[pbs-devel] [PATCH backup 5/7] proxy: implement 'reload-certificate' command

Dietmar Maurer dietmar at proxmox.com
Wed May 12 09:42:45 CEST 2021


Stupid questzioon, but why cant we do:

diff --git a/src/bin/proxmox-backup-proxy.rs b/src/bin/proxmox-backup-proxy.rs
index fc773459..29298a22 100644
--- a/src/bin/proxmox-backup-proxy.rs
+++ b/src/bin/proxmox-backup-proxy.rs
@@ -223,7 +223,6 @@ async fn accept_connection(
     // Note that these must not be moved out/modified directly, they get pinned in the loop and
     // "rearmed" after waking up:
     let mut reload_tls = notify_tls_cert_reload.notified();
-    let mut accept = listener.accept();
 
     loop {
         let sock;
@@ -231,7 +230,9 @@ async fn accept_connection(
         // normally we'd use `tokio::pin!()` but we need this to happen outside the loop and we
         // need to be able to "rearm" the futures:
         let reload_tls_pin = unsafe { Pin::new_unchecked(&mut reload_tls) };
-        let accept_pin = unsafe { Pin::new_unchecked(&mut accept) };
+        //let accept_pin = unsafe { Pin::new_unchecked(&mut accept) };
+        let accept = listener.accept();
+
         tokio::select! {
             _ = reload_tls_pin => {
                 // rearm the notification:
@@ -244,14 +245,14 @@ async fn accept_connection(
                 }
                 continue;
             }
-            res = accept_pin => match res {
+            res = accept => match res {
                 Err(err) => {
                     eprintln!("error accepting tcp connection: {}", err);
                     continue;
                 }
                 Ok((new_sock, _addr)) => {
                     // rearm the accept future:
-                    accept = listener.accept();
+                    //accept = listener.accept();
 
                     sock = new_sock;
                 }

>  async fn accept_connection(
>      listener: tokio::net::TcpListener,
> -    acceptor: Arc<openssl::ssl::SslAcceptor>,
> +    mut acceptor: Arc<openssl::ssl::SslAcceptor>,
>      debug: bool,
>      sender: tokio::sync::mpsc::Sender<ClientStreamResult>,
> +    notify_tls_cert_reload: Arc<tokio::sync::Notify>,
>  ) {
>      let accept_counter = Arc::new(());
>  
> +    // Note that these must not be moved out/modified directly, they get pinned in the loop and
> +    // "rearmed" after waking up:
> +    let mut reload_tls = notify_tls_cert_reload.notified();
> +    let mut accept = listener.accept();
> +
>      loop {
> -        let (sock, _addr) = match listener.accept().await {
> -            Ok(conn) => conn,
> -            Err(err) => {
> -                eprintln!("error accepting tcp connection: {}", err);
> +        let sock;
> +
> +        // normally we'd use `tokio::pin!()` but we need this to happen outside the loop and we
> +        // need to be able to "rearm" the futures:
> +        let reload_tls_pin = unsafe { Pin::new_unchecked(&mut reload_tls) };
> +        let accept_pin = unsafe { Pin::new_unchecked(&mut accept) };
> +        tokio::select! {
> +            _ = reload_tls_pin => {
> +                // rearm the notification:
> +                reload_tls = notify_tls_cert_reload.notified();
> +
> +                log::info!("reloading certificate");
> +                match make_tls_acceptor() {
> +                    Err(err) => eprintln!("error reloading certificate: {}", err),
> +                    Ok(new_acceptor) => acceptor = new_acceptor,
> +                }
>                  continue;
>              }
> +            res = accept_pin => match res {
> +                Err(err) => {
> +                    eprintln!("error accepting tcp connection: {}", err);
> +                    continue;
> +                }
> +                Ok((new_sock, _addr)) => {
> +                    // rearm the accept future:
> +                    accept = listener.accept();
> +
> +                    sock = new_sock;
> +                }
> +            }
>          };
>  
>          sock.set_nodelay(true).unwrap();
> -- 
> 2.20.1
> 
> 
> 
> _______________________________________________
> pbs-devel mailing list
> pbs-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pbs-devel





More information about the pbs-devel mailing list