From de03ce80702ae05ee87084136aee36d44353d58b Mon Sep 17 00:00:00 2001 From: Chelsea Holland Komlo Date: Fri, 8 Jun 2018 14:33:58 -0400 Subject: [PATCH] move logic to determine whether to reload tls configuration to tlsutil helper --- helper/tlsutil/config.go | 22 ++++++++++++++++++++++ nomad/server.go | 7 +++---- 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/helper/tlsutil/config.go b/helper/tlsutil/config.go index 8202b08db..7bc3ac2e0 100644 --- a/helper/tlsutil/config.go +++ b/helper/tlsutil/config.go @@ -421,3 +421,25 @@ func ParseMinVersion(version string) (uint16, error) { return vers, nil } + +func ShouldReloadRPCConnections(old, new *config.TLSConfig) (bool, error) { + var tlsInfoEqual bool + + // If already configured with TLS, compare with the new TLS configuration + if new != nil { + var err error + tlsInfoEqual, err = new.CertificateInfoIsEqual(old) + if err != nil { + return false, err + } + } else { + // If not configured with TLS, compare with the new TLS configuration + tlsInfoEqual = new == nil && old == nil + } + + if new != nil && old != nil { + tlsInfoEqual = new.EnableRPC == old.EnableRPC + } + + return tlsInfoEqual, nil +} diff --git a/nomad/server.go b/nomad/server.go index 777ff24af..ff1733dfe 100644 --- a/nomad/server.go +++ b/nomad/server.go @@ -678,13 +678,12 @@ func (s *Server) Reload(newConfig *Config) error { } } - tlsInfoEqual, err := newConfig.TLSConfig.CertificateInfoIsEqual(s.config.TLSConfig) + shouldReloadTLS, err := tlsutil.ShouldReloadRPCConnections(s.config.TLSConfig, newConfig.TLSConfig) if err != nil { - s.logger.Printf("[ERR] nomad: error parsing server TLS configuration: %s", err) - return err + s.logger.Printf("[ERR] nomad: error checking whether to reload TLS configuration: %s", err) } - if !tlsInfoEqual || newConfig.TLSConfig.EnableRPC != s.config.TLSConfig.EnableRPC { + if shouldReloadTLS { if err := s.reloadTLSConnections(newConfig.TLSConfig); err != nil { s.logger.Printf("[ERR] nomad: error reloading server TLS configuration: %s", err) multierror.Append(&mErr, err)