projekte/edgeguard-native
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(api): Auto-Reload HAProxy bei Domain/Backend/Routing-Mutation

Browse Source 
Symmetrisch zur Firewall: Domains-, Backends- und RoutingRules-Handler
bekommen einen Reloader-Hook injiziert, der nach jeder Mutation
haproxy.cfg neu rendert + sudo systemctl reload haproxy fährt. Errors
werden nur geloggt, nicht failed (Row ist committed; manuelle
Re-Render via edgeguard-ctl render-config bleibt möglich).

Vorher: nur Firewall-Regeln waren auto-applied — Domain/Backend-
Änderungen sind in der DB gelandet, aber das laufende haproxy hat
sie nicht gesehen bis zum nächsten render-config oder API-Restart.

Version 1.0.8.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Debian
2026-05-10 18:23:18 +02:00
parent 237c4c7541
commit 3545b8422b
9 changed files with 86 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
VERSION
View File

@@ -1 +1 @@
1.0.7
1.0.8

18
cmd/edgeguard-api/main.go
View File

@@ -20,6 +20,7 @@ import (
"git.netcell-it.de/projekte/edgeguard-native/internal/cluster"
"git.netcell-it.de/projekte/edgeguard-native/internal/database"
firewallrender "git.netcell-it.de/projekte/edgeguard-native/internal/firewall"
"git.netcell-it.de/projekte/edgeguard-native/internal/haproxy"
"git.netcell-it.de/projekte/edgeguard-native/internal/handlers"
"git.netcell-it.de/projekte/edgeguard-native/internal/handlers/response"
"git.netcell-it.de/projekte/edgeguard-native/internal/services/acme"
@@ -35,7 +36,7 @@ import (
"git.netcell-it.de/projekte/edgeguard-native/internal/services/tlscerts"
)
var version = "1.0.7"
var version = "1.0.8"
func main() {
addr := os.Getenv("EDGEGUARD_API_ADDR")
@@ -143,11 +144,20 @@ func main() {
acmeService = acme.New(st.ACMEEmail)
}
// HAProxy reload — re-rendert haproxy.cfg + sudo systemctl
// reload haproxy. Wird in Domains/Backends/RoutingRules-Handler
// injiziert, damit jede Änderung ohne expliziten render-config-
// Aufruf live geht. Errors werden geloggt, nicht failed
// (Row schon committed, Operator kann manuell re-triggern).
haproxyReloader := func(ctx context.Context) error {
return haproxy.New(pool).Render(ctx)
}
authed := v1.Group("")
authed.Use(requireAuth)
handlers.NewDomainsHandler(domainsRepo, routingRepo, auditRepo, nodeID).Register(authed)
handlers.NewBackendsHandler(backendsRepo, auditRepo, nodeID).Register(authed)
handlers.NewRoutingRulesHandler(routingRepo, auditRepo, nodeID).Register(authed)
handlers.NewDomainsHandler(domainsRepo, routingRepo, auditRepo, nodeID, haproxyReloader).Register(authed)
handlers.NewBackendsHandler(backendsRepo, auditRepo, nodeID, haproxyReloader).Register(authed)
handlers.NewRoutingRulesHandler(routingRepo, auditRepo, nodeID, haproxyReloader).Register(authed)
handlers.NewNetworksHandler(ifsRepo, ipsRepo, fwZones, auditRepo, nodeID).Register(authed)
handlers.NewIPAddressesHandler(ipsRepo, auditRepo, nodeID).Register(authed)
handlers.NewClusterHandler(clusterStore, nodeID).Register(authed)

2
cmd/edgeguard-ctl/main.go
View File

@@ -9,7 +9,7 @@ import (
"os"
)
var version = "1.0.7"
var version = "1.0.8"
const usage = `edgeguard-ctl — EdgeGuard CLI

2
cmd/edgeguard-scheduler/main.go
View File

@@ -5,7 +5,7 @@ import (
"time"
)
var version = "1.0.7"
var version = "1.0.8"
func main() {
log.Printf("edgeguard-scheduler %s starting", version)

