diff --git a/ca/config.go b/ca/config.go index 38fb4b7ffe..1d0e528559 100644 --- a/ca/config.go +++ b/ca/config.go @@ -51,6 +51,13 @@ const ( base36DigestLen = 50 ) +// RenewTLSExponentialBackoff sets the exponential backoff when trying to renew TLS certificates that have expired +var RenewTLSExponentialBackoff = events.ExponentialBackoffConfig{ + Base: time.Second * 5, + Factor: time.Minute, + Max: 1 * time.Hour, +} + // SecurityConfig is used to represent a node's security configuration. It includes information about // the RootCA and ServerTLSCreds/ClientTLSCreds transport authenticators to be used for MTLS type SecurityConfig struct { @@ -446,15 +453,9 @@ func RenewTLSConfigNow(ctx context.Context, s *SecurityConfig, connBroker *conne func RenewTLSConfig(ctx context.Context, s *SecurityConfig, connBroker *connectionbroker.Broker, renew <-chan struct{}) <-chan CertificateUpdate { updates := make(chan CertificateUpdate) - backoffConfig := events.ExponentialBackoffConfig{ - Base: time.Second * 5, - Factor: time.Minute, - Max: 1 * time.Hour, - } - go func() { var retry time.Duration - expBackoff := events.NewExponentialBackoff(backoffConfig) + expBackoff := events.NewExponentialBackoff(RenewTLSExponentialBackoff) defer close(updates) for { ctx = log.WithModule(ctx, "tls") @@ -494,7 +495,7 @@ func RenewTLSConfig(ctx context.Context, s *SecurityConfig, connBroker *connecti log.WithFields(logrus.Fields{ "time": time.Now().Add(retry), - }).Debugf("next certificate renewal scheduled") + }).Debugf("next certificate renewal scheduled for %v from now", retry) select { case <-time.After(retry): @@ -513,7 +514,7 @@ func RenewTLSConfig(ctx context.Context, s *SecurityConfig, connBroker *connecti expBackoff.Failure(nil, nil) } else { certUpdate.Role = s.ClientTLSCreds.Role() - expBackoff = events.NewExponentialBackoff(backoffConfig) + expBackoff = events.NewExponentialBackoff(RenewTLSExponentialBackoff) } select { diff --git a/integration/cluster.go b/integration/cluster.go index 94f0d112b0..d511ee6a35 100644 --- a/integration/cluster.go +++ b/integration/cluster.go @@ -12,6 +12,7 @@ import ( "github.com/docker/swarmkit/ca" "github.com/docker/swarmkit/log" raftutils "github.com/docker/swarmkit/manager/state/raft/testutils" + "github.com/docker/swarmkit/node" "golang.org/x/net/context" ) @@ -330,15 +331,30 @@ func (c *testCluster) StartNode(id string) error { } ctx := log.WithLogger(c.ctx, log.L.WithField("testnode", c.nodesOrder[id])) + errCtx, cancel := context.WithCancel(context.Background()) + done := make(chan error) + defer cancel() + defer close(done) - c.wg.Add(1) + c.wg.Add(2) go func() { c.errs <- n.node.Start(ctx) c.wg.Done() }() + go func(n *node.Node) { + err := n.Err(errCtx) + select { + case <-errCtx.Done(): + default: + done <- err + } + c.wg.Done() + }(n.node) select { case <-n.node.Ready(): + case err := <-done: + return err case <-time.After(opsTimeout): return fmt.Errorf("node did not ready in time") } diff --git a/integration/integration_test.go b/integration/integration_test.go index e5ab0195db..28cf340e5e 100644 --- a/integration/integration_test.go +++ b/integration/integration_test.go @@ -17,6 +17,7 @@ import ( "github.com/Sirupsen/logrus" "github.com/cloudflare/cfssl/helpers" + events "github.com/docker/go-events" "github.com/docker/swarmkit/api" "github.com/docker/swarmkit/ca" raftutils "github.com/docker/swarmkit/manager/state/raft/testutils" @@ -44,6 +45,10 @@ func printTrace() { } func TestMain(m *testing.M) { + ca.RenewTLSExponentialBackoff = events.ExponentialBackoffConfig{ + Factor: time.Millisecond * 500, + Max: time.Minute, + } flag.Parse() res := m.Run() if *showTrace { @@ -463,7 +468,6 @@ func TestRestartLeader(t *testing.T) { func TestForceNewCluster(t *testing.T) { t.Parallel() - logrus.SetLevel(logrus.DebugLevel) // create an external CA so that we can use it to generate expired certificates tempDir, err := ioutil.TempDir("", "external-ca")