trafficserver icon indicating copy to clipboard operation
trafficserver copied to clipboard
verified publisher icon apache

SSLClientCoordinator: SSL config is reloaded multiple times

Open cmcfarlen opened this issue 1 year ago • 3 comments

If multiple ssl related config files are changed and then traffic_ctl config reload is executed, the ssl config will reload multiple times.

Reproduction:

  1. Run traffic_server with a sni.yaml and ssl_multicert.config file configured
  2. touch sni.yaml
  3. traffic_ctl config reload
  4. Observerve the log output:
[Aug 20 13:59:35.145] [ET_TASK 0] NOTE: /opt/ats/etc/trafficserver/sni.yaml loading ...
[Aug 20 13:59:35.147] [ET_TASK 0] NOTE: /opt/ats/etc/trafficserver/sni.yaml finished loading
[Aug 20 13:59:35.147] [ET_TASK 0] NOTE: ssl_multicert.config loading ...
[Aug 20 13:59:35.158] [ET_TASK 0] NOTE: /opt/ats/etc/trafficserver/ssl_multicert.config finished loading
  1. touch sni.yaml and ssl_multicert.config files
  2. traffic_ctl config reload
  3. Observer the log output:
[Aug 20 13:59:53.154] [ET_TASK 0] NOTE: /opt/ats/etc/trafficserver/sni.yaml loading ...
[Aug 20 13:59:53.156] [ET_TASK 0] NOTE: /opt/ats/etc/trafficserver/sni.yaml finished loading
[Aug 20 13:59:53.156] [ET_TASK 0] NOTE: ssl_multicert.config loading ...
[Aug 20 13:59:53.166] [ET_TASK 0] NOTE: /opt/ats/etc/trafficserver/ssl_multicert.config finished loading
[Aug 20 13:59:53.166] [ET_TASK 0] NOTE: /opt/ats/etc/trafficserver/sni.yaml loading ...
[Aug 20 13:59:53.167] [ET_TASK 0] NOTE: /opt/ats/etc/trafficserver/sni.yaml finished loading
[Aug 20 13:59:53.168] [ET_TASK 0] NOTE: ssl_multicert.config loading ...
[Aug 20 13:59:53.174] [ET_TASK 0] NOTE: /opt/ats/etc/trafficserver/ssl_multicert.config finished loading

This happens because the callbacks setup in SSLClientCoordinator are independently attached and so the reconfigure function will be called for every updated config item specified.

This happens on the master branch, but also for 9.2.x

cmcfarlen avatar Aug 20 '24 21:08 cmcfarlen

Is this closed by #11723 @cmcfarlen @maskit?

JosiahWI avatar Aug 21 '24 17:08 JosiahWI

No, we found the QUIC reload issue while we work on this one. With #11723 fixed, we'd see 4 "ssl_multicert.config loading ..." lines in total if QUIC is available.

maskit avatar Aug 21 '24 18:08 maskit

This issue has been automatically marked as stale because it has not had recent activity. Marking it stale to flag it for further consideration by the community.

github-actions[bot] avatar Aug 22 '25 02:08 github-actions[bot]