transport/controller: pass unix_domain_socket_permissions to generic_server::listen

2024-02-01 15:46:33 +01:00
parent 6b178f9a4a
commit 4cecda7ead
4 changed files with 12 additions and 9 deletions
--- a/generic_server.cc
+++ b/generic_server.cc
@@ -145,7 +145,7 @@ future<> server::shutdown() {
 }

 future<>
-server::listen(socket_address addr, std::shared_ptr<seastar::tls::credentials_builder> creds, bool is_shard_aware, bool keepalive) {
+server::listen(socket_address addr, std::shared_ptr<seastar::tls::credentials_builder> creds, bool is_shard_aware, bool keepalive, std::optional<file_permissions> unix_domain_socket_permissions) {
    auto f = make_ready_future<shared_ptr<seastar::tls::server_credentials>>(nullptr);
    if (creds) {
        f = creds->build_reloadable_server_credentials([this](const std::unordered_set<sstring>& files, std::exception_ptr ep) {
@@ -156,9 +156,10 @@ server::listen(socket_address addr, std::shared_ptr<seastar::tls::credentials_bu
            }
        });
    }
-    return f.then([this, addr, is_shard_aware, keepalive](shared_ptr<seastar::tls::server_credentials> creds) {
+    return f.then([this, addr, is_shard_aware, keepalive, unix_domain_socket_permissions](shared_ptr<seastar::tls::server_credentials> creds) {
        listen_options lo;
        lo.reuse_address = true;
+        lo.unix_domain_socket_permissions = unix_domain_socket_permissions;
        if (is_shard_aware) {
            lo.lba = server_socket::load_balancing_algorithm::port;
        }
--- a/generic_server.hh
+++ b/generic_server.hh
@@ -14,6 +14,7 @@

 #include <list>

+#include <seastar/core/file-types.hh>
 #include <seastar/core/future.hh>
 #include <seastar/core/gate.hh>
 #include <seastar/net/api.hh>
@@ -107,7 +108,7 @@ public:
    future<> shutdown();
    future<> stop();

-    future<> listen(socket_address addr, std::shared_ptr<seastar::tls::credentials_builder> creds, bool is_shard_aware, bool keepalive);
+    future<> listen(socket_address addr, std::shared_ptr<seastar::tls::credentials_builder> creds, bool is_shard_aware, bool keepalive, std::optional<file_permissions> unix_domain_socket_permissions);

    future<> do_accepts(int which, bool keepalive, socket_address server_addr);

--- a/redis/controller.cc
+++ b/redis/controller.cc
@@ -87,7 +87,7 @@ future<> controller::listen(seastar::sharded<auth::service>& auth_service, db::c

            return f.then([server, configs = std::move(configs), keepalive] {
                return parallel_for_each(configs, [server, keepalive](const listen_cfg & cfg) {
-                    return server->invoke_on_all(&redis_transport::redis_server::listen, cfg.addr, cfg.cred, false, keepalive).then([cfg] {
+                    return server->invoke_on_all(&redis_transport::redis_server::listen, cfg.addr, cfg.cred, false, keepalive, std::nullopt).then([cfg] {
                        slogger.info("Starting listening for REDIS clients on {} ({})", cfg.addr, cfg.cred ? "encrypted" : "unencrypted");
                    });
                });
--- a/transport/controller.cc
+++ b/transport/controller.cc
@@ -10,6 +10,7 @@
 #include <seastar/core/sharded.hh>
 #include <seastar/net/socket_defs.hh>
 #include <seastar/net/unix_address.hh>
+#include <seastar/core/file-types.hh>
 #include "transport/server.hh"
 #include "service/memory_limiter.hh"
 #include "db/config.hh"
@@ -65,9 +66,9 @@ future<> controller::start_server() {
    return do_start_server().finally([this] { _ops_sem.signal(); });
 }

-static future<> listen_on_all_shards(sharded<cql_server>& cserver, socket_address addr, std::shared_ptr<seastar::tls::credentials_builder> creds, bool is_shard_aware, bool keepalive) {
-    co_await cserver.invoke_on_all([addr, creds, is_shard_aware, keepalive] (cql_server& server) {
-        return server.listen(addr, creds, is_shard_aware, keepalive);
+static future<> listen_on_all_shards(sharded<cql_server>& cserver, socket_address addr, std::shared_ptr<seastar::tls::credentials_builder> creds, bool is_shard_aware, bool keepalive, std::optional<file_permissions> unix_domain_socket_permissions) {
+    co_await cserver.invoke_on_all([addr, creds, is_shard_aware, keepalive, unix_domain_socket_permissions] (cql_server& server) {
+        return server.listen(addr, creds, is_shard_aware, keepalive, unix_domain_socket_permissions);
    });

    logger.info("Starting listening for CQL clients on {} ({}, {})"
@@ -135,7 +136,7 @@ future<> controller::start_listening_on_tcp_sockets(sharded<cql_server>& cserver
    }

    return parallel_for_each(configs, [&cserver, keepalive](const listen_cfg & cfg) {
-        return listen_on_all_shards(cserver, cfg.addr, cfg.cred, cfg.is_shard_aware, keepalive);
+        return listen_on_all_shards(cserver, cfg.addr, cfg.cred, cfg.is_shard_aware, keepalive, std::nullopt);
    });
 }

@@ -175,7 +176,7 @@ future<> controller::start_listening_on_maintenance_socket(sharded<cql_server>&

    logger.info("Setting up maintenance socket on {}", socket);

-    return listen_on_all_shards(cserver, addr, nullptr, false, _config.rpc_keepalive());
+    return listen_on_all_shards(cserver, addr, nullptr, false, _config.rpc_keepalive(), std::nullopt);
 }

 future<> controller::do_start_server() {