fix up downgrading client to plaintext

add locks around changing server configuration
2017-11-21 13:21:29 -05:00 · 2017-11-21 13:21:29 -05:00 · acd3d1b162
parent c0ad9a4627
commit acd3d1b162
3 changed files with 11 additions and 5 deletions
--- a/client/client.go
+++ b/client/client.go
@ -369,9 +369,8 @@ func (c *Client) init() error {
 // client's TLS configuration changes from plaintext to TLS
 func (c *Client) ReloadTLSConnections(newConfig *nconfig.TLSConfig) error {
 	c.configLock.Lock()
-	defer c.configLock.Unlock()
-
 	c.config.TLSConfig = newConfig
+	c.configLock.Unlock()

 	if c.config.TLSConfig.EnableRPC {
 		tw, err := c.config.TLSConfiguration().OutgoingTLSWrapper()
@ -379,8 +378,12 @@ func (c *Client) ReloadTLSConnections(newConfig *nconfig.TLSConfig) error {
 			return err
 		}
 		c.connPool.ReloadTLS(tw)
+	} else {
+		c.connPool.ReloadTLS(nil)
 	}

+	time.Sleep(3 * time.Second)
+
 	return nil
 }

--- a/client/client_test.go
+++ b/client/client_test.go
@ -1097,7 +1097,7 @@ func TestClient_ReloadTLS_DowngradeTLSToPlaintext(t *testing.T) {
 		func() (bool, error) {
 			err := c1.RPC("Node.GetNode", &req, &out)
 			if err != nil {
-				return false, fmt.Errorf("client RPC succeeded when it should have failed:\n%+v", err)
+				return false, fmt.Errorf("client RPC failed when it should have succeeded:\n%+v", err)
 			}
 			return true, nil
 		},
--- a/nomad/server.go
+++ b/nomad/server.go
@ -84,8 +84,9 @@ const (
 // Server is Nomad server which manages the job queues,
 // schedulers, and notification bus for agents.
 type Server struct {
-	config *Config
-	logger *log.Logger
+	config     *Config
+	configLock sync.RWMutex
+	logger     *log.Logger

 	// Connection pool to other Nomad servers
 	connPool *ConnPool
@ -363,7 +364,9 @@ func NewServer(config *Config, consulCatalog consul.CatalogAPI, logger *log.Logg
 func (s *Server) ReloadTLSConnections(newTLSConfig *config.TLSConfig) error {
 	s.logger.Printf("[INFO] nomad: reloading server connections due to configuration changes")

+	s.configLock.Lock()
 	s.config.TLSConfig = newTLSConfig
+	s.configLock.Unlock()

 	var tlsWrap tlsutil.RegionWrapper
 	var incomingTLS *tls.Config