func newServer(s *state.State, lis *net.TCPListener, cfg ServerConfig) (_ *Server, err error) {
tlsCert, err := tls.X509KeyPair(cfg.Cert, cfg.Key)
if err != nil {
return nil, err
}
stPool := cfg.StatePool
if stPool == nil {
stPool = state.NewStatePool(s)
}
srv := &Server{
clock: cfg.Clock,
newObserver: cfg.NewObserver,
state: s,
statePool: stPool,
lis: newChangeCertListener(lis, cfg.CertChanged, tlsCert),
tag: cfg.Tag,
dataDir: cfg.DataDir,
logDir: cfg.LogDir,
limiter: utils.NewLimiter(loginRateLimit),
validator: cfg.Validator,
adminAPIFactories: map[int]adminAPIFactory{
3: newAdminAPIV3,
},
}
srv.authCtxt, err = newAuthContext(s)
if err != nil {
return nil, errors.Trace(err)
}
go srv.run()
return srv, nil
}
func newServer(s *state.State, lis *net.TCPListener, cfg ServerConfig) (_ *Server, err error) {
tlsCert, err := tls.X509KeyPair(cfg.Cert, cfg.Key)
if err != nil {
return nil, err
}
// TODO(rog) check that *srvRoot is a valid type for using
// as an RPC server.
tlsConfig := &tls.Config{
Certificates: []tls.Certificate{tlsCert},
MinVersion: tls.VersionTLS10,
}
srv := &Server{
state: s,
statePool: state.NewStatePool(s),
lis: newChangeCertListener(lis, cfg.CertChanged, tlsConfig),
tag: cfg.Tag,
dataDir: cfg.DataDir,
logDir: cfg.LogDir,
limiter: utils.NewLimiter(loginRateLimit),
validator: cfg.Validator,
adminApiFactories: map[int]adminApiFactory{
3: newAdminApiV3,
},
}
srv.authCtxt, err = newAuthContext(s)
if err != nil {
return nil, errors.Trace(err)
}
go srv.run()
return srv, nil
}
func newServer(s *state.State, lis *net.TCPListener, cfg ServerConfig) (_ *Server, err error) {
logger.Infof("listening on %q", lis.Addr())
srv := &Server{
state: s,
statePool: state.NewStatePool(s),
addr: lis.Addr().(*net.TCPAddr), // cannot fail
tag: cfg.Tag,
dataDir: cfg.DataDir,
logDir: cfg.LogDir,
limiter: utils.NewLimiter(loginRateLimit),
validator: cfg.Validator,
adminApiFactories: map[int]adminApiFactory{
0: newAdminApiV0,
1: newAdminApiV1,
2: newAdminApiV2,
},
}
srv.authCtxt = newAuthContext(srv)
tlsCert, err := tls.X509KeyPair(cfg.Cert, cfg.Key)
if err != nil {
return nil, err
}
// TODO(rog) check that *srvRoot is a valid type for using
// as an RPC server.
tlsConfig := tls.Config{
Certificates: []tls.Certificate{tlsCert},
}
changeCertListener := newChangeCertListener(lis, cfg.CertChanged, tlsConfig)
go srv.run(changeCertListener)
return srv, nil
}
func (*limiterSuite) TestAcquireWaitBlocksUntilRelease(c *gc.C) {
l := utils.NewLimiter(2)
calls := make([]string, 0, 10)
start := make(chan bool, 0)
waiting := make(chan bool, 0)
done := make(chan bool, 0)
go func() {
<-start
calls = append(calls, fmt.Sprintf("%v", l.Acquire()))
calls = append(calls, fmt.Sprintf("%v", l.Acquire()))
calls = append(calls, fmt.Sprintf("%v", l.Acquire()))
waiting <- true
l.AcquireWait()
calls = append(calls, "waited")
calls = append(calls, fmt.Sprintf("%v", l.Acquire()))
done <- true
}()
// Start the routine, and wait for it to get to the first checkpoint
start <- true
select {
case <-waiting:
case <-time.After(longWait):
c.Fatalf("timed out waiting for 'waiting' to trigger")
}
c.Check(l.Acquire(), jc.IsFalse)
l.Release()
select {
case <-done:
case <-time.After(longWait):
c.Fatalf("timed out waiting for 'done' to trigger")
}
c.Check(calls, gc.DeepEquals, []string{"true", "true", "false", "waited", "false"})
}
// NewServer serves the given state by accepting requests on the given
// listener, using the given certificate and key (in PEM format) for
// authentication.
func NewServer(s *state.State, lis net.Listener, cfg ServerConfig) (*Server, error) {
logger.Infof("listening on %q", lis.Addr())
tlsCert, err := tls.X509KeyPair(cfg.Cert, cfg.Key)
if err != nil {
return nil, err
}
_, listeningPort, err := net.SplitHostPort(lis.Addr().String())
if err != nil {
return nil, err
}
srv := &Server{
state: s,
addr: net.JoinHostPort("localhost", listeningPort),
dataDir: cfg.DataDir,
logDir: cfg.LogDir,
limiter: utils.NewLimiter(loginRateLimit),
validator: cfg.Validator,
}
// TODO(rog) check that *srvRoot is a valid type for using
// as an RPC server.
lis = tls.NewListener(lis, &tls.Config{
Certificates: []tls.Certificate{tlsCert},
})
go srv.run(lis)
return srv, nil
}
func (*limiterSuite) TestAcquireAndRelease(c *gc.C) {
l := utils.NewLimiter(2)
c.Check(l.Acquire(), jc.IsTrue)
c.Check(l.Acquire(), jc.IsTrue)
c.Check(l.Acquire(), jc.IsFalse)
c.Check(l.Release(), gc.IsNil)
c.Check(l.Acquire(), jc.IsTrue)
c.Check(l.Release(), gc.IsNil)
c.Check(l.Release(), gc.IsNil)
c.Check(l.Release(), gc.ErrorMatches, "Release without an associated Acquire")
}
func newServer(s *state.State, lis net.Listener, cfg ServerConfig) (_ *Server, err error) {
stPool := cfg.StatePool
if stPool == nil {
stPool = state.NewStatePool(s)
}
srv := &Server{
clock: cfg.Clock,
pingClock: cfg.pingClock(),
lis: lis,
newObserver: cfg.NewObserver,
state: s,
statePool: stPool,
tag: cfg.Tag,
dataDir: cfg.DataDir,
logDir: cfg.LogDir,
limiter: utils.NewLimiter(loginRateLimit),
validator: cfg.Validator,
adminAPIFactories: map[int]adminAPIFactory{
3: newAdminAPIV3,
},
certChanged: cfg.CertChanged,
allowModelAccess: cfg.AllowModelAccess,
}
srv.tlsConfig = srv.newTLSConfig(cfg)
srv.lis = tls.NewListener(lis, srv.tlsConfig)
srv.authCtxt, err = newAuthContext(s)
if err != nil {
return nil, errors.Trace(err)
}
if err := srv.updateCertificate(cfg.Cert, cfg.Key); err != nil {
return nil, errors.Annotatef(err, "cannot set initial certificate")
}
go srv.run()
return srv, nil
}
func (*limiterSuite) TestBadRelease(c *gc.C) {
l := utils.NewLimiter(2)
c.Check(l.Release(), gc.ErrorMatches, "Release without an associated Acquire")
}
func (*limiterSuite) TestAcquireUntilFull(c *gc.C) {
l := utils.NewLimiter(2)
c.Check(l.Acquire(), jc.IsTrue)
c.Check(l.Acquire(), jc.IsTrue)
c.Check(l.Acquire(), jc.IsFalse)
}