22
internal/handlers/backends.go
View File

@@ -1,7 +1,9 @@
package handlers
import (
"context"
"errors"
"log/slog"
"strconv"
"github.com/gin-gonic/gin"
@@ -16,10 +18,20 @@ type BackendsHandler struct {
Repo *backends.Repo
Audit *audit.Repo
NodeID string
Reloader func(ctx context.Context) error
}
func NewBackendsHandler(repo *backends.Repo, a *audit.Repo, nodeID string) *BackendsHandler {
return &BackendsHandler{Repo: repo, Audit: a, NodeID: nodeID}
func NewBackendsHandler(repo *backends.Repo, a *audit.Repo, nodeID string, reloader func(context.Context) error) *BackendsHandler {
return &BackendsHandler{Repo: repo, Audit: a, NodeID: nodeID, Reloader: reloader}
}
func (h *BackendsHandler) reload(ctx context.Context, op string) {
if h.Reloader == nil {
return
}
if err := h.Reloader(ctx); err != nil {
slog.Warn("haproxy: reload after backend mutation failed", "op", op, "error", err)
}
}
func (h *BackendsHandler) Register(rg *gin.RouterGroup) {
@@ -69,7 +81,7 @@ func (h *BackendsHandler) Create(c *gin.Context) {
return
}
_ = h.Audit.Log(c.Request.Context(), actorOf(c), "backend.create", req.Name, out, h.NodeID)
response.Created(c, out)
response.Created(c, out); h.reload(c.Request.Context(), "create")
}
func (h *BackendsHandler) Update(c *gin.Context) {
@@ -92,7 +104,7 @@ func (h *BackendsHandler) Update(c *gin.Context) {
return
}
_ = h.Audit.Log(c.Request.Context(), actorOf(c), "backend.update", out.Name, out, h.NodeID)
response.OK(c, out)
response.OK(c, out); h.reload(c.Request.Context(), "update")
}
func (h *BackendsHandler) Delete(c *gin.Context) {
@@ -110,5 +122,5 @@ func (h *BackendsHandler) Delete(c *gin.Context) {
}
_ = h.Audit.Log(c.Request.Context(), actorOf(c), "backend.delete",
strconv.FormatInt(id, 10), gin.H{"id": id}, h.NodeID)
response.NoContent(c)
response.NoContent(c); h.reload(c.Request.Context(), "delete")
}

28
internal/handlers/domains.go
View File

@@ -1,7 +1,9 @@
package handlers
import (
"context"
"errors"
"log/slog"
"strconv"
"github.com/gin-gonic/gin"
@@ -18,10 +20,26 @@ type DomainsHandler struct {
Routing *routingrules.Repo
Audit *audit.Repo
NodeID string
// Reloader regenerates and applies the haproxy config. Symmetric
// to FirewallHandler.Reloader; called after every mutation so the
// running haproxy.cfg always matches the DB. Errors are logged
// but don't fail the API call (the row is committed and the
// operator can re-trigger via `edgeguard-ctl render-config`).
Reloader func(ctx context.Context) error
}
func NewDomainsHandler(repo *domains.Repo, routing *routingrules.Repo, a *audit.Repo, nodeID string) *DomainsHandler {
return &DomainsHandler{Repo: repo, Routing: routing, Audit: a, NodeID: nodeID}
func NewDomainsHandler(repo *domains.Repo, routing *routingrules.Repo, a *audit.Repo, nodeID string, reloader func(context.Context) error) *DomainsHandler {
return &DomainsHandler{Repo: repo, Routing: routing, Audit: a, NodeID: nodeID, Reloader: reloader}
}
func (h *DomainsHandler) reload(ctx context.Context, op string) {
if h.Reloader == nil {
return
}
if err := h.Reloader(ctx); err != nil {
slog.Warn("haproxy: reload after domain mutation failed", "op", op, "error", err)
}
}
func (h *DomainsHandler) Register(rg *gin.RouterGroup) {
@@ -72,7 +90,7 @@ func (h *DomainsHandler) Create(c *gin.Context) {
return
}
_ = h.Audit.Log(c.Request.Context(), actorOf(c), "domain.create", req.Name, out, h.NodeID)
response.Created(c, out)
response.Created(c, out); h.reload(c.Request.Context(), "create")
}
func (h *DomainsHandler) Update(c *gin.Context) {
@@ -95,7 +113,7 @@ func (h *DomainsHandler) Update(c *gin.Context) {
return
}
_ = h.Audit.Log(c.Request.Context(), actorOf(c), "domain.update", out.Name, out, h.NodeID)
response.OK(c, out)
response.OK(c, out); h.reload(c.Request.Context(), "update")
}
func (h *DomainsHandler) Delete(c *gin.Context) {
@@ -113,7 +131,7 @@ func (h *DomainsHandler) Delete(c *gin.Context) {
}
_ = h.Audit.Log(c.Request.Context(), actorOf(c), "domain.delete",
strconv.FormatInt(id, 10), gin.H{"id": id}, h.NodeID)
response.NoContent(c)
response.NoContent(c); h.reload(c.Request.Context(), "delete")
}
// ListRoutingRules narrows /routing-rules to one domain — UI uses this

