-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Jetty's live cert reload on HTTPS frontend #7355
Conversation
Signed-off-by: Marcus Sorensen <mls@apple.com>
Codecov Report
@@ Coverage Diff @@
## main #7355 +/- ##
=========================================
Coverage 12.68% 12.68%
Complexity 8656 8656
=========================================
Files 2718 2718
Lines 256169 256169
Branches 39932 39932
=========================================
Hits 32504 32504
Misses 219531 219531
Partials 4134 4134 📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
code lgtm
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code LGTM - but haven't tested it.
Kudos, SonarCloud Quality Gate passed! |
Merging based on 2x LGTM and manual testing of feature. |
Sorry @mlsorensen per community guidelines, there were no @blueorangutan smoketests were performed and generally, it's not preferred that PR author serves manual tests. However, it's possible there's no regression as smoketests in Github Actions against simulator have passed. I'll kick a round of BO smoketests on #7344 |
* Support Jetty's live cert reload Signed-off-by: Marcus Sorensen <mls@apple.com> * Update ServerDaemon.java --------- Signed-off-by: Marcus Sorensen <mls@apple.com> Co-authored-by: Marcus Sorensen <mls@apple.com>
* Support Jetty's live cert reload Signed-off-by: Marcus Sorensen <mls@apple.com> * Update ServerDaemon.java --------- Signed-off-by: Marcus Sorensen <mls@apple.com> Co-authored-by: Marcus Sorensen <mls@apple.com>
* Support Jetty's live cert reload Signed-off-by: Marcus Sorensen <mls@apple.com> * Update ServerDaemon.java --------- Signed-off-by: Marcus Sorensen <mls@apple.com> Co-authored-by: Marcus Sorensen <mls@apple.com> (cherry picked from commit 9ca5f28) Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Description
This PR implements Jetty's hot certificate reload per jetty/jetty.project#5042
When the keystore changes, the API server begins using the new certificate. Note that this functionality doesn't support live change of keystore password, only certificate.
Types of changes
Feature/Enhancement Scale or Bug Severity
Feature/Enhancement Scale
Bug Severity
Screenshots (if appropriate):
How Has This Been Tested?
Tested locally with self-signed certs. Changed the cert in the keystore while management server was running, reloaded the website, and inspected the https certificate.
Tested against
cmk
, which continued to function after the cert change. Also tested against UI - website needed to be refreshed due to browser security. Perhaps a future enhancement would catch these errors and auto-refresh?Here you can see the local cloudstack management server using a new cert after it is loaded into a keystore:
change cert
check cert