+2324. [func] razvan
+ It is not necessary to restart the server to apply changes in the
+ TLS configuration. Running the "config-reload" command is
+ sufficient.
+ (Gitlab #3694)
+
Kea 2.7.6 (development) released on January 29, 2025
2323. [func]* fdupont
extern const isc::log::MessageID CTRL_AGENT_FAILED = "CTRL_AGENT_FAILED";
extern const isc::log::MessageID CTRL_AGENT_HTTPS_SERVICE_REUSED = "CTRL_AGENT_HTTPS_SERVICE_REUSED";
extern const isc::log::MessageID CTRL_AGENT_HTTPS_SERVICE_STARTED = "CTRL_AGENT_HTTPS_SERVICE_STARTED";
+extern const isc::log::MessageID CTRL_AGENT_HTTPS_SERVICE_UPDATED = "CTRL_AGENT_HTTPS_SERVICE_UPDATED";
extern const isc::log::MessageID CTRL_AGENT_HTTP_SERVICE_REUSED = "CTRL_AGENT_HTTP_SERVICE_REUSED";
extern const isc::log::MessageID CTRL_AGENT_HTTP_SERVICE_STARTED = "CTRL_AGENT_HTTP_SERVICE_STARTED";
extern const isc::log::MessageID CTRL_AGENT_RUN_EXIT = "CTRL_AGENT_RUN_EXIT";
"CTRL_AGENT_FAILED", "application experienced a fatal error: %1",
"CTRL_AGENT_HTTPS_SERVICE_REUSED", "reused HTTPS service bound to address %1:%2",
"CTRL_AGENT_HTTPS_SERVICE_STARTED", "HTTPS service bound to address %1:%2",
+ "CTRL_AGENT_HTTPS_SERVICE_UPDATED", "reused HTTPS service bound to address %1:%2 and updated TLS settings",
"CTRL_AGENT_HTTP_SERVICE_REUSED", "reused HTTP service bound to address %1:%2",
"CTRL_AGENT_HTTP_SERVICE_STARTED", "HTTP service bound to address %1:%2",
"CTRL_AGENT_RUN_EXIT", "application is exiting the event loop",
extern const isc::log::MessageID CTRL_AGENT_FAILED;
extern const isc::log::MessageID CTRL_AGENT_HTTPS_SERVICE_REUSED;
extern const isc::log::MessageID CTRL_AGENT_HTTPS_SERVICE_STARTED;
+extern const isc::log::MessageID CTRL_AGENT_HTTPS_SERVICE_UPDATED;
extern const isc::log::MessageID CTRL_AGENT_HTTP_SERVICE_REUSED;
extern const isc::log::MessageID CTRL_AGENT_HTTP_SERVICE_STARTED;
extern const isc::log::MessageID CTRL_AGENT_RUN_EXIT;
on the specified address and port. All control commands should be sent to this
address and port over a TLS channel.
+% CTRL_AGENT_HTTPS_SERVICE_UPDATED reused HTTPS service bound to address %1:%2 and updated TLS settings
+This informational message indicates that the server has reused existing
+HTTPS service on the specified address and port. Note that any change in
+the TLS setup has been applied.
+
% CTRL_AGENT_HTTP_SERVICE_REUSED reused HTTP service bound to address %1:%2
This informational message indicates that the server has reused existing
HTTP service on the specified address and port.
if (listener->getTlsContext()) {
if (ctx->getTrustAnchor().empty()) {
// Can not switch from HTTPS to HTTP
- LOG_INFO(agent_logger, CTRL_AGENT_HTTPS_SERVICE_REUSED)
+ LOG_ERROR(agent_logger, CTRL_AGENT_HTTPS_SERVICE_REUSED)
.arg(server_address.toText())
.arg(server_port);
} else {
it->second->config_->setAuthConfig(ctx->getAuthConfig());
it->second->config_->setHttpHeaders(ctx->getHttpHeaders());
getIOService()->post([listener, tls_context]() { listener->setTlsContext(tls_context); });
+ LOG_INFO(agent_logger, CTRL_AGENT_HTTPS_SERVICE_UPDATED)
+ .arg(server_address.toText())
+ .arg(server_port);
}
} else if (!ctx->getTrustAnchor().empty()) {
// Can not switch from HTTP to HTTPS
- LOG_INFO(agent_logger, CTRL_AGENT_HTTP_SERVICE_REUSED)
+ LOG_ERROR(agent_logger, CTRL_AGENT_HTTP_SERVICE_REUSED)
.arg(server_address.toText())
.arg(server_port);
}
// We have stopped listeners but there may be some pending handlers
// related to these listeners. Need to invoke these handlers.