22
internal/handlers/routingrules.go
View File

@@ -1,7 +1,9 @@
package handlers
import (
"context"
"errors"
"log/slog"
"strconv"
"github.com/gin-gonic/gin"
@@ -16,10 +18,20 @@ type RoutingRulesHandler struct {
Repo *routingrules.Repo
Audit *audit.Repo
NodeID string
Reloader func(ctx context.Context) error
}
func NewRoutingRulesHandler(repo *routingrules.Repo, a *audit.Repo, nodeID string) *RoutingRulesHandler {
return &RoutingRulesHandler{Repo: repo, Audit: a, NodeID: nodeID}
func NewRoutingRulesHandler(repo *routingrules.Repo, a *audit.Repo, nodeID string, reloader func(context.Context) error) *RoutingRulesHandler {
return &RoutingRulesHandler{Repo: repo, Audit: a, NodeID: nodeID, Reloader: reloader}
}
func (h *RoutingRulesHandler) reload(ctx context.Context, op string) {
if h.Reloader == nil {
return
}
if err := h.Reloader(ctx); err != nil {
slog.Warn("haproxy: reload after routing-rule mutation failed", "op", op, "error", err)
}
}
func (h *RoutingRulesHandler) Register(rg *gin.RouterGroup) {
@@ -70,7 +82,7 @@ func (h *RoutingRulesHandler) Create(c *gin.Context) {
}
_ = h.Audit.Log(c.Request.Context(), actorOf(c), "routing_rule.create",
strconv.FormatInt(out.ID, 10), out, h.NodeID)
response.Created(c, out)
response.Created(c, out); h.reload(c.Request.Context(), "create")
}
func (h *RoutingRulesHandler) Update(c *gin.Context) {
@@ -94,7 +106,7 @@ func (h *RoutingRulesHandler) Update(c *gin.Context) {
}
_ = h.Audit.Log(c.Request.Context(), actorOf(c), "routing_rule.update",
strconv.FormatInt(id, 10), out, h.NodeID)
response.OK(c, out)
response.OK(c, out); h.reload(c.Request.Context(), "update")
}
func (h *RoutingRulesHandler) Delete(c *gin.Context) {
@@ -112,5 +124,5 @@ func (h *RoutingRulesHandler) Delete(c *gin.Context) {
}
_ = h.Audit.Log(c.Request.Context(), actorOf(c), "routing_rule.delete",
strconv.FormatInt(id, 10), gin.H{"id": id}, h.NodeID)
response.NoContent(c)
response.NoContent(c); h.reload(c.Request.Context(), "delete")
}

2
management-ui/package.json
View File

@@ -1,7 +1,7 @@
{
"name": "edgeguard-management-ui",
"private": true,
"version": "1.0.7",
"version": "1.0.8",
"type": "module",
"scripts": {
"dev": "vite",

2
management-ui/src/components/Layout/Sidebar.tsx
View File

@@ -68,7 +68,7 @@ const NAV: NavSection[] = [
},
]
const VERSION = '1.0.7'
const VERSION = '1.0.8'
export default function Sidebar({ isOpen, onClose }: SidebarProps) {
const { t } = useTranslation()