Merge pull request #71 from hug-dev/reloading

Add SIGHUP signal handling to reload configuration

Author: hug-dev

.github/workflows/ci.yml

@@ -47,22 +47,16 @@ jobs:
     steps:
     - uses: actions/checkout@v1
     - run: cargo build --verbose
-    - name: Tests executed before the shutdown
-      run: |
+    - run: |
         RUST_BACKTRACE=1 RUST_LOG=info cargo run &
         SERVER_PID=$!
         cargo test --test persistent-before
-        kill $SERVER_PID
-    # Create a fake mapping file for the root application, the Mbed Provider and
-    # a key name of "Test Key". It contains a valid PSA Key ID.
-    # It is tested in test "should_have_been_deleted".
-    - name: Create a fake mapping file
-      run: |
+        # Create a fake mapping file for the root application, the Mbed Provider and
+        # a key name of "Test Key". It contains a valid PSA Key ID.
+        # It is tested in test "should_have_been_deleted".
         mkdir -p mappings/cm9vdA==/1 || exit 1
         printf '\xe0\x19\xb2\x5c' > mappings/cm9vdA==/1/VGVzdCBLZXk\=
-    - name: Tests executed after the shutdown
-      run: |
-        RUST_BACKTRACE=1 RUST_LOG=info cargo run &
+        kill -s SIGHUP $SERVER_PID
         cargo test --test persistent-after
 
   stress-test:

src/bin/main.rs

@@ -14,7 +14,7 @@
 // limitations under the License.
 use log::info;
 use parsec::utils::{ServiceBuilder, ServiceConfig};
-use signal_hook::{flag, SIGTERM};
+use signal_hook::{flag, SIGHUP, SIGTERM};
 use std::io::Error;
 use std::sync::{
     atomic::{AtomicBool, Ordering},
@@ -26,39 +26,57 @@ const CONFIG_FILE_PATH: &str = "./config.toml";
 const MAIN_LOOP_DEFAULT_SLEEP: u64 = 10;
 
 fn main() -> Result<(), Error> {
-    let config_file =
+    // Register a boolean set to true when the SIGTERM signal is received.
+    let kill_signal = Arc::new(AtomicBool::new(false));
+    // Register a boolean set to true when the SIGHUP signal is received.
+    let reload_signal = Arc::new(AtomicBool::new(false));
+    flag::register(SIGTERM, kill_signal.clone())?;
+    flag::register(SIGHUP, reload_signal.clone())?;
+
+    let mut config_file =
         ::std::fs::read_to_string(CONFIG_FILE_PATH).expect("Failed to read configuration file");
-    let config: ServiceConfig =
+    let mut config: ServiceConfig =
         toml::from_str(&config_file).expect("Failed to parse service configuration");
 
     log_setup(&config);
 
-    info!("PARSEC started.");
-
-    let front_end_handler = ServiceBuilder::build_service(&config);
-
-    let listener = ServiceBuilder::start_listener(&config.listener);
+    info!("Parsec started. Configuring the service...");
 
     // Multiple threads can not just have a reference of the front end handler because they could
     // outlive the run function. It is needed to give them all ownership of the front end handler
     // through an Arc.
-    let front_end_handler = Arc::from(front_end_handler);
+    let mut front_end_handler = Arc::from(ServiceBuilder::build_service(&config));
+    let mut listener = ServiceBuilder::start_listener(&config.listener);
+    let mut threadpool = ServiceBuilder::build_threadpool(config.core_settings.thread_pool_size);
 
-    // Register a boolean set to true when the SIGTERM signal is received.
-    let kill_signal = Arc::new(AtomicBool::new(false));
-    flag::register(SIGTERM, kill_signal.clone())?;
+    // Notify systemd that the daemon is ready, the start command will block until this point.
+    let _ = sd_notify::notify(false, &[sd_notify::NotifyState::Ready]);
 
-    let threadpool = ServiceBuilder::build_threadpool(config.core_settings.thread_pool_size);
+    info!("Parsec is ready.");
 
-    info!("PARSEC is ready.");
+    while !kill_signal.load(Ordering::Relaxed) {
+        if reload_signal.swap(false, Ordering::Relaxed) {
+            let _ = sd_notify::notify(false, &[sd_notify::NotifyState::Reloading]);
+            info!("SIGHUP signal received. Reloading the configuration...");
 