try {
- getIOService()->pollOne();
+ getIOService()->poll();
} catch (...) {
}
}
extern const isc::log::MessageID COMMAND_WATCH_SOCKET_CLOSE_ERROR = "COMMAND_WATCH_SOCKET_CLOSE_ERROR";
extern const isc::log::MessageID COMMAND_WATCH_SOCKET_MARK_READY_ERROR = "COMMAND_WATCH_SOCKET_MARK_READY_ERROR";
extern const isc::log::MessageID HTTP_COMMAND_MGR_HTTPS_SERVICE_REUSED = "HTTP_COMMAND_MGR_HTTPS_SERVICE_REUSED";
+extern const isc::log::MessageID HTTP_COMMAND_MGR_HTTPS_SERVICE_UPDATED = "HTTP_COMMAND_MGR_HTTPS_SERVICE_UPDATED";
extern const isc::log::MessageID HTTP_COMMAND_MGR_HTTP_SERVICE_REUSED = "HTTP_COMMAND_MGR_HTTP_SERVICE_REUSED";
extern const isc::log::MessageID HTTP_COMMAND_MGR_SERVICE_STARTED = "HTTP_COMMAND_MGR_SERVICE_STARTED";
extern const isc::log::MessageID HTTP_COMMAND_MGR_SERVICE_STOPPING = "HTTP_COMMAND_MGR_SERVICE_STOPPING";
-extern const isc::log::MessageID HTTP_COMMAND_MGR_SERVICE_STOPPING_ALL = "HTTP_COMMAND_MGR_SERVICE_STOPPING_ALL";
-extern const isc::log::MessageID HTTP_COMMAND_MGR_SERVICE_STOPPING_NO_DATA = "HTTP_COMMAND_MGR_SERVICE_STOPPING_NO_DATA";
} // namespace config
} // namespace isc
"COMMAND_WATCH_SOCKET_CLOSE_ERROR", "watch socket failed to close: %1",
"COMMAND_WATCH_SOCKET_MARK_READY_ERROR", "watch socket failed to mark ready: %1",
"HTTP_COMMAND_MGR_HTTPS_SERVICE_REUSED", "reused HTTPS service bound to address %1:%2",
+ "HTTP_COMMAND_MGR_HTTPS_SERVICE_UPDATED", "reused HTTPS service bound to address %1:%2 and updated TLS settings",
"HTTP_COMMAND_MGR_HTTP_SERVICE_REUSED", "reused HTTP service bound to address %1:%2",
"HTTP_COMMAND_MGR_SERVICE_STARTED", "started %1 service bound to address %2 port %3",
"HTTP_COMMAND_MGR_SERVICE_STOPPING", "Server is stopping %1 service %2",
- "HTTP_COMMAND_MGR_SERVICE_STOPPING_ALL", "stopping %1 service %2",
- "HTTP_COMMAND_MGR_SERVICE_STOPPING_NO_DATA", "Server is stopping all services including %1 service %2",
NULL
};
extern const isc::log::MessageID COMMAND_WATCH_SOCKET_CLOSE_ERROR;
extern const isc::log::MessageID COMMAND_WATCH_SOCKET_MARK_READY_ERROR;
extern const isc::log::MessageID HTTP_COMMAND_MGR_HTTPS_SERVICE_REUSED;
+extern const isc::log::MessageID HTTP_COMMAND_MGR_HTTPS_SERVICE_UPDATED;
extern const isc::log::MessageID HTTP_COMMAND_MGR_HTTP_SERVICE_REUSED;
extern const isc::log::MessageID HTTP_COMMAND_MGR_SERVICE_STARTED;
extern const isc::log::MessageID HTTP_COMMAND_MGR_SERVICE_STOPPING;
-extern const isc::log::MessageID HTTP_COMMAND_MGR_SERVICE_STOPPING_ALL;
-extern const isc::log::MessageID HTTP_COMMAND_MGR_SERVICE_STOPPING_NO_DATA;
} // namespace config
} // namespace isc
HTTPS service on the specified address and port. Note that any change in
the TLS setup was ignored.
