alternator: Make server peering sharded and reuse reloadable certs

Reuse reloadability across shards by limiting reload to shard 0, and use call to other shards to reload other shards certs.
2025-01-21 12:51:09 +00:00
parent 15d1664a5c
commit 4843711fbd
2 changed files with 21 additions and 9 deletions
--- a/alternator/server.cc
+++ b/alternator/server.cc
@@ -606,14 +606,24 @@ future<> server::init(net::inet_address addr, std::optional<uint16_t> port, std:
            set_routes(_https_server._routes);
            _https_server.set_content_length_limit(server::content_length_limit);
            _https_server.set_content_streaming(true);
-            auto server_creds = creds->build_reloadable_server_credentials([](const std::unordered_set<sstring>& files, std::exception_ptr ep) {
-                if (ep) {
-                    slogger.warn("Exception loading {}: {}", files, ep);
-                } else {
-                    slogger.info("Reloaded {}", files);
-                }
-            }).get();
-            _https_server.listen(socket_address{addr, *https_port}, std::move(server_creds)).get();
+
+            if (this_shard_id() == 0) {
+                _credentials = creds->build_reloadable_server_credentials([this](const tls::credentials_builder& b, const std::unordered_set<sstring>& files, std::exception_ptr ep) -> future<> {
+                    if (ep) {
+                        slogger.warn("Exception loading {}: {}", files, ep);
+                    } else {
+                        co_await container().invoke_on_others([&b](server& s) {
+                            if (s._credentials) {
+                                b.rebuild(*s._credentials);
+                            }
+                        });
+                        slogger.info("Reloaded {}", files);
+                    }
+                }).get();
+            } else {
+                _credentials = creds->build_server_credentials();
+            }
+            _https_server.listen(socket_address{addr, *https_port}, _credentials).get();
            _enabled_servers.push_back(std::ref(_https_server));
        }
    });
--- a/alternator/server.hh
+++ b/alternator/server.hh
@@ -24,7 +24,7 @@ namespace alternator {

 using chunked_content = rjson::chunked_content;

-class server {
+class server : public peering_sharded_service<server> {
    static constexpr size_t content_length_limit = 16*MB;
    using alternator_callback = std::function<future<executor::request_return_type>(executor&, executor::client_state&,
            tracing::trace_state_ptr, service_permit, rjson::value, std::unique_ptr<http::request>)>;
@@ -52,6 +52,8 @@ class server {
    semaphore* _memory_limiter;
    utils::updateable_value<uint32_t> _max_concurrent_requests;

+    ::shared_ptr<seastar::tls::server_credentials> _credentials;
+
    class json_parser {
        static constexpr size_t yieldable_parsing_threshold = 16*KB;
        chunked_content _raw_document;