func newServer(s *state.State, lis *net.TCPListener, cfg ServerConfig) (_ *Server, err error) { tlsCert, err := tls.X509KeyPair(cfg.Cert, cfg.Key) if err != nil { return nil, err } stPool := cfg.StatePool if stPool == nil { stPool = state.NewStatePool(s) } srv := &Server{ clock: cfg.Clock, newObserver: cfg.NewObserver, state: s, statePool: stPool, lis: newChangeCertListener(lis, cfg.CertChanged, tlsCert), tag: cfg.Tag, dataDir: cfg.DataDir, logDir: cfg.LogDir, limiter: utils.NewLimiter(loginRateLimit), validator: cfg.Validator, adminAPIFactories: map[int]adminAPIFactory{ 3: newAdminAPIV3, }, } srv.authCtxt, err = newAuthContext(s) if err != nil { return nil, errors.Trace(err) } go srv.run() return srv, nil }
func newServer(s *state.State, lis *net.TCPListener, cfg ServerConfig) (_ *Server, err error) { tlsCert, err := tls.X509KeyPair(cfg.Cert, cfg.Key) if err != nil { return nil, err } // TODO(rog) check that *srvRoot is a valid type for using // as an RPC server. tlsConfig := &tls.Config{ Certificates: []tls.Certificate{tlsCert}, MinVersion: tls.VersionTLS10, } srv := &Server{ state: s, statePool: state.NewStatePool(s), lis: newChangeCertListener(lis, cfg.CertChanged, tlsConfig), tag: cfg.Tag, dataDir: cfg.DataDir, logDir: cfg.LogDir, limiter: utils.NewLimiter(loginRateLimit), validator: cfg.Validator, adminApiFactories: map[int]adminApiFactory{ 3: newAdminApiV3, }, } srv.authCtxt, err = newAuthContext(s) if err != nil { return nil, errors.Trace(err) } go srv.run() return srv, nil }
func newServer(s *state.State, lis *net.TCPListener, cfg ServerConfig) (_ *Server, err error) { logger.Infof("listening on %q", lis.Addr()) srv := &Server{ state: s, statePool: state.NewStatePool(s), addr: lis.Addr().(*net.TCPAddr), // cannot fail tag: cfg.Tag, dataDir: cfg.DataDir, logDir: cfg.LogDir, limiter: utils.NewLimiter(loginRateLimit), validator: cfg.Validator, adminApiFactories: map[int]adminApiFactory{ 0: newAdminApiV0, 1: newAdminApiV1, 2: newAdminApiV2, }, } srv.authCtxt = newAuthContext(srv) tlsCert, err := tls.X509KeyPair(cfg.Cert, cfg.Key) if err != nil { return nil, err } // TODO(rog) check that *srvRoot is a valid type for using // as an RPC server. tlsConfig := tls.Config{ Certificates: []tls.Certificate{tlsCert}, } changeCertListener := newChangeCertListener(lis, cfg.CertChanged, tlsConfig) go srv.run(changeCertListener) return srv, nil }
func (*limiterSuite) TestAcquireWaitBlocksUntilRelease(c *gc.C) { l := utils.NewLimiter(2) calls := make([]string, 0, 10) start := make(chan bool, 0) waiting := make(chan bool, 0) done := make(chan bool, 0) go func() { <-start calls = append(calls, fmt.Sprintf("%v", l.Acquire())) calls = append(calls, fmt.Sprintf("%v", l.Acquire())) calls = append(calls, fmt.Sprintf("%v", l.Acquire())) waiting <- true l.AcquireWait() calls = append(calls, "waited") calls = append(calls, fmt.Sprintf("%v", l.Acquire())) done <- true }() // Start the routine, and wait for it to get to the first checkpoint start <- true select { case <-waiting: case <-time.After(longWait): c.Fatalf("timed out waiting for 'waiting' to trigger") } c.Check(l.Acquire(), jc.IsFalse) l.Release() select { case <-done: case <-time.After(longWait): c.Fatalf("timed out waiting for 'done' to trigger") } c.Check(calls, gc.DeepEquals, []string{"true", "true", "false", "waited", "false"}) }
// NewServer serves the given state by accepting requests on the given // listener, using the given certificate and key (in PEM format) for // authentication. func NewServer(s *state.State, lis net.Listener, cfg ServerConfig) (*Server, error) { logger.Infof("listening on %q", lis.Addr()) tlsCert, err := tls.X509KeyPair(cfg.Cert, cfg.Key) if err != nil { return nil, err } _, listeningPort, err := net.SplitHostPort(lis.Addr().String()) if err != nil { return nil, err } srv := &Server{ state: s, addr: net.JoinHostPort("localhost", listeningPort), dataDir: cfg.DataDir, logDir: cfg.LogDir, limiter: utils.NewLimiter(loginRateLimit), validator: cfg.Validator, } // TODO(rog) check that *srvRoot is a valid type for using // as an RPC server. lis = tls.NewListener(lis, &tls.Config{ Certificates: []tls.Certificate{tlsCert}, }) go srv.run(lis) return srv, nil }
func (*limiterSuite) TestAcquireAndRelease(c *gc.C) { l := utils.NewLimiter(2) c.Check(l.Acquire(), jc.IsTrue) c.Check(l.Acquire(), jc.IsTrue) c.Check(l.Acquire(), jc.IsFalse) c.Check(l.Release(), gc.IsNil) c.Check(l.Acquire(), jc.IsTrue) c.Check(l.Release(), gc.IsNil) c.Check(l.Release(), gc.IsNil) c.Check(l.Release(), gc.ErrorMatches, "Release without an associated Acquire") }
func newServer(s *state.State, lis net.Listener, cfg ServerConfig) (_ *Server, err error) { stPool := cfg.StatePool if stPool == nil { stPool = state.NewStatePool(s) } srv := &Server{ clock: cfg.Clock, pingClock: cfg.pingClock(), lis: lis, newObserver: cfg.NewObserver, state: s, statePool: stPool, tag: cfg.Tag, dataDir: cfg.DataDir, logDir: cfg.LogDir, limiter: utils.NewLimiter(loginRateLimit), validator: cfg.Validator, adminAPIFactories: map[int]adminAPIFactory{ 3: newAdminAPIV3, }, certChanged: cfg.CertChanged, allowModelAccess: cfg.AllowModelAccess, } srv.tlsConfig = srv.newTLSConfig(cfg) srv.lis = tls.NewListener(lis, srv.tlsConfig) srv.authCtxt, err = newAuthContext(s) if err != nil { return nil, errors.Trace(err) } if err := srv.updateCertificate(cfg.Cert, cfg.Key); err != nil { return nil, errors.Annotatef(err, "cannot set initial certificate") } go srv.run() return srv, nil }
func (*limiterSuite) TestBadRelease(c *gc.C) { l := utils.NewLimiter(2) c.Check(l.Release(), gc.ErrorMatches, "Release without an associated Acquire") }
func (*limiterSuite) TestAcquireUntilFull(c *gc.C) { l := utils.NewLimiter(2) c.Check(l.Acquire(), jc.IsTrue) c.Check(l.Acquire(), jc.IsTrue) c.Check(l.Acquire(), jc.IsFalse) }