-    // Notify systemd that the daemon is ready, the start command will block until this point.
-    let _ = sd_notify::notify(true, &[sd_notify::NotifyState::Ready]);
+            threadpool.join();
+
+            // Explicitely call drop now because otherwise Rust will drop these variables only
+            // after they have been overwritten, in which case some values/libraries might be
+            // initialized twice.
+            drop(front_end_handler);
+            drop(listener);
+            drop(threadpool);
+
+            config_file = ::std::fs::read_to_string(CONFIG_FILE_PATH)
+                .expect("Failed to read configuration file");
+            config = toml::from_str(&config_file).expect("Failed to parse service configuration");
+            front_end_handler = Arc::from(ServiceBuilder::build_service(&config));
+            listener = ServiceBuilder::start_listener(&config.listener);
+            threadpool = ServiceBuilder::build_threadpool(config.core_settings.thread_pool_size);
 
-    loop {
-        if kill_signal.load(Ordering::Relaxed) {
-            info!("SIGTERM signal received.");
-            break;
+            let _ = sd_notify::notify(false, &[sd_notify::NotifyState::Ready]);
+            info!("Parsec configuration reloaded.");
         }
 
         if let Some(stream) = listener.accept() {
@@ -76,8 +94,10 @@ fn main() -> Result<(), Error> {
         }
     }
 
-    info!("Shutting down PARSEC, waiting for all threads to finish.");
+    let _ = sd_notify::notify(true, &[sd_notify::NotifyState::Stopping]);
+    info!("SIGTERM signal received. Shutting down Parsec, waiting for all threads to finish...");
     threadpool.join();
+    info!("Parsec is now terminated.");
 
     Ok(())
 }

src/providers/mbed_provider/mod.rs

@@ -482,6 +482,14 @@ impl Provide for MbedProvider {
     }
 }
 
+impl Drop for MbedProvider {
+    fn drop(&mut self) {
+        unsafe {
+            psa_crypto_binding::mbedtls_psa_crypto_free();
+        }
+    }
+}
+
 #[derive(Default)]
 pub struct MbedProviderBuilder {
     key_id_store: Option<Arc<RwLock<dyn ManageKeyIDs + Send + Sync>>>,

src/providers/pkcs11_provider/mod.rs

@@ -900,6 +900,14 @@ impl Provide for Pkcs11Provider {
     }
 }
 
+impl Drop for Pkcs11Provider {
+    fn drop(&mut self) {
+        if let Err(e) = self.backend.finalize() {
+            error!("Error when dropping the PKCS 11 provider: {}", e);
+        }
+    }
+}
+
 #[derive(Default)]
 pub struct Pkcs11ProviderBuilder {
     key_id_store: Option<Arc<RwLock<dyn ManageKeyIDs + Send + Sync>>>,

tests/all.sh

@@ -39,26 +39,16 @@ cargo test --doc || exit 1
 cargo fmt --all -- --check || exit 1
 cargo clippy || exit 1
 
-############################
-# Normal Integration tests #
-############################
+#####################
+# Integration tests #
+#####################
 RUST_BACKTRACE=1 RUST_LOG=info cargo run &
 SERVER_PID=$!
 
 cargo test --test normal || exit 1
 
-kill $SERVER_PID
-
-#################################
-# Persistence Integration tests #
-#################################
-RUST_BACKTRACE=1 RUST_LOG=info cargo run &
-SERVER_PID=$!
-
 cargo test --test persistent-before || exit 1
 
-kill $SERVER_PID
-
 # Create a fake mapping file for the root application, the Mbed Provider and a
 # key name of "Test Key". It contains a valid PSA Key ID.
 # It is tested in test "should_have_been_deleted".
@@ -68,19 +58,11 @@ printf '\xe0\x19\xb2\x5c' > mappings/cm9vdA==/1/VGVzdCBLZXk\=
 # For PKCS 11 Provider
 printf '\xe0\x19\xb2\x5c' > mappings/cm9vdA==/2/VGVzdCBLZXk\=
 
-RUST_BACKTRACE=1 RUST_LOG=info cargo run &
-SERVER_PID=$!
+# Trigger a configuration reload to load the new mappings.
+kill -s SIGHUP $SERVER_PID
 
 cargo test --test persistent-after || exit 1
 
-kill $SERVER_PID
-
-################
-# Stress tests #
-################
-RUST_BACKTRACE=1 RUST_LOG=info cargo run &
-SERVER_PID=$!
-
 RUST_LOG=info cargo test --test stress_test || exit 1
 
 kill $SERVER_PID