From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 7562D7B4B3 for ; Wed, 12 May 2021 10:37:35 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 678C3AC6B for ; Wed, 12 May 2021 10:37:35 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id B7A85AC5D for ; Wed, 12 May 2021 10:37:34 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 89A0C45AF8 for ; Wed, 12 May 2021 10:37:34 +0200 (CEST) Date: Wed, 12 May 2021 10:37:12 +0200 (CEST) From: Dietmar Maurer To: Wolfgang Bumiller , Proxmox Backup Server development discussion Message-ID: <736193050.2227.1620808632817@webmail.proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Priority: 3 Importance: Normal X-Mailer: Open-Xchange Mailer v7.10.5-Rev10 X-Originating-Client: open-xchange-appsuite X-SPAM-LEVEL: Spam detection results: 0 AWL 0.219 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: Re: [pbs-devel] [PATCH backup 5/7] proxy: implement 'reload-certificate' command X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 May 2021 08:37:35 -0000 > I wish there was some nice form of a `select_loop!`-like helper... Another way would be to avoid the select inside the loop, for example by using an Atomic counter (cert is loaded on next accept, not immediately) --- Use AtomicUsize --- diff --git a/src/bin/proxmox-backup-proxy.rs b/src/bin/proxmox-backup-proxy.rs index fc773459..8ecdacec 100644 --- a/src/bin/proxmox-backup-proxy.rs +++ b/src/bin/proxmox-backup-proxy.rs @@ -2,6 +2,7 @@ use std::sync::Arc; use std::path::{Path, PathBuf}; use std::pin::Pin; use std::os::unix::io::AsRawFd; +use std::sync::atomic::{AtomicUsize, Ordering}; use anyhow::{bail, format_err, Error}; use futures::*; @@ -122,13 +123,13 @@ async fn run() -> Result<(), Error> { let acceptor = make_tls_acceptor()?; // to renew the acceptor we just let a command-socket handler trigger a Notify: - let notify_tls_cert_reload = Arc::new(tokio::sync::Notify::new()); + let notify_tls_cert_reload = Arc::new(AtomicUsize::new(0)); commando_sock.register_command( "reload-certificate".to_string(), { let notify_tls_cert_reload = Arc::clone(¬ify_tls_cert_reload); move |_value| -> Result<_, Error> { - notify_tls_cert_reload.notify_one(); + notify_tls_cert_reload.fetch_add(1, Ordering::SeqCst); Ok(Value::Null) } }, @@ -201,7 +202,7 @@ fn accept_connections( listener: tokio::net::TcpListener, acceptor: Arc, debug: bool, - notify_tls_cert_reload: Arc, + notify_tls_cert_reload: Arc, ) -> tokio::sync::mpsc::Receiver { let (sender, receiver) = tokio::sync::mpsc::channel(MAX_PENDING_ACCEPTS); @@ -216,47 +217,26 @@ async fn accept_connection( mut acceptor: Arc, debug: bool, sender: tokio::sync::mpsc::Sender, - notify_tls_cert_reload: Arc, + notify_tls_cert_reload: Arc, ) { let accept_counter = Arc::new(()); - // Note that these must not be moved out/modified directly, they get pinned in the loop and - // "rearmed" after waking up: - let mut reload_tls = notify_tls_cert_reload.notified(); - let mut accept = listener.accept(); - loop { - let sock; - - // normally we'd use `tokio::pin!()` but we need this to happen outside the loop and we - // need to be able to "rearm" the futures: - let reload_tls_pin = unsafe { Pin::new_unchecked(&mut reload_tls) }; - let accept_pin = unsafe { Pin::new_unchecked(&mut accept) }; - tokio::select! { - _ = reload_tls_pin => { - // rearm the notification: - reload_tls = notify_tls_cert_reload.notified(); - - log::info!("reloading certificate"); - match make_tls_acceptor() { - Err(err) => eprintln!("error reloading certificate: {}", err), - Ok(new_acceptor) => acceptor = new_acceptor, - } + let (sock, _addr) = match listener.accept().await { + Ok(conn) => conn, + Err(err) => { + eprintln!("error accepting tcp connection: {}", err); continue; } - res = accept_pin => match res { - Err(err) => { - eprintln!("error accepting tcp connection: {}", err); - continue; - } - Ok((new_sock, _addr)) => { - // rearm the accept future: - accept = listener.accept(); + }; - sock = new_sock; - } + if notify_tls_cert_reload.swap(0, Ordering::SeqCst) > 0 { + log::info!("reloading certificate"); + match make_tls_acceptor() { + Err(err) => eprintln!("error reloading certificate: {}", err), + Ok(new_acceptor) => acceptor = new_acceptor, } - }; + } sock.set_nodelay(true).unwrap(); let _ = set_tcp_keepalive(sock.as_raw_fd(), PROXMOX_BACKUP_TCP_KEEPALIVE_TIME);