+% HTTP_COMMAND_MGR_HTTPS_SERVICE_UPDATED reused HTTPS service bound to address %1:%2 and updated TLS settings
+This informational message indicates that the server has reused existing
+HTTPS service on the specified address and port. Note that any change in
+the TLS setup has been applied.
+
% HTTP_COMMAND_MGR_HTTP_SERVICE_REUSED reused HTTP service bound to address %1:%2
This informational message indicates that the server has reused existing
HTTP service on the specified address and port.
% HTTP_COMMAND_MGR_SERVICE_STOPPING Server is stopping %1 service %2
This informational message indicates that the server has stopped
HTTP/HTTPS service. When known the address and port are displayed.
-
-% HTTP_COMMAND_MGR_SERVICE_STOPPING_ALL stopping %1 service %2
-This informational message indicates that the server has stopped
-HTTP/HTTPS service. When known the address and port are displayed.
-
-% HTTP_COMMAND_MGR_SERVICE_STOPPING_NO_DATA Server is stopping all services including %1 service %2
-This informational message indicates that the server is stopping all
-HTTP/HTTPS services. When known the address and port are displayed for
-each service.
void closeCommandSocket(HttpSocketInfoPtr info, bool remove);
/// @brief Close control socket.
- void closeCommandSockets();
+ ///
+ /// @param remove When true remove the listeners immediately.
+ void closeCommandSockets(bool remove = true);
/// @brief Returns a const pointer to the HTTP listener.
///
if (listener->getTlsContext()) {
if (cmd_config->getTrustAnchor().empty()) {
// Can not switch from HTTPS to HTTP
- LOG_INFO(command_logger, HTTP_COMMAND_MGR_HTTPS_SERVICE_REUSED)
+ LOG_ERROR(command_logger, HTTP_COMMAND_MGR_HTTPS_SERVICE_REUSED)
.arg(server_address.toText())
.arg(server_port);
} else {
it->second->config_->setHttpHeaders(cmd_config->getHttpHeaders());
it->second->config_->setEmulateAgentResponse(cmd_config->getEmulateAgentResponse());
io_service_->post([listener, tls_context]() { listener->setTlsContext(tls_context); });
+ LOG_INFO(command_logger, HTTP_COMMAND_MGR_HTTPS_SERVICE_UPDATED)
+ .arg(server_address.toText())
+ .arg(server_port);
}
} else if (!cmd_config->getTrustAnchor().empty()) {
// Can not switch from HTTP to HTTPS
- LOG_INFO(command_logger, HTTP_COMMAND_MGR_HTTP_SERVICE_REUSED)
+ LOG_ERROR(command_logger, HTTP_COMMAND_MGR_HTTP_SERVICE_REUSED)
.arg(server_address.toText())
.arg(server_port);
}
sockets_.erase(it);
}
}
- } else {
- for (auto const& data : sockets_) {
- ostringstream ep;
- use_https = !data.second->config_->getCertFile().empty();
- ep << "bound to address " << data.second->config_->getSocketAddress()
- << " port " << data.second->config_->getSocketPort();
-
- LOG_INFO(command_logger, HTTP_COMMAND_MGR_SERVICE_STOPPING_NO_DATA)
- .arg(use_https ? "HTTPS" : "HTTP")
- .arg(ep.str());
- data.second->listener_->stop();
+ // We have stopped listeners but there may be some pending handlers
+ // related to these listeners. Need to invoke these handlers.
+ try {
+ io_service_->pollOne();
+ } catch (...) {
}
- if (remove) {
- sockets_.clear();
- }
- }
- // We have stopped listeners but there may be some pending handlers
- // related to these listeners. Need to invoke these handlers.
- try {
- io_service_->pollOne();
- } catch (...) {
+ } else {
+ closeCommandSockets(remove);
}
}
void
-HttpCommandMgrImpl::closeCommandSockets() {
- bool use_https = false;
- for (auto const& data : sockets_) {
- ostringstream ep;
- use_https = !data.second->config_->getCertFile().empty();
- ep << "bound to address " << data.second->config_->getSocketAddress()
- << " port " << data.second->config_->getSocketPort();
-
- LOG_INFO(command_logger, HTTP_COMMAND_MGR_SERVICE_STOPPING_ALL)
- .arg(use_https ? "HTTPS" : "HTTP")
- .arg(ep.str());
- data.second->listener_->stop();
- }
- sockets_.clear();
- // We have stopped listeners but there may be some pending handlers
- // related to these listeners. Need to invoke these handlers.
