From: Dietmar Maurer <dietmar@proxmox.com>
To: Wolfgang Bumiller <w.bumiller@proxmox.com>,
Proxmox Backup Server development discussion
<pbs-devel@lists.proxmox.com>
Subject: Re: [pbs-devel] [PATCH backup 5/7] proxy: implement 'reload-certificate' command
Date: Wed, 12 May 2021 10:37:12 +0200 (CEST) [thread overview]
Message-ID: <736193050.2227.1620808632817@webmail.proxmox.com> (raw)
> I wish there was some nice form of a `select_loop!`-like helper...
Another way would be to avoid the select inside the loop, for example
by using an Atomic counter (cert is loaded on next accept, not immediately)
--- Use AtomicUsize ---
diff --git a/src/bin/proxmox-backup-proxy.rs b/src/bin/proxmox-backup-proxy.rs
index fc773459..8ecdacec 100644
--- a/src/bin/proxmox-backup-proxy.rs
+++ b/src/bin/proxmox-backup-proxy.rs
@@ -2,6 +2,7 @@ use std::sync::Arc;
use std::path::{Path, PathBuf};
use std::pin::Pin;
use std::os::unix::io::AsRawFd;
+use std::sync::atomic::{AtomicUsize, Ordering};
use anyhow::{bail, format_err, Error};
use futures::*;
@@ -122,13 +123,13 @@ async fn run() -> Result<(), Error> {
let acceptor = make_tls_acceptor()?;
// to renew the acceptor we just let a command-socket handler trigger a Notify:
- let notify_tls_cert_reload = Arc::new(tokio::sync::Notify::new());
+ let notify_tls_cert_reload = Arc::new(AtomicUsize::new(0));
commando_sock.register_command(
"reload-certificate".to_string(),
{
let notify_tls_cert_reload = Arc::clone(¬ify_tls_cert_reload);
move |_value| -> Result<_, Error> {
- notify_tls_cert_reload.notify_one();
+ notify_tls_cert_reload.fetch_add(1, Ordering::SeqCst);
Ok(Value::Null)
}
},
@@ -201,7 +202,7 @@ fn accept_connections(
listener: tokio::net::TcpListener,
acceptor: Arc<openssl::ssl::SslAcceptor>,
debug: bool,
- notify_tls_cert_reload: Arc<tokio::sync::Notify>,
+ notify_tls_cert_reload: Arc<AtomicUsize>,
) -> tokio::sync::mpsc::Receiver<ClientStreamResult> {
let (sender, receiver) = tokio::sync::mpsc::channel(MAX_PENDING_ACCEPTS);
@@ -216,47 +217,26 @@ async fn accept_connection(
mut acceptor: Arc<openssl::ssl::SslAcceptor>,
debug: bool,
sender: tokio::sync::mpsc::Sender<ClientStreamResult>,
- notify_tls_cert_reload: Arc<tokio::sync::Notify>,
+ notify_tls_cert_reload: Arc<AtomicUsize>,
) {
let accept_counter = Arc::new(());
- // Note that these must not be moved out/modified directly, they get pinned in the loop and
- // "rearmed" after waking up:
- let mut reload_tls = notify_tls_cert_reload.notified();
- let mut accept = listener.accept();
-
loop {
- let sock;
-
- // normally we'd use `tokio::pin!()` but we need this to happen outside the loop and we
- // need to be able to "rearm" the futures:
- let reload_tls_pin = unsafe { Pin::new_unchecked(&mut reload_tls) };
- let accept_pin = unsafe { Pin::new_unchecked(&mut accept) };
- tokio::select! {
- _ = reload_tls_pin => {
- // rearm the notification:
- reload_tls = notify_tls_cert_reload.notified();
-
- log::info!("reloading certificate");
- match make_tls_acceptor() {
- Err(err) => eprintln!("error reloading certificate: {}", err),
- Ok(new_acceptor) => acceptor = new_acceptor,
- }
+ let (sock, _addr) = match listener.accept().await {
+ Ok(conn) => conn,
+ Err(err) => {
+ eprintln!("error accepting tcp connection: {}", err);
continue;
}
- res = accept_pin => match res {
- Err(err) => {
- eprintln!("error accepting tcp connection: {}", err);
- continue;
- }
- Ok((new_sock, _addr)) => {
- // rearm the accept future:
- accept = listener.accept();
+ };
- sock = new_sock;
- }
+ if notify_tls_cert_reload.swap(0, Ordering::SeqCst) > 0 {
+ log::info!("reloading certificate");
+ match make_tls_acceptor() {
+ Err(err) => eprintln!("error reloading certificate: {}", err),
+ Ok(new_acceptor) => acceptor = new_acceptor,
}
- };
+ }
sock.set_nodelay(true).unwrap();
let _ = set_tcp_keepalive(sock.as_raw_fd(), PROXMOX_BACKUP_TCP_KEEPALIVE_TIME);
next reply other threads:[~2021-05-12 8:37 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-12 8:37 Dietmar Maurer [this message]
-- strict thread matches above, loose matches on Subject: below --
2021-05-12 9:17 Wolfgang Bumiller
2021-05-12 9:13 Dietmar Maurer
2021-05-12 9:01 Wolfgang Bumiller
2021-05-12 8:00 Wolfgang Bumiller
2021-05-12 7:42 Dietmar Maurer
2021-05-11 13:53 [pbs-devel] [PATCH backup 0/7] hot-reload proxy certificates Wolfgang Bumiller
2021-05-11 13:53 ` [pbs-devel] [PATCH backup 5/7] proxy: implement 'reload-certificate' command Wolfgang Bumiller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=736193050.2227.1620808632817@webmail.proxmox.com \
--to=dietmar@proxmox.com \
--cc=pbs-devel@lists.proxmox.com \
--cc=w.bumiller@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox