Prepare release v1.6.5

CHANGELOG.md

@@ -1,5 +1,21 @@
 # Change Log
 
+## [v1.6.5](https://github.com/containous/traefik/tree/v1.6.5) (2018-07-09)
+[All Commits](https://github.com/containous/traefik/compare/v1.6.4...v1.6.5)
+
+**Bug fixes:**
+- **[acme]** Add a mutex on local store for HTTPChallenges ([#3579](https://github.com/containous/traefik/pull/3579) by [Juliens](https://github.com/Juliens))
+- **[consulcatalog]** Split the error handling from Consul Catalog (deadlock) ([#3560](https://github.com/containous/traefik/pull/3560) by [ortz](https://github.com/ortz))
+- **[docker]** segment labels: multiple frontends for one backend. ([#3511](https://github.com/containous/traefik/pull/3511) by [ldez](https://github.com/ldez))
+- **[kv]** Better support on same prefix at the same level in the KV ([#3532](https://github.com/containous/traefik/pull/3532) by [jbdoumenjou](https://github.com/jbdoumenjou))
+- **[logs]** Add logs when error is generated in error handler ([#3567](https://github.com/containous/traefik/pull/3567) by [Juliens](https://github.com/Juliens))
+- **[middleware]** Create middleware to be able to handle HTTP pipelining correctly ([#3513](https://github.com/containous/traefik/pull/3513) by [mmatur](https://github.com/mmatur))
+
+**Documentation:**
+- **[acme]** The gandiv5 provider works with wildcard ([#3506](https://github.com/containous/traefik/pull/3506) by [manu5801](https://github.com/manu5801))
+- **[kv]** Update keyFile first/last line comment in kv-config.md ([#3558](https://github.com/containous/traefik/pull/3558) by [madnight](https://github.com/madnight))
+- Minor formatting issue in user-guide ([#3546](https://github.com/containous/traefik/pull/3546) by [Vanuan](https://github.com/Vanuan))
+
 ## [v1.6.4](https://github.com/containous/traefik/tree/v1.6.4) (2018-06-15)
 [All Commits](https://github.com/containous/traefik/compare/v1.6.3...v1.6.4)
 

cmd/traefik/traefik.go

@@ -175,7 +175,7 @@ func runCmd(globalConfiguration *configuration.GlobalConfiguration, configFile s
 	log.Debugf("Global configuration loaded %s", string(jsonConf))
 	if acme.IsEnabled() {
 		store := acme.NewLocalStore(acme.Get().Storage)
-		acme.Get().Store = &store
+		acme.Get().Store = store
 	}
 	svr := server.NewServer(*globalConfiguration, configuration.NewProviderAggregator(globalConfiguration))
 	if acme.IsEnabled() && acme.Get().OnHostRule {

provider/acme/challenge.go

@@ -34,15 +34,9 @@ func getTokenValue(token, domain string, store Store) []byte {
 	var result []byte
 
 	operation := func() error {
-		var ok bool
-		httpChallenges, err := store.GetHTTPChallenges()
-		if err != nil {
-			return fmt.Errorf("HTTPChallenges not available : %s", err)
-		}
-		if result, ok = httpChallenges[token][domain]; !ok {
-			return fmt.Errorf("cannot find challenge for token %v", token)
-		}
-		return nil
+		var err error
+		result, err = store.GetHTTPChallengeToken(token, domain)
+		return err
 	}
 
 	notify := func(err error, time time.Duration) {
@@ -60,40 +54,9 @@ func getTokenValue(token, domain string, store Store) []byte {
 }
 
 func presentHTTPChallenge(domain, token, keyAuth string, store Store) error {
-	httpChallenges, err := store.GetHTTPChallenges()
-	if err != nil {
-		return fmt.Errorf("unable to get HTTPChallenges : %s", err)
-	}
-
-	if httpChallenges == nil {
-		httpChallenges = map[string]map[string][]byte{}
-	}
-
-	if _, ok := httpChallenges[token]; !ok {
-		httpChallenges[token] = map[string][]byte{}
-	}
-
-	httpChallenges[token][domain] = []byte(keyAuth)
-
-	return store.SaveHTTPChallenges(httpChallenges)
+	return store.SetHTTPChallengeToken(token, domain, []byte(keyAuth))
 }
 
 func cleanUpHTTPChallenge(domain, token string, store Store) error {
-	httpChallenges, err := store.GetHTTPChallenges()
-	if err != nil {
-		return fmt.Errorf("unable to get HTTPChallenges : %s", err)
-	}
-
-	log.Debugf("Challenge CleanUp for domain %s", domain)
-
-	if _, ok := httpChallenges[token]; ok {
-		if _, domainOk := httpChallenges[token][domain]; domainOk {
-			delete(httpChallenges[token], domain)
-		}
-		if len(httpChallenges[token]) == 0 {
-			delete(httpChallenges, token)
-		}
-		return store.SaveHTTPChallenges(httpChallenges)
-	}
-	return nil
+	return store.RemoveHTTPChallengeToken(token, domain)
 }

provider/acme/local_store.go

@@ -2,9 +2,11 @@ package acme
 
 import (
 	"encoding/json"
+	"fmt"
 	"io/ioutil"
 	"os"
 	"regexp"
+	"sync"
 
