From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <dietmar@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
(No client certificate requested)
by lists.proxmox.com (Postfix) with ESMTPS id 7562D7B4B3
for <pbs-devel@lists.proxmox.com>; Wed, 12 May 2021 10:37:35 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id 678C3AC6B
for <pbs-devel@lists.proxmox.com>; Wed, 12 May 2021 10:37:35 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
[94.136.29.106])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
(No client certificate requested)
by firstgate.proxmox.com (Proxmox) with ESMTPS id B7A85AC5D
for <pbs-devel@lists.proxmox.com>; Wed, 12 May 2021 10:37:34 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 89A0C45AF8
for <pbs-devel@lists.proxmox.com>; Wed, 12 May 2021 10:37:34 +0200 (CEST)
Date: Wed, 12 May 2021 10:37:12 +0200 (CEST)
From: Dietmar Maurer <dietmar@proxmox.com>
To: Wolfgang Bumiller <w.bumiller@proxmox.com>,
Proxmox Backup Server development discussion <pbs-devel@lists.proxmox.com>
Message-ID: <736193050.2227.1620808632817@webmail.proxmox.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Priority: 3
Importance: Normal
X-Mailer: Open-Xchange Mailer v7.10.5-Rev10
X-Originating-Client: open-xchange-appsuite
X-SPAM-LEVEL: Spam detection results: 0
AWL 0.219 Adjusted score from AWL reputation of From: address
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
Subject: Re: [pbs-devel] [PATCH backup 5/7] proxy: implement
'reload-certificate' command
X-BeenThere: pbs-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Backup Server development discussion
<pbs-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pbs-devel>,
<mailto:pbs-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pbs-devel/>
List-Post: <mailto:pbs-devel@lists.proxmox.com>
List-Help: <mailto:pbs-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel>,
<mailto:pbs-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Wed, 12 May 2021 08:37:35 -0000
> I wish there was some nice form of a `select_loop!`-like helper...
Another way would be to avoid the select inside the loop, for example
by using an Atomic counter (cert is loaded on next accept, not immediately)
--- Use AtomicUsize ---
diff --git a/src/bin/proxmox-backup-proxy.rs b/src/bin/proxmox-backup-proxy.rs
index fc773459..8ecdacec 100644
--- a/src/bin/proxmox-backup-proxy.rs
+++ b/src/bin/proxmox-backup-proxy.rs
@@ -2,6 +2,7 @@ use std::sync::Arc;
use std::path::{Path, PathBuf};
use std::pin::Pin;
use std::os::unix::io::AsRawFd;
+use std::sync::atomic::{AtomicUsize, Ordering};
use anyhow::{bail, format_err, Error};
use futures::*;
@@ -122,13 +123,13 @@ async fn run() -> Result<(), Error> {
let acceptor = make_tls_acceptor()?;
// to renew the acceptor we just let a command-socket handler trigger a Notify:
- let notify_tls_cert_reload = Arc::new(tokio::sync::Notify::new());
+ let notify_tls_cert_reload = Arc::new(AtomicUsize::new(0));
commando_sock.register_command(
"reload-certificate".to_string(),
{
let notify_tls_cert_reload = Arc::clone(¬ify_tls_cert_reload);
move |_value| -> Result<_, Error> {
- notify_tls_cert_reload.notify_one();
+ notify_tls_cert_reload.fetch_add(1, Ordering::SeqCst);
Ok(Value::Null)
}
},
@@ -201,7 +202,7 @@ fn accept_connections(
listener: tokio::net::TcpListener,
acceptor: Arc<openssl::ssl::SslAcceptor>,
debug: bool,
- notify_tls_cert_reload: Arc<tokio::sync::Notify>,
+ notify_tls_cert_reload: Arc<AtomicUsize>,
) -> tokio::sync::mpsc::Receiver<ClientStreamResult> {
let (sender, receiver) = tokio::sync::mpsc::channel(MAX_PENDING_ACCEPTS);
@@ -216,47 +217,26 @@ async fn accept_connection(
mut acceptor: Arc<openssl::ssl::SslAcceptor>,
debug: bool,
sender: tokio::sync::mpsc::Sender<ClientStreamResult>,
- notify_tls_cert_reload: Arc<tokio::sync::Notify>,
+ notify_tls_cert_reload: Arc<AtomicUsize>,
) {
let accept_counter = Arc::new(());
- // Note that these must not be moved out/modified directly, they get pinned in the loop and
- // "rearmed" after waking up:
- let mut reload_tls = notify_tls_cert_reload.notified();
- let mut accept = listener.accept();
-
loop {
- let sock;
-
- // normally we'd use `tokio::pin!()` but we need this to happen outside the loop and we
- // need to be able to "rearm" the futures:
- let reload_tls_pin = unsafe { Pin::new_unchecked(&mut reload_tls) };
- let accept_pin = unsafe { Pin::new_unchecked(&mut accept) };
- tokio::select! {
- _ = reload_tls_pin => {
- // rearm the notification:
- reload_tls = notify_tls_cert_reload.notified();
-
- log::info!("reloading certificate");
- match make_tls_acceptor() {
- Err(err) => eprintln!("error reloading certificate: {}", err),
- Ok(new_acceptor) => acceptor = new_acceptor,
- }
+ let (sock, _addr) = match listener.accept().await {
+ Ok(conn) => conn,
+ Err(err) => {
+ eprintln!("error accepting tcp connection: {}", err);
continue;
}
- res = accept_pin => match res {
- Err(err) => {
- eprintln!("error accepting tcp connection: {}", err);
- continue;
- }
- Ok((new_sock, _addr)) => {
- // rearm the accept future:
- accept = listener.accept();
+ };
- sock = new_sock;
- }
+ if notify_tls_cert_reload.swap(0, Ordering::SeqCst) > 0 {
+ log::info!("reloading certificate");
+ match make_tls_acceptor() {
+ Err(err) => eprintln!("error reloading certificate: {}", err),
+ Ok(new_acceptor) => acceptor = new_acceptor,
}
- };
+ }
sock.set_nodelay(true).unwrap();
let _ = set_tcp_keepalive(sock.as_raw_fd(), PROXMOX_BACKUP_TCP_KEEPALIVE_TIME);