From acd3d1b162cb56ece89e856168f2a60ea317a501 Mon Sep 17 00:00:00 2001 From: Chelsea Holland Komlo Date: Tue, 21 Nov 2017 13:21:29 -0500 Subject: [PATCH] fix up downgrading client to plaintext add locks around changing server configuration --- client/client.go | 7 +++++-- client/client_test.go | 2 +- nomad/server.go | 7 +++++-- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/client/client.go b/client/client.go index 6a647c2bf..9346a60c7 100644 --- a/client/client.go +++ b/client/client.go @@ -369,9 +369,8 @@ func (c *Client) init() error { // client's TLS configuration changes from plaintext to TLS func (c *Client) ReloadTLSConnections(newConfig *nconfig.TLSConfig) error { c.configLock.Lock() - defer c.configLock.Unlock() - c.config.TLSConfig = newConfig + c.configLock.Unlock() if c.config.TLSConfig.EnableRPC { tw, err := c.config.TLSConfiguration().OutgoingTLSWrapper() @@ -379,8 +378,12 @@ func (c *Client) ReloadTLSConnections(newConfig *nconfig.TLSConfig) error { return err } c.connPool.ReloadTLS(tw) + } else { + c.connPool.ReloadTLS(nil) } + time.Sleep(3 * time.Second) + return nil } diff --git a/client/client_test.go b/client/client_test.go index 4550ebcdc..92b299595 100644 --- a/client/client_test.go +++ b/client/client_test.go @@ -1097,7 +1097,7 @@ func TestClient_ReloadTLS_DowngradeTLSToPlaintext(t *testing.T) { func() (bool, error) { err := c1.RPC("Node.GetNode", &req, &out) if err != nil { - return false, fmt.Errorf("client RPC succeeded when it should have failed:\n%+v", err) + return false, fmt.Errorf("client RPC failed when it should have succeeded:\n%+v", err) } return true, nil }, diff --git a/nomad/server.go b/nomad/server.go index dad73148a..090561242 100644 --- a/nomad/server.go +++ b/nomad/server.go @@ -84,8 +84,9 @@ const ( // Server is Nomad server which manages the job queues, // schedulers, and notification bus for agents. type Server struct { - config *Config - logger *log.Logger + config *Config + configLock sync.RWMutex + logger *log.Logger // Connection pool to other Nomad servers connPool *ConnPool @@ -363,7 +364,9 @@ func NewServer(config *Config, consulCatalog consul.CatalogAPI, logger *log.Logg func (s *Server) ReloadTLSConnections(newTLSConfig *config.TLSConfig) error { s.logger.Printf("[INFO] nomad: reloading server connections due to configuration changes") + s.configLock.Lock() s.config.TLSConfig = newTLSConfig + s.configLock.Unlock() var tlsWrap tlsutil.RegionWrapper var incomingTLS *tls.Config