Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Apache>
  3. Dev
Re: svn commit: r1903677 - in /httpd/httpd/trunk: changes-entries/ docs/manual/mod/ modules/md/ test/modules/md/
christophe.jaillet at wanadoo
Jan 9, 2023, 1:14 PM
Post #1 of 2 (121 views)
Permalink
Le 25/08/2022 à 16:00, icing@apache.org a écrit :
> Author: icing
> Date: Thu Aug 25 14:00:13 2022
> New Revision: 1903677
>
> URL: http://svn.apache.org/viewvc?rev=1903677&view=rev
> Log:
> mod_md v2.4.19 from github sync
>
> *) mod_md: a new directive `MDStoreLocks` can be used on cluster
> setups with a shared file system for `MDStoreDir` to order
> activation of renewed certificates when several cluster nodes are
> restarted at the same time. Store locks are not enabled by default.
>
> Restored curl_easy cleanup behaviour from v2.4.14 and refactored
> the use of curl_multi for OCSP requests to work with that.
> Fixes <https://github.com/icing/mod_md/issues/293>.
>
>
> Added:
> httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt
> httpd/httpd/trunk/test/modules/md/test_820_locks.py
> Modified:
> httpd/httpd/trunk/docs/manual/mod/mod_md.xml
> httpd/httpd/trunk/modules/md/md_curl.c
> httpd/httpd/trunk/modules/md/md_http.c
> httpd/httpd/trunk/modules/md/md_http.h
> httpd/httpd/trunk/modules/md/md_log.h
> httpd/httpd/trunk/modules/md/md_reg.c
> httpd/httpd/trunk/modules/md/md_reg.h
> httpd/httpd/trunk/modules/md/md_store.c
> httpd/httpd/trunk/modules/md/md_store.h
> httpd/httpd/trunk/modules/md/md_store_fs.c
> httpd/httpd/trunk/modules/md/md_version.h
> httpd/httpd/trunk/modules/md/mod_md.c
> httpd/httpd/trunk/modules/md/mod_md_config.c
> httpd/httpd/trunk/modules/md/mod_md_config.h
> httpd/httpd/trunk/test/modules/md/conftest.py
>
> Added: httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt?rev=1903677&view=auto
> ==============================================================================
> --- httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt (added)
> +++ httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt Thu Aug 25 14:00:13 2022
> @@ -0,0 +1,8 @@
> + *) mod_md: a new directive `MDStoreLocks` can be used on cluster
> + setups with a shared file system for `MDStoreDir` to order
> + activation of renewed certificates when several cluster nodes are
> + restarted at the same time. Store locks are not enabled by default.
> +
> + Restored curl_easy cleanup behaviour from v2.4.14 and refactored
> + the use of curl_multi for OCSP requests to work with that.
> + Fixes <https://github.com/icing/mod_md/issues/293>.
>
> Modified: httpd/httpd/trunk/docs/manual/mod/mod_md.xml
> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_md.xml?rev=1903677&r1=1903676&r2=1903677&view=diff
> ==============================================================================
> --- httpd/httpd/trunk/docs/manual/mod/mod_md.xml (original)
> +++ httpd/httpd/trunk/docs/manual/mod/mod_md.xml Thu Aug 25 14:00:13 2022
> @@ -1405,7 +1405,7 @@ MDMessageCmd /etc/apache/md-message
> </usage>
> </directivesynopsis>
>
> - <directivesynopsis>
> + <directivesynopsis>
> <name>MDRetryFailover</name>
> <description></description>
> <syntax>MDRetryFailover <var>number</var></syntax>
> @@ -1423,5 +1423,39 @@ MDMessageCmd /etc/apache/md-message
> </p>
> </usage>
> </directivesynopsis>
> +
> + <directivesynopsis>
> + <name>MDStoreLocks</name>
> + <description></description>

Hi,

a description is missing.
Not sure how to write it myself.