 	"github.com/containous/traefik/log"
 	"github.com/containous/traefik/safe"
@@ -17,11 +19,12 @@ type LocalStore struct {
 	filename     string
 	storedData   *StoredData
 	SaveDataChan chan *StoredData `json:"-"`
+	lock         sync.RWMutex
 }
 
 // NewLocalStore initializes a new LocalStore with a file name
-func NewLocalStore(filename string) LocalStore {
-	store := LocalStore{filename: filename, SaveDataChan: make(chan *StoredData)}
+func NewLocalStore(filename string) *LocalStore {
+	store := &LocalStore{filename: filename, SaveDataChan: make(chan *StoredData)}
 	store.listenSaveAction()
 	return store
 }
@@ -149,13 +152,59 @@ func (s *LocalStore) SaveCertificates(certificates []*Certificate) error {
 	return nil
 }
 
-// GetHTTPChallenges returns ACME HTTP Challenges list
-func (s *LocalStore) GetHTTPChallenges() (map[string]map[string][]byte, error) {
-	return s.storedData.HTTPChallenges, nil
+// GetHTTPChallengeToken Get the http challenge token from the store
+func (s *LocalStore) GetHTTPChallengeToken(token, domain string) ([]byte, error) {
+	s.lock.RLock()
+	defer s.lock.RUnlock()
+
+	if s.storedData.HTTPChallenges == nil {
+		s.storedData.HTTPChallenges = map[string]map[string][]byte{}
+	}
+
+	if _, ok := s.storedData.HTTPChallenges[token]; !ok {
+		return nil, fmt.Errorf("cannot find challenge for token %v", token)
+	}
+
+	result, ok := s.storedData.HTTPChallenges[token][domain]
+	if !ok {
+		return nil, fmt.Errorf("cannot find challenge for token %v", token)
+	}
+	return result, nil
 }
 
-// SaveHTTPChallenges stores ACME HTTP Challenges list
-func (s *LocalStore) SaveHTTPChallenges(httpChallenges map[string]map[string][]byte) error {
-	s.storedData.HTTPChallenges = httpChallenges
+// SetHTTPChallengeToken Set the http challenge token in the store
+func (s *LocalStore) SetHTTPChallengeToken(token, domain string, keyAuth []byte) error {
+	s.lock.Lock()
+	defer s.lock.Unlock()
+
+	if s.storedData.HTTPChallenges == nil {
+		s.storedData.HTTPChallenges = map[string]map[string][]byte{}
+	}
+
+	if _, ok := s.storedData.HTTPChallenges[token]; !ok {
+		s.storedData.HTTPChallenges[token] = map[string][]byte{}
+	}
+
+	s.storedData.HTTPChallenges[token][domain] = []byte(keyAuth)
+	return nil
+}
+
+// RemoveHTTPChallengeToken Remove the http challenge token in the store
+func (s *LocalStore) RemoveHTTPChallengeToken(token, domain string) error {
+	s.lock.Lock()
+	defer s.lock.Unlock()
+
+	if s.storedData.HTTPChallenges == nil {
+		return nil
+	}
+
+	if _, ok := s.storedData.HTTPChallenges[token]; ok {
+		if _, domainOk := s.storedData.HTTPChallenges[token][domain]; domainOk {
+			delete(s.storedData.HTTPChallenges[token], domain)
+		}
+		if len(s.storedData.HTTPChallenges[token]) == 0 {
+			delete(s.storedData.HTTPChallenges, token)
+		}
+	}
 	return nil
 }

provider/acme/store.go

@@ -13,6 +13,7 @@ type Store interface {
 	SaveAccount(*Account) error
 	GetCertificates() ([]*Certificate, error)
 	SaveCertificates([]*Certificate) error
-	GetHTTPChallenges() (map[string]map[string][]byte, error)
-	SaveHTTPChallenges(map[string]map[string][]byte) error
+	GetHTTPChallengeToken(token, domain string) ([]byte, error)
+	SetHTTPChallengeToken(token, domain string, keyAuth []byte) error
+	RemoveHTTPChallengeToken(token, domain string) error
 }