reload agent configuration before specific server/client

lock keyloader before loading/caching a new certificate
hashicorp · Nov 2, 2017 · de37397 · de37397
1 parent fd204b4
commit de37397
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 5 deletions.
diff --git a/command/agent/command.go b/command/agent/command.go
@@ -645,6 +645,12 @@ func (c *Command) handleReload(config *Config) *Config {
 		newConf.LogLevel = config.LogLevel
 	}
 
+	// Reloads configuration for an agent running in both client and server mode
+	err := c.agent.Reload(newConf)
+	if err != nil {
+		c.agent.logger.Printf("[ERR] agent: failed to reload the config: %v", err)
+	}
+
 	if s := c.agent.Server(); s != nil {
 		sconf, err := convertServerConfig(newConf, c.logOutput)
 		if err != nil {
@@ -656,11 +662,6 @@ func (c *Command) handleReload(config *Config) *Config {
 		}
 	}
 
-	err := c.agent.Reload(newConf)
-	if err != nil {
-		c.agent.logger.Printf("[ERR] agent: failed to reload the config: %v", err)
-	}
-
 	return newConf
 }
 

diff --git a/nomad/structs/config/tls.go b/nomad/structs/config/tls.go
@@ -3,6 +3,7 @@ package config
 import (
 	"crypto/tls"
 	"fmt"
+	"sync"
 )
 
 // TLSConfig provides TLS related configuration
@@ -42,6 +43,7 @@ type TLSConfig struct {
 }
 
 type KeyLoader struct {
+	cacheLock   sync.Mutex
 	Certificate *tls.Certificate
 }
 
@@ -59,6 +61,9 @@ func (k *KeyLoader) LoadKeyPair(certFile, keyFile string) (*tls.Certificate, err
 		return nil, fmt.Errorf("Failed to load cert/key pair: %v", err)
 	}
 
+	k.cacheLock.Lock()
+	defer k.cacheLock.Unlock()
+
 	k.Certificate = &cert
 	return k.Certificate, nil
 }