feat(api): Auto-Reload HAProxy bei Domain/Backend/Routing-Mutation

Symmetrisch zur Firewall: Domains-, Backends- und RoutingRules-Handler bekommen einen Reloader-Hook injiziert, der nach jeder Mutation haproxy.cfg neu rendert + sudo systemctl reload haproxy fährt. Errors werden nur geloggt, nicht failed (Row ist committed; manuelle Re-Render via edgeguard-ctl render-config bleibt möglich). Vorher: nur Firewall-Regeln waren auto-applied — Domain/Backend- Änderungen sind in der DB gelandet, aber das laufende haproxy hat sie nicht gesehen bis zum nächsten render-config oder API-Restart. Version 1.0.8. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-10 18:23:18 +02:00
parent 237c4c7541
commit 3545b8422b
9 changed files with 86 additions and 34 deletions
--- a/2
+++ b/2
@@ -1 +1 @@
-1.0.7
+1.0.8
--- a/cmd/edgeguard-api/main.go
+++ b/cmd/edgeguard-api/main.go
@@ -20,6 +20,7 @@ import (
 	"git.netcell-it.de/projekte/edgeguard-native/internal/cluster"
 	"git.netcell-it.de/projekte/edgeguard-native/internal/database"
 	firewallrender "git.netcell-it.de/projekte/edgeguard-native/internal/firewall"
 	"git.netcell-it.de/projekte/edgeguard-native/internal/haproxy"
 	"git.netcell-it.de/projekte/edgeguard-native/internal/handlers"
 	"git.netcell-it.de/projekte/edgeguard-native/internal/handlers/response"
 	"git.netcell-it.de/projekte/edgeguard-native/internal/services/acme"
@@ -35,7 +36,7 @@ import (
 	"git.netcell-it.de/projekte/edgeguard-native/internal/services/tlscerts"
 )
-var version = "1.0.7"
+var version = "1.0.8"
 func main() {
 	addr := os.Getenv("EDGEGUARD_API_ADDR")
@@ -143,11 +144,20 @@ func main() {
 			acmeService = acme.New(st.ACMEEmail)
 		}
 		// HAProxy reload — re-rendert haproxy.cfg + sudo systemctl
 		// reload haproxy. Wird in Domains/Backends/RoutingRules-Handler
 		// injiziert, damit jede Änderung ohne expliziten render-config-
 		// Aufruf live geht. Errors werden geloggt, nicht failed
 		// (Row schon committed, Operator kann manuell re-triggern).
 		haproxyReloader := func(ctx context.Context) error {
 			return haproxy.New(pool).Render(ctx)
 		}
 		authed := v1.Group("")
 		authed.Use(requireAuth)
-		handlers.NewDomainsHandler(domainsRepo, routingRepo, auditRepo, nodeID).Register(authed)
+		handlers.NewDomainsHandler(domainsRepo, routingRepo, auditRepo, nodeID, haproxyReloader).Register(authed)
-		handlers.NewBackendsHandler(backendsRepo, auditRepo, nodeID).Register(authed)
+		handlers.NewBackendsHandler(backendsRepo, auditRepo, nodeID, haproxyReloader).Register(authed)
-		handlers.NewRoutingRulesHandler(routingRepo, auditRepo, nodeID).Register(authed)
+		handlers.NewRoutingRulesHandler(routingRepo, auditRepo, nodeID, haproxyReloader).Register(authed)
 		handlers.NewNetworksHandler(ifsRepo, ipsRepo, fwZones, auditRepo, nodeID).Register(authed)
 		handlers.NewIPAddressesHandler(ipsRepo, auditRepo, nodeID).Register(authed)
 		handlers.NewClusterHandler(clusterStore, nodeID).Register(authed)
--- a/cmd/edgeguard-ctl/main.go
+++ b/cmd/edgeguard-ctl/main.go
@@ -9,7 +9,7 @@ import (
 	"os"
 )
-var version = "1.0.7"
+var version = "1.0.8"