CJ

> + <syntax>MDStoreLocks on|off|<var>duration</var></syntax>
> + <default>MDStoreLocks off</default>
> + <contextlist>
> + <context>server config</context>
> + </contextlist>
> + <compatibility>Available in version 2.4.55 and later</compatibility>
> + <usage>
> + <p>
> + Enable this to use a lock file on server startup when
> + <directive>MDStoreDir</directive> is synchronized with the server
> + configuration and renewed certificates are activated.
> + </p><p>
> + Locking is intended for setups in a cluster that have a shared
> + file system for MDStoreDir. It will protect the activation of
> + renewed certificates when cluster nodes are restarted/reloaded
> + at the same time. Under the condition that the shared file
> + system does support file locking.
> + </p><p>
> + The default duration to obtain the lock is 5 seconds. If the log
> + cannot be obtained, an error is logged and the server startup will
> + continue. This may result in a cluster node to still use the
> + previous certificate afterwards.
> + </p><p>
> + A higher timeout will reduce that likelihood, but may delay server
> + startups/reloads in case the locks are not properly handled in
> + the underlying file system. A lock should only be held by a
> + httpd instance for a short duration.
> + </p>
> + </usage>
> + </directivesynopsis>
Re: svn commit: r1903677 - in /httpd/httpd/trunk: changes-entries/ docs/manual/mod/ modules/md/ test/modules/md/ [ In reply to ]
dev at httpd
Jan 10, 2023, 1:14 AM
Post #2 of 2 (119 views)
Permalink
> Am 09.01.2023 um 22:14 schrieb Christophe JAILLET <christophe.jaillet@wanadoo.fr>:
>
> Le 25/08/2022 à 16:00, icing@apache.org a écrit :
>> Author: icing
>> Date: Thu Aug 25 14:00:13 2022
>> New Revision: 1903677
>> URL: http://svn.apache.org/viewvc?rev=1903677&view=rev
>> Log:
>> mod_md v2.4.19 from github sync
>> *) mod_md: a new directive `MDStoreLocks` can be used on cluster
>> setups with a shared file system for `MDStoreDir` to order
>> activation of renewed certificates when several cluster nodes are
>> restarted at the same time. Store locks are not enabled by default.
>> Restored curl_easy cleanup behaviour from v2.4.14 and refactored
>> the use of curl_multi for OCSP requests to work with that.
>> Fixes <https://github.com/icing/mod_md/issues/293>.
>> Added:
>> httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt
>> httpd/httpd/trunk/test/modules/md/test_820_locks.py
>> Modified:
>> httpd/httpd/trunk/docs/manual/mod/mod_md.xml
>> httpd/httpd/trunk/modules/md/md_curl.c
>> httpd/httpd/trunk/modules/md/md_http.c
>> httpd/httpd/trunk/modules/md/md_http.h
>> httpd/httpd/trunk/modules/md/md_log.h
>> httpd/httpd/trunk/modules/md/md_reg.c
>> httpd/httpd/trunk/modules/md/md_reg.h
>> httpd/httpd/trunk/modules/md/md_store.c
>> httpd/httpd/trunk/modules/md/md_store.h
>> httpd/httpd/trunk/modules/md/md_store_fs.c
>> httpd/httpd/trunk/modules/md/md_version.h
>> httpd/httpd/trunk/modules/md/mod_md.c
>> httpd/httpd/trunk/modules/md/mod_md_config.c
>> httpd/httpd/trunk/modules/md/mod_md_config.h
>> httpd/httpd/trunk/test/modules/md/conftest.py
>> Added: httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt
>> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt?rev=1903677&view=auto
>> ==============================================================================
>> --- httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt (added)
>> +++ httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt Thu Aug 25 14:00:13 2022
>> @@ -0,0 +1,8 @@
>> + *) mod_md: a new directive `MDStoreLocks` can be used on cluster
>> + setups with a shared file system for `MDStoreDir` to order
>> + activation of renewed certificates when several cluster nodes are
>> + restarted at the same time. Store locks are not enabled by default.
>> +
>> + Restored curl_easy cleanup behaviour from v2.4.14 and refactored
>> + the use of curl_multi for OCSP requests to work with that.
>> + Fixes <https://github.com/icing/mod_md/issues/293>.
>> Modified: httpd/httpd/trunk/