Project

General

Profile

Actions

Architecture #19675

closed

Architecture #18784: Reuse agent certificates for HTTPS communication

Restart HTTP clients when configuration changes

Added by Alexis Mousset over 2 years ago. Updated over 2 years ago.

Status:
Released
Priority:
N/A
Category:
Relay server or API
Target version:
Effort required:
Name check:
To do
Fix check:
To do
Regression:

Description

When either:

  • the policy server certificate /var/rudder/lib/ssl/policy_server.pem
  • one of the subrelay certificates in /var/rudder/lib/nodescerts.pem

We need to restart the service or at least the HTTPS clients to apply the changes.

Actions #1

Updated by Alexis Mousset over 2 years ago

  • Status changed from New to In progress
  • Assignee set to Alexis Mousset
Actions #2

Updated by Alexis Mousset over 2 years ago

Ideally, we should be able to reload a part of main.conf settings. The tokio thread pool settings, at least, are hard to properly reload and will probably continue to require a restart. The interface the API listens on is also probably tricky to change dynamically.

However, the HTTP clients and the postgresql pool are probably easier to reload.

We have one constraint: we need to let existing long-running requests finish, but start using the configuration immediately.

This could use an Arc for each, cloned when it's used. It should be dropped when all tasks using it have finished. Another lighter option for HTTP clients is to only recreate those whose cert have changed., and add/remove when necessary.

Actions #7

Updated by Alexis Mousset over 2 years ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from Alexis Mousset to Benoît PECCATTE
  • Pull Request set to https://github.com/Normation/rudder/pull/3792
Actions #8

Updated by Alexis Mousset over 2 years ago

  • Status changed from Pending technical review to Pending release
Actions #9

Updated by Vincent MEMBRÉ over 2 years ago

  • Status changed from Pending release to Released

This bug has been fixed in Rudder 7.0.0~beta1 which was released today.

Actions

Also available in: Atom PDF