 const usage = `edgeguard-ctl — EdgeGuard CLI
--- a/cmd/edgeguard-scheduler/main.go
+++ b/cmd/edgeguard-scheduler/main.go
@@ -5,7 +5,7 @@ import (
 	"time"
 )
-var version = "1.0.7"
+var version = "1.0.8"
 func main() {
 	log.Printf("edgeguard-scheduler %s starting", version)
--- a/internal/handlers/backends.go
+++ b/internal/handlers/backends.go
@@ -1,7 +1,9 @@
 package handlers
 import (
 	"context"
 	"errors"
 	"log/slog"
 	"strconv"
 	"github.com/gin-gonic/gin"
@@ -13,13 +15,23 @@ import (
 )
 type BackendsHandler struct {
-	Repo   *backends.Repo
+	Repo     *backends.Repo
-	Audit  *audit.Repo
+	Audit    *audit.Repo
-	NodeID string
+	NodeID   string
 	Reloader func(ctx context.Context) error
 }
-func NewBackendsHandler(repo *backends.Repo, a *audit.Repo, nodeID string) *BackendsHandler {
+func NewBackendsHandler(repo *backends.Repo, a *audit.Repo, nodeID string, reloader func(context.Context) error) *BackendsHandler {
-	return &BackendsHandler{Repo: repo, Audit: a, NodeID: nodeID}
+	return &BackendsHandler{Repo: repo, Audit: a, NodeID: nodeID, Reloader: reloader}
 }
 func (h *BackendsHandler) reload(ctx context.Context, op string) {
 	if h.Reloader == nil {
 		return
 	}
 	if err := h.Reloader(ctx); err != nil {
 		slog.Warn("haproxy: reload after backend mutation failed", "op", op, "error", err)
 	}
 }
 func (h *BackendsHandler) Register(rg *gin.RouterGroup) {
@@ -69,7 +81,7 @@ func (h *BackendsHandler) Create(c *gin.Context) {
 		return
 	}
 	_ = h.Audit.Log(c.Request.Context(), actorOf(c), "backend.create", req.Name, out, h.NodeID)
-	response.Created(c, out)
+	response.Created(c, out); h.reload(c.Request.Context(), "create")
 }
 func (h *BackendsHandler) Update(c *gin.Context) {
@@ -92,7 +104,7 @@ func (h *BackendsHandler) Update(c *gin.Context) {
 		return
 	}
 	_ = h.Audit.Log(c.Request.Context(), actorOf(c), "backend.update", out.Name, out, h.NodeID)
-	response.OK(c, out)
+	response.OK(c, out); h.reload(c.Request.Context(), "update")
 }
 func (h *BackendsHandler) Delete(c *gin.Context) {
@@ -110,5 +122,5 @@ func (h *BackendsHandler) Delete(c *gin.Context) {
 	}
 	_ = h.Audit.Log(c.Request.Context(), actorOf(c), "backend.delete",
 		strconv.FormatInt(id, 10), gin.H{"id": id}, h.NodeID)
-	response.NoContent(c)
+	response.NoContent(c); h.reload(c.Request.Context(), "delete")
 }
--- a/internal/handlers/domains.go
+++ b/internal/handlers/domains.go
@@ -1,7 +1,9 @@
 package handlers
 import (
 	"context"
 	"errors"
 	"log/slog"
 	"strconv"
 	"github.com/gin-gonic/gin"
@@ -14,14 +16,30 @@ import (
 )
 type DomainsHandler struct {
-	Repo     *domains.Repo
+	Repo    *domains.Repo
-	Routing  *routingrules.Repo
+	Routing *routingrules.Repo
-	Audit    *audit.Repo
+	Audit   *audit.Repo
-	NodeID   string
+	NodeID  string
 	// Reloader regenerates and applies the haproxy config. Symmetric
 	// to FirewallHandler.Reloader; called after every mutation so the
 	// running haproxy.cfg always matches the DB. Errors are logged
 	// but don't fail the API call (the row is committed and the
 	// operator can re-trigger via `edgeguard-ctl render-config`).
 	Reloader func(ctx context.Context) error
 }
-func NewDomainsHandler(repo *domains.Repo, routing *routingrules.Repo, a *audit.Repo, nodeID string) *DomainsHandler {
+func NewDomainsHandler(repo *domains.Repo, routing *routingrules.Repo, a *audit.Repo, nodeID string, reloader func(context.Context) error) *DomainsHandler {
-	return &DomainsHandler{Repo: repo, Routing: routing, Audit: a, NodeID: nodeID}
+	return &DomainsHandler{Repo: repo, Routing: routing, Audit: a, NodeID: nodeID, Reloader: reloader}
 }
 func (h *DomainsHandler) reload(ctx context.Context, op string) {
 	if h.Reloader == nil {
 		return
 	}
 	if err := h.Reloader(ctx); err != nil {
 		slog.Warn("haproxy: reload after domain mutation failed", "op", op, "error", err)
 	}
 }
 func (h *DomainsHandler) Register(rg *gin.RouterGroup) {
@@ -72,7 +90,7 @@ func (h *DomainsHandler) Create(c *gin.Context) {
 		return
 	}
 	_ = h.Audit.Log(c.Request.Context(), actorOf(c), "domain.create", req.Name, out, h.NodeID)
-	response.Created(c, out)
+	response.Created(c, out); h.reload(c.Request.Context(), "create")
 }
 func (h *DomainsHandler) Update(c *gin.Context) {
@@ -95,7 +113,7 @@ func (h *DomainsHandler) Update(c *gin.Context) {
 		return
 	}
 	_ = h.Audit.Log(c.Request.Context(), actorOf(c), "domain.update", out.Name, out, h.NodeID)
-	response.OK(c, out)
+	response.OK(c, out); h.reload(c.Request.Context(), "update")
 }
 func (h *DomainsHandler) Delete(c *gin.Context) {
@@ -113,7 +131,7 @@ func (h *DomainsHandler) Delete(c *gin.Context) {
 	}
 	_ = h.Audit.Log(c.Request.Context(), actorOf(c), "domain.delete",
 		strconv.FormatInt(id, 10), gin.H{"id": id}, h.NodeID)
-	response.NoContent(c)
+	response.NoContent(c); h.reload(c.Request.Context(), "delete")
 }
 // ListRoutingRules narrows /routing-rules to one domain — UI uses this
--- a/internal/handlers/routingrules.go
+++ b/internal/handlers/routingrules.go
@@ -1,7 +1,9 @@
 package handlers
 import (
 	"context"
 	"errors"
 	"log/slog"
 	"strconv"
 	"github.com/gin-gonic/gin"
@@ -13,13 +15,23 @@ import (
 )
 type RoutingRulesHandler struct {
-	Repo   *routingrules.Repo
+	Repo     *routingrules.Repo
-	Audit  *audit.Repo
+	Audit    *audit.Repo
-	NodeID string
+	NodeID   string
 	Reloader func(ctx context.Context) error
 }
-func NewRoutingRulesHandler(repo *routingrules.Repo, a *audit.Repo, nodeID string) *RoutingRulesHandler {
+func NewRoutingRulesHandler(repo *routingrules.Repo, a *audit.Repo, nodeID string, reloader func(context.Context) error) *RoutingRulesHandler {
-	return &RoutingRulesHandler{Repo: repo, Audit: a, NodeID: nodeID}
+	return &RoutingRulesHandler{Repo: repo, Audit: a, NodeID: nodeID, Reloader: reloader}
 }
 func (h *RoutingRulesHandler) reload(ctx context.Context, op string) {
 	if h.Reloader == nil {
 		return
 	}
 	if err := h.Reloader(ctx); err != nil {
 		slog.Warn("haproxy: reload after routing-rule mutation failed", "op", op, "error", err)
 	}
 }
 func (h *RoutingRulesHandler) Register(rg *gin.RouterGroup) {
@@ -70,7 +82,7 @@ func (h *RoutingRulesHandler) Create(c *gin.Context) {
 	}
 	_ = h.Audit.Log(c.Request.Context(), actorOf(c), "routing_rule.create",
 		strconv.FormatInt(out.ID, 10), out, h.NodeID)
-	response.Created(c, out)
+	response.Created(c, out); h.reload(c.Request.Context(), "create")
 }
 func (h *RoutingRulesHandler) Update(c *gin.Context) {
@@ -94,7 +106,7 @@ func (h *RoutingRulesHandler) Update(c *gin.Context) {
 	}
 	_ = h.Audit.Log(c.Request.Context(), actorOf(c), "routing_rule.update",
 		strconv.FormatInt(id, 10), out, h.NodeID)
-	response.OK(c, out)
+	response.OK(c, out); h.reload(c.Request.Context(), "update")
 }
 func (h *RoutingRulesHandler) Delete(c *gin.Context) {
@@ -112,5 +124,5 @@ func (h *RoutingRulesHandler) Delete(c *gin.Context) {
 	}
 	_ = h.Audit.Log(c.Request.Context(), actorOf(c), "routing_rule.delete",
 		strconv.FormatInt(id, 10), gin.H{"id": id}, h.NodeID)
-	response.NoContent(c)
+	response.NoContent(c); h.reload(c.Request.Context(), "delete")
 }
--- a/management-ui/package.json
+++ b/management-ui/package.json
@@ -1,7 +1,7 @@
 {
  "name": "edgeguard-management-ui",
  "private": true,
-  "version": "1.0.7",
+  "version": "1.0.8",
  "type": "module",
  "scripts": {
    "dev": "vite",
--- a/management-ui/src/components/Layout/Sidebar.tsx
+++ b/management-ui/src/components/Layout/Sidebar.tsx
@@ -68,7 +68,7 @@ const NAV: NavSection[] = [
  },
 ]
-const VERSION = '1.0.7'
+const VERSION = '1.0.8'
 export default function Sidebar({ isOpen, onClose }: SidebarProps) {
  const { t } = useTranslation()