open-nomad/nomad
Chelsea Komlo 2dfda33703 Nomad agent reload TLS configuration on SIGHUP (#3479)
* Allow server TLS configuration to be reloaded via SIGHUP

* dynamic tls reloading for nomad agents

* code cleanup and refactoring

* ensure keyloader is initialized, add comments

* allow downgrading from TLS

* initalize keyloader if necessary

* integration test for tls reload

* fix up test to assert success on reloaded TLS configuration

* failure in loading a new TLS config should remain at current

Reload only the config if agent is already using TLS

* reload agent configuration before specific server/client

lock keyloader before loading/caching a new certificate

* introduce a get-or-set method for keyloader

* fixups from code review

* fix up linting errors

* fixups from code review

* add lock for config updates; improve copy of tls config

* GetCertificate only reloads certificates dynamically for the server

* config updates/copies should be on agent

* improve http integration test

* simplify agent reloading storing a local copy of config

* reuse the same keyloader when reloading

* Test that server and client get reloaded but keep keyloader

* Keyloader exposes GetClientCertificate as well for outgoing connections

* Fix spelling

* correct changelog style
2017-11-14 17:53:23 -08:00
..
deploymentwatcher Adds comment to handleRollbackValidity method and other small test readability fixes. 2017-11-03 17:05:15 -05:00
mock sync 2017-10-13 14:36:02 -07:00
state Add ModifyTime to Allocation and update it both on plan applies and client initiated updates 2017-11-01 15:13:48 -05:00
structs Nomad agent reload TLS configuration on SIGHUP (#3479) 2017-11-14 17:53:23 -08:00
types Change the signature of the PeriodicCallback to return an error 2016-06-10 15:54:39 -04:00
acl.go clear the token 2017-10-23 15:11:13 -07:00
acl_endpoint.go review feedback 2017-10-16 17:14:48 -04:00
acl_endpoint_test.go review feedback 2017-10-16 17:14:48 -04:00
acl_test.go leader acl token 2017-10-23 14:10:14 -07:00
alloc_endpoint.go Allow Node.SecretID for GetNode and GetAlloc 2017-10-12 16:27:33 -07:00
alloc_endpoint_test.go Allow Node.SecretID for GetNode and GetAlloc 2017-10-12 16:27:33 -07:00
blocked_evals.go sync 2017-10-13 14:36:02 -07:00
blocked_evals_test.go sync 2017-10-13 14:36:02 -07:00
config.go Nomad agent reload TLS configuration on SIGHUP (#3479) 2017-11-14 17:53:23 -08:00
core_sched.go thread leader token through core gc and test 2017-10-23 15:04:00 -07:00
core_sched_test.go thread leader token through core gc and test 2017-10-23 15:04:00 -07:00
deployment_endpoint.go SecretID -> AuthToken 2017-10-12 15:16:33 -07:00
deployment_endpoint_test.go Added more unit tests for testing rollback when job has identical spec to AllocHealth and DeploymentStatus endpoints. 2017-11-03 16:07:06 -05:00
deployment_watcher_shims.go Deployment watcher takes state store 2017-08-30 18:51:59 -07:00
endpoints_oss.go Sync namespace changes 2017-09-07 17:04:21 -07:00
eval_broker.go Remove structs import from api 2017-09-29 10:36:08 -07:00
eval_broker_test.go Sync namespace changes 2017-09-07 17:04:21 -07:00
eval_endpoint.go SecretID -> AuthToken 2017-10-12 15:16:33 -07:00
eval_endpoint_test.go base64 migrate token 2017-10-13 10:59:13 -07:00
fsm.go sync 2017-10-13 14:36:02 -07:00
fsm_not_ent.go sync 2017-10-13 14:36:02 -07:00
fsm_registry_oss.go Sync namespace changes 2017-09-07 17:04:21 -07:00
fsm_test.go sync 2017-10-13 14:36:02 -07:00
heartbeat.go Nomad builds 2017-02-07 20:31:23 -08:00
heartbeat_test.go lax timing 2017-10-23 16:48:20 -07:00
job_endpoint.go SecretID -> AuthToken 2017-10-12 15:16:33 -07:00
