed numeric sort in Delivery Service’s form for DSCP
    • #5971 Fixed Max DNS Tool Top link to open in a new page

Traffic Router

  • Optimized TR’s logic in zone detection and ability to handle DDOS attack by increasing TTL value.
  • Logging improved for a better connection and user experience.
  • Removed dnssec.zone.diffing.enabled and dnssec.rrsig.cache.enabled parameters
  • #7808 Set SOA minimum field to a custom value defined in the tld.soa.minimum param, and remove the previously added dns.negative.caching.ttl property.
  • Fixed the following issues/bugs:
    • #7340 Fixed TR logging for the cqhv field when absent.
    • #7252 Fixed integer overflow for czCount, by resetting the count to max value when it overflows.
    • #7093 Updated Apache Tomcat from 9.0.43 to 9.0.67
    • #3965 TR now always includes a Content-Length header in the response.
    • #6533 TR should not rename/recreate log files on rollover

Traffic Stats

  • Improved logic to handle connection leaks and client requests timeout to Traffic Ops

Traffic Monitor

  • Improved logging with respect to ip availability for both, v4 and v6
  • Fixed the bandwidth doubling issue per cache.

Traffic Control Cache Config (T3C) (formerly ORT)

  • Config Generation: Addition of t3c-apply flag to allow ease of usage locally and a descriptive exit error message on failure.
  • RPM Checks added to keep cache config up to date in case of RPM failures.
  • Added support for anycast
  • Decreased the amount of commits to the repo by removing timestamp from metadata file.
  • #7719 Added automatic self-healing when using slice plugin.
  • Fixed the following:
    • #7817 Fixed issue that would cause null ptr panic on client fallback.
    • #7866 Fixed rpm db check to work with rocky linux 9.
    • #7021 Fixed cache config for Delivery Services with IP Origins.
    • #7043 Fixed cache config missing retry parameters for non-topology MSO Delivery Services going direct from edge to origin.
    • #7163 Fix cache config for multiple profiles
    • #6695 Directory creation was erroneously reporting an error when actually succeeding.
    • #7590 Fixed issue with git detected dubious ownership in repository.
    • #7137 parent.config simulate topology for non topo delivery services.
    • #7153 Adds an extra T3C check for validity of an ssl cert (crash fix).
    • #7182 Sort peers used in strategy.yaml to prevent false positive for reload.
    • #7204 strategies.yaml hash_key only for consistent_hash
    • #7277 remapdotconfig: remove skip check at mids for nocache/live
    • #7346 Fixed issue with stale lock file when using git to track changes.
    • #7352 Fixed issue with application locking which would allow multiple instances of t3c apply to run concurrently.
    • #7411 Fixed issue with wrong parent ordering with MSO non-topology delivery services.
    • #7425 Fixed issue with layered profile iteration being done in the wrong order.
    • #7471 Fixed issue with MSO non topo origins from multiple cache groups.

TC Health Client

  • Added a peer monitoring flag in strategies.yaml
  • Added three health mechanisms: L4 health (a TCP syn-ack-rst), L7 health (a successful HTTP response), and a meta-parent poll which polls the parent’s own health client parent health and uses a heuristic of unavailable parents on the parent.
  • T3C Traffic Control Health Client upgraded to Apache Traffic Server (ATS) 9.2.

Other Components

  • CDN in a Box, the t3c integration tests, and the tc health client integration tests now use 9.1.
  • #7896 ATC Build system: Count commits since the last release, not commits.

Downloads

Apache Traffic Control 8.0.0 is also available here:

Assets 2
Loading