Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement automatic reload of TLS certificates after a crash #4658

Closed
5 tasks
renecannao opened this issue Sep 19, 2024 · 0 comments · Fixed by #4660
Closed
5 tasks

Implement automatic reload of TLS certificates after a crash #4658

renecannao opened this issue Sep 19, 2024 · 0 comments · Fixed by #4660

Comments

@renecannao
Copy link
Contributor

If you are submitting a reproducible bug report, please provide:

  • A clear description of the issue

ProxySQL_create_or_load_TLS() is called by proxysql during the initial bootstrap, and certificates are stored in memory.
When the process forks, the child process will inherit the certificates stored in memory.
Any call to PROXYSQL RELOAD TLS will load new certificates on the child process, but not on the parent process.
Thus, after a crash, when restarting the child will inherit the original certificates.

  • ProxySQL version

All up to latest (2.7.0)

  • OS version

Any

  • The steps to reproduce the issue
  • start proxysql in background
  • generate and load new TLS certificates with PROXYSQL RELOAD TLS
  • crash it (kill it with -6 or -9)
  • proxysql should now have the old certificates loaded
  • Possible solution

In case of crash, call ProxySQL_create_or_load_TLS() in ProxySQL_daemonize_phase3() .

Unrelated enhancement in a relevant code path:
call_execute_on_exit_failure() can report an info message during a crash, suggesting the use of execute_on_exit_failure is not present.
renecannao added a commit that referenced this issue Sep 19, 2024
@renecannao
reload of TLS certificates after a crash #4658
c8ea955 
Closes #4658
@renecannao renecannao mentioned this issue Sep 19, 2024
Merged
renecannao added a commit that referenced this issue Sep 20, 2024
@renecannao
Merge pull request #4660 from sysown/v2.7-4658_4659
76e407e 
V2.7 features after crash: `--initial` and TLS reload , #4658 and #4659
renecannao added a commit that referenced this issue Sep 20, 2024
@renecannao
reload of TLS certificates after a crash #4658
abae58e 
Closes #4658
renecannao added a commit that referenced this issue Sep 25, 2024
@renecannao
Merge pull request #4663 from sysown/v3.0-4658_4659
9c77c61 
v3.0 features after crash: --initial and TLS reload , #4658 and #4659
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

V2.7 features after crash: --initial and TLS reload , #4658 and #4659 sysown/proxysql
1 participant
@renecannao