This commit implements full server configuration
reload when receiving a SIGHUP signal for the
stateless KES server.
Now, a (stateless) KES server listens for
SIGHUP events. When it receives such a signal it:
reads and parses its configuration file
initializes its TLS configuration (it also reloads its TLS certificate)
initializes the KES API (connects to the new keystore, sets up logging, monitoring, API handlers etc.)
When all of this completes successfully, it swaps
out the server's TLS configuration and HTTP handler atomically.
The implementation tries to minimize the lock
contention by holding a R/W lock for the TLS
config and HTTP handler. Only when it has assembled and initialized all KES server components, it
acquires the write lock and swaps the TLS config
and HTTP handler.
As part of this configuration reload change, quite some code got refactored:
There is now an https package which is supposed to contain functionality w.r.t. HTTP and TLS. The existing HTTP package is preserved for now but its functionally should either move into https or a new api package.
The logging package received some long outstanding refactoring and is now very close to the std lib log package adds some very specific features need by KES.
This commit implements full server configuration reload when receiving a SIGHUP signal for the stateless KES server.
Now, a (stateless) KES server listens for SIGHUP events. When it receives such a signal it:
When all of this completes successfully, it swaps out the server's TLS configuration and HTTP handler atomically.
The implementation tries to minimize the lock contention by holding a R/W lock for the TLS config and HTTP handler. Only when it has assembled and initialized all KES server components, it acquires the write lock and swaps the TLS config and HTTP handler.
As part of this configuration reload change, quite some code got refactored:
httpspackage which is supposed to contain functionality w.r.t. HTTP and TLS. The existingHTTPpackage is preserved for now but its functionally should either move intohttpsor a newapipackage.logpackage adds some very specific features need by KES.