From 3a998ecf99469c364a00a0566409974c9b9a7489 Mon Sep 17 00:00:00 2001 From: Chelsea Holland Komlo Date: Fri, 3 Nov 2017 15:29:30 -0400 Subject: [PATCH] fixups from code review --- command/agent/agent.go | 5 +++-- command/agent/config.go | 4 ++-- command/agent/config_parse.go | 2 -- nomad/structs/config/tls.go | 3 +++ 4 files changed, 8 insertions(+), 6 deletions(-) diff --git a/command/agent/agent.go b/command/agent/agent.go index 85f5071132d9..aac443cf03ce 100644 --- a/command/agent/agent.go +++ b/command/agent/agent.go @@ -730,10 +730,11 @@ func (a *Agent) Reload(newConfig *Config) error { if a.config != nil && newConfig.TLSConfig != nil { // If the agent is already running with TLS enabled, we need to only reload - // its certificates. In a later PR, we will introduce the ability to reload + // its certificates. + // TODO(chelseakomlo) In a later PR, we will introduce the ability to reload // TLS configuration if the agent is not running with TLS enabled. if a.config.TLSConfig != nil { - return a.config.SetTLSConfig(newConfig.TLSConfig) + return a.config.UpdateTLSConfig(newConfig.TLSConfig) } } diff --git a/command/agent/config.go b/command/agent/config.go index 6e2c7e39234a..ebe53b2c5bc9 100644 --- a/command/agent/config.go +++ b/command/agent/config.go @@ -328,12 +328,12 @@ type ServerConfig struct { EncryptKey string `mapstructure:"encrypt" json:"-"` } -// SetTLSConfig will reload an agent's TLS configuration. If there is an error +// UpdateTLSConfig will reload an agent's TLS configuration. If there is an error // while loading key and certificate files, the agent will remain at its // current configuration and return an error. // This only allows reloading the certificate and keyfile- other TLSConfig // fields are ignored. -func (c *Config) SetTLSConfig(newConfig *config.TLSConfig) error { +func (c *Config) UpdateTLSConfig(newConfig *config.TLSConfig) error { if c.TLSConfig == nil { return fmt.Errorf("unable to update non-existing TLSConfig") } diff --git a/command/agent/config_parse.go b/command/agent/config_parse.go index 342f872ec944..6c63a008dfdb 100644 --- a/command/agent/config_parse.go +++ b/command/agent/config_parse.go @@ -750,8 +750,6 @@ func parseTLSConfig(result **config.TLSConfig, list *ast.ObjectList) error { return err } - // TLSConfig requires a Keyloader object for dynamic reloading of TLS - // configuration *result = &tlsConfig return nil } diff --git a/nomad/structs/config/tls.go b/nomad/structs/config/tls.go index 09bb2a71a330..4d76e7292608 100644 --- a/nomad/structs/config/tls.go +++ b/nomad/structs/config/tls.go @@ -8,6 +8,7 @@ import ( // TLSConfig provides TLS related configuration type TLSConfig struct { + configLock sync.Mutex // EnableHTTP enabled TLS for http traffic to the Nomad server and clients EnableHTTP bool `mapstructure:"http"` @@ -80,7 +81,9 @@ func (k *KeyLoader) GetOutgoingCertificate(*tls.ClientHelloInfo) (*tls.Certifica func (t *TLSConfig) GetKeyLoader() *KeyLoader { // If the keyloader has not yet been initialized, do it here if t.KeyLoader == nil { + t.configLock.Lock() t.KeyLoader = &KeyLoader{} + t.configLock.Unlock() } return t.KeyLoader }