fix up downgrading client to plaintext
add locks around changing server configuration
This commit is contained in:
Chelsea Holland Komlo
parent
c0ad9a4627
commit
acd3d1b162
|
|
@ -369,9 +369,8 @@ func (c *Client) init() error {
|
||||||
// client's TLS configuration changes from plaintext to TLS
|
// client's TLS configuration changes from plaintext to TLS
|
||||||
func (c *Client) ReloadTLSConnections(newConfig *nconfig.TLSConfig) error {
|
func (c *Client) ReloadTLSConnections(newConfig *nconfig.TLSConfig) error {
|
||||||
c.configLock.Lock()
|
c.configLock.Lock()
|
||||||
defer c.configLock.Unlock()
|
|
||||||
|
|
||||||
c.config.TLSConfig = newConfig
|
c.config.TLSConfig = newConfig
|
||||||
|
c.configLock.Unlock()
|
||||||
|
|
||||||
if c.config.TLSConfig.EnableRPC {
|
if c.config.TLSConfig.EnableRPC {
|
||||||
tw, err := c.config.TLSConfiguration().OutgoingTLSWrapper()
|
tw, err := c.config.TLSConfiguration().OutgoingTLSWrapper()
|
||||||
|
|
@ -379,8 +378,12 @@ func (c *Client) ReloadTLSConnections(newConfig *nconfig.TLSConfig) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
c.connPool.ReloadTLS(tw)
|
c.connPool.ReloadTLS(tw)
|
||||||
|
} else {
|
||||||
|
c.connPool.ReloadTLS(nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
time.Sleep(3 * time.Second)
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1097,7 +1097,7 @@ func TestClient_ReloadTLS_DowngradeTLSToPlaintext(t *testing.T) {
|
||||||
func() (bool, error) {
|
func() (bool, error) {
|
||||||
err := c1.RPC("Node.GetNode", &req, &out)
|
err := c1.RPC("Node.GetNode", &req, &out)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return false, fmt.Errorf("client RPC succeeded when it should have failed:\n%+v", err)
|
return false, fmt.Errorf("client RPC failed when it should have succeeded:\n%+v", err)
|
||||||
}
|
}
|
||||||
return true, nil
|
return true, nil
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -84,8 +84,9 @@ const (
|
||||||
// Server is Nomad server which manages the job queues,
|
// Server is Nomad server which manages the job queues,
|
||||||
// schedulers, and notification bus for agents.
|
// schedulers, and notification bus for agents.
|
||||||
type Server struct {
|
type Server struct {
|
||||||
config *Config
|
config *Config
|
||||||
logger *log.Logger
|
configLock sync.RWMutex
|
||||||
|
logger *log.Logger
|
||||||
|
|
||||||
// Connection pool to other Nomad servers
|
// Connection pool to other Nomad servers
|
||||||
connPool *ConnPool
|
connPool *ConnPool
|
||||||
|
|
@ -363,7 +364,9 @@ func NewServer(config *Config, consulCatalog consul.CatalogAPI, logger *log.Logg
|
||||||
func (s *Server) ReloadTLSConnections(newTLSConfig *config.TLSConfig) error {
|
func (s *Server) ReloadTLSConnections(newTLSConfig *config.TLSConfig) error {
|
||||||
s.logger.Printf("[INFO] nomad: reloading server connections due to configuration changes")
|
s.logger.Printf("[INFO] nomad: reloading server connections due to configuration changes")
|
||||||
|
|
||||||
|
s.configLock.Lock()
|
||||||
s.config.TLSConfig = newTLSConfig
|
s.config.TLSConfig = newTLSConfig
|
||||||
|
s.configLock.Unlock()
|
||||||
|
|
||||||
var tlsWrap tlsutil.RegionWrapper
|
var tlsWrap tlsutil.RegionWrapper
|
||||||
var incomingTLS *tls.Config
|
var incomingTLS *tls.Config
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue