Architecture #19675: Restart HTTP clients when configuration changes - Rudder - Issue Tracker

Actions

Copy link

Architecture #19675

closed

Architecture #18784: Reuse agent certificates for HTTPS communication

Restart HTTP clients when configuration changes

Added by Alexis Mousset over 3 years ago. Updated about 3 years ago.

Status:

Released

Priority:

N/A

Assignee:

Benoît PECCATTE

Category:

Relay server or API

Target version:

7.0.0~beta1

Pull Request:

https://github.com/Normation/rudder/p...

Effort required:

Name check:

To do

Fix check:

To do

Regression:

Description

When either:

the policy server certificate /var/rudder/lib/ssl/policy_server.pem
one of the subrelay certificates in /var/rudder/lib/nodescerts.pem

We need to restart the service or at least the HTTPS clients to apply the changes.

Actions

Copy link

Updated by Alexis Mousset over 3 years ago

Status changed from New to In progress
Assignee set to Alexis Mousset

Actions

Copy link

Updated by Alexis Mousset over 3 years ago

Ideally, we should be able to reload a part of main.conf settings. The tokio thread pool settings, at least, are hard to properly reload and will probably continue to require a restart. The interface the API listens on is also probably tricky to change dynamically.

However, the HTTP clients and the postgresql pool are probably easier to reload.

We have one constraint: we need to let existing long-running requests finish, but start using the configuration immediately.

This could use an Arc for each, cloned when it's used. It should be dropped when all tasks using it have finished. Another lighter option for HTTP clients is to only recreate those whose cert have changed., and add/remove when necessary.

Actions

Copy link