job_endpoint_oss.go sync 2017-09-19 10:08:23 -05:00
job_endpoint_test.go SecretID -> AuthToken 2017-10-12 15:16:33 -07:00
leader.go Merge pull request #3402 from hashicorp/leader-loop 2017-11-03 13:40:59 -07:00
leader_oss.go sync acls 2017-09-13 11:38:29 -07:00
leader_test.go Fix some flaky tests 2017-10-23 16:48:20 -07:00
merge.go nomad: adding merge guard for non-nomad servers 2015-06-04 13:15:46 +02:00
node_endpoint.go Address some code review comments 2017-11-03 09:13:01 -05:00
node_endpoint_test.go Fix node end point test that was failing compilation 2017-11-01 15:16:38 -05:00
operator_endpoint.go SecretID -> AuthToken 2017-10-12 15:16:33 -07:00
operator_endpoint_test.go move to consul freeport implementation 2017-10-23 16:51:40 -07:00
periodic.go Remove structs import from api 2017-09-29 10:36:08 -07:00
periodic_endpoint.go SecretID -> AuthToken 2017-10-12 15:16:33 -07:00
periodic_endpoint_test.go SecretID -> AuthToken 2017-10-12 15:16:33 -07:00
periodic_test.go Enable more linters 2017-09-26 15:26:33 -07:00
plan_apply.go Revert unintentional change to plan_apply.go during rebase 2017-11-03 09:13:01 -05:00
plan_apply_not_ent.go sync 2017-10-13 14:36:02 -07:00
plan_apply_pool.go Log reason a plan gets rejected per node. 2017-07-13 17:14:02 -07:00
plan_apply_pool_test.go Enable more linters 2017-09-26 15:26:33 -07:00
plan_apply_test.go Always set modify time on allocations, and other changes addressing review comments 2017-11-01 15:13:48 -05:00
plan_endpoint.go core: Pause NackTimeout while in the plan_queue as progress is being made 2016-03-04 12:59:35 -08:00
plan_endpoint_test.go sync 2017-10-13 14:36:02 -07:00
plan_queue.go nomad: cleanup stats goroutines 2015-08-05 16:45:50 -07:00
plan_queue_test.go parallel nomad tests 2017-07-25 17:39:36 -07:00
pool.go Remove dead code 2017-03-03 18:27:49 -08:00
raft_rpc.go Join + Leave peer 2017-02-02 15:49:06 -08:00
regions_endpoint.go nomad: leader forwarding not needed for regions 2015-11-23 22:27:07 -08:00
regions_endpoint_test.go parallel nomad tests 2017-07-25 17:39:36 -07:00
rpc.go Nomad agent reload TLS configuration on SIGHUP (#3479) 2017-11-14 17:53:23 -08:00
rpc_test.go connection receives only EOF 2017-11-01 15:21:05 -05:00
search_endpoint.go sync 2017-10-13 14:36:02 -07:00
search_endpoint_oss.go sync 2017-10-13 14:36:02 -07:00
search_endpoint_test.go SecretID -> AuthToken 2017-10-12 15:16:33 -07:00
serf.go Enable more linters 2017-09-26 15:26:33 -07:00
serf_test.go Fix some flaky tests 2017-10-23 16:48:20 -07:00
server.go Nomad agent reload TLS configuration on SIGHUP (#3479) 2017-11-14 17:53:23 -08:00
server_setup_oss.go sync 2017-09-19 10:08:23 -05:00
server_test.go move to consul freeport implementation 2017-10-23 16:51:40 -07:00
status_endpoint.go SecretID -> AuthToken 2017-10-12 15:16:33 -07:00
status_endpoint_test.go SecretID -> AuthToken 2017-10-12 15:16:33 -07:00
system_endpoint.go SecretID -> AuthToken 2017-10-12 15:16:33 -07:00
system_endpoint_test.go SecretID -> AuthToken 2017-10-12 15:16:33 -07:00
timetable.go Switch to using go/codec and use code generation 2016-02-20 18:05:17 -08:00
timetable_test.go Include google compare library 2017-09-01 16:42:09 -07:00
util.go sync 2017-10-13 14:36:02 -07:00
util_test.go Remove structs import from api 2017-09-29 10:36:08 -07:00
vault.go Enable more linters 2017-09-26 15:26:33 -07:00
vault_test.go fix flaky vault test 2017-10-23 16:48:20 -07:00
vault_testing.go Add server metrics 2017-02-14 16:02:18 -08:00
worker.go Worker waits til max ModifyIndex across EvalsByJob 2017-09-14 14:28:43 -07:00
worker_test.go sync 2017-10-13 14:36:02 -07:00