- try {
- io_service_->pollOne();
- } catch (...) {
+HttpCommandMgrImpl::closeCommandSockets(bool remove) {
+ auto copy = sockets_;
+ for (auto const& data : copy) {
+ closeCommandSocket(data.second, remove);
}
}
/// Creates http/https listener, or reuses the existing one reapplying
/// changes.
///
+ /// @note This function in used internally by @ref openCommandSockets and it
+ /// should not be used directly, except for unittests.
+ ///
/// @param config Configuration information for the http control socket.
void openCommandSocket(const isc::data::ConstElementPtr config);
/// @brief Close http control socket.
///
+ /// @note This function in used internally by @ref closeCommandSockets and it
+ /// should not be used directly, except for unittests.
+ ///
/// @param info Configuration information for the http control socket.
/// @param remove When true remove the listeners immediately.
void closeCommandSocket(HttpSocketInfoPtr info = HttpSocketInfoPtr(), bool remove = true);
void closeCommandSocket(UnixSocketInfoPtr info);
/// @brief Shuts down any open unix control sockets
- void closeCommandSockets();
+ ///
+ /// @param remove When true remove the listeners immediately.
+ void closeCommandSockets(bool remove = true);
/// @brief Asynchronously accepts next connection.
///
if (it != sockets_.end()) {
sockets_.erase(it);
}
- } else {
- for (auto const& data : sockets_) {
- if (data.second->acceptor_ && data.second->acceptor_->isOpen()) {
- if (use_external_) {
- IfaceMgr::instance().deleteExternalSocket(data.second->acceptor_->getNative());
- }
- data.second->acceptor_->close();
- static_cast<void>(::remove(data.second->config_->getSocketName().c_str()));
- static_cast<void>(::remove(data.second->config_->getLockName().c_str()));
- }
-
- // Stop all connections which can be closed. The only connection that won't
- // be closed is the one over which we have received a request to reconfigure
- // the server. This connection will be held until the UnixCommandMgr
- // responds to such request.
- connection_pool_.stopAll();
- if (data.second->lock_fd_ != -1) {
- close(data.second->lock_fd_);
- data.second->lock_fd_ = -1;
- }
+ try {
+ io_service_->pollOne();
+ } catch (...) {
}
- }
- try {
- io_service_->pollOne();
- } catch (...) {
+ } else {
+ closeCommandSockets(false);
}
}
void
-UnixCommandMgrImpl::closeCommandSockets() {
- for (auto const& data : sockets_) {
- if (data.second->acceptor_ && data.second->acceptor_->isOpen()) {
- if (use_external_) {
- IfaceMgr::instance().deleteExternalSocket(data.second->acceptor_->getNative());
- }
- data.second->acceptor_->close();
- static_cast<void>(::remove(data.second->config_->getSocketName().c_str()));
- static_cast<void>(::remove(data.second->config_->getLockName().c_str()));
- }
-
- // Stop all connections which can be closed. The only connection that won't
- // be closed is the one over which we have received a request to reconfigure
- // the server. This connection will be held until the UnixCommandMgr
- // responds to such request.
- connection_pool_.stopAll();
- if (data.second->lock_fd_ != -1) {
- close(data.second->lock_fd_);
- data.second->lock_fd_ = -1;
- }
+UnixCommandMgrImpl::closeCommandSockets(bool remove) {
+ auto copy = sockets_;
+ for (auto const& data : copy) {
+ closeCommandSocket(data.second);
}
- try {
- io_service_->pollOne();
- } catch (...) {
+ if (remove) {
+ sockets_.clear();
}
- sockets_.clear();
}
void
///
/// Creates acceptor, or reuses the existing one.
///
+ /// @note This function in used internally by @ref openCommandSockets and it
+ /// should not be used directly, except for unittests.
+ ///
/// @throw BadSocketInfo When socket configuration is invalid.
/// @throw SocketError When socket operation fails.
///
/// @brief Shuts down any open unix control sockets.
///
+ /// @note This function in used internally by @ref closeCommandSockets and it
+ /// should not be used directly, except for unittests.
+ ///
/// @param config Configuration information for the unix control socket.
void closeCommandSocket(UnixSocketInfoPtr info = UnixSocketInfoPtr());
projects / thirdparty / kea.git / commitdiff
