Architecture #19675
closedArchitecture #18784: Reuse agent certificates for HTTPS communication
Restart HTTP clients when configuration changes
Description
When either:
- the policy server certificate
/var/rudder/lib/ssl/policy_server.pem
- one of the subrelay certificates in
/var/rudder/lib/nodescerts.pem
We need to restart the service or at least the HTTPS clients to apply the changes.
Updated by Alexis Mousset over 3 years ago
- Status changed from New to In progress
- Assignee set to Alexis Mousset
Updated by Alexis Mousset over 3 years ago
Ideally, we should be able to reload a part of main.conf settings. The tokio thread pool settings, at least, are hard to properly reload and will probably continue to require a restart. The interface the API listens on is also probably tricky to change dynamically.
However, the HTTP clients and the postgresql pool are probably easier to reload.
We have one constraint: we need to let existing long-running requests finish, but start using the configuration immediately.
This could use an Arc
for each, cloned when it's used. It should be dropped when all tasks using it have finished. Another lighter option for HTTP clients is to only recreate those whose cert have changed., and add/remove when necessary.
Updated by Alexis Mousset over 3 years ago
Work in progess here: https://github.com/amousset/rudder/commit/1e6bd68a5b72d2480214f1c0078fc5c60e6ecea5
Updated by Alexis Mousset over 3 years ago
Work in progess here: https://github.com/amousset/rudder/commit/9c14834e60da50137c3b0a5ce82c5f3c562b8e37
Updated by Alexis Mousset over 3 years ago
Work in progess here: https://github.com/amousset/rudder/commit/09fc5d55b5672dd47cf6447a4e15529f8412bf34
Updated by Alexis Mousset over 3 years ago
Work in progess here: https://github.com/amousset/rudder/commit/656efa0976a5b63c70421cf9a9418cca99e9d93e
Updated by Alexis Mousset over 3 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from Alexis Mousset to Benoît PECCATTE
- Pull Request set to https://github.com/Normation/rudder/pull/3792
Updated by Alexis Mousset over 3 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|671ded3267ac52551c1082d89cbebbe55348c2c6.
Updated by Vincent MEMBRÉ over 3 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 7.0.0~beta1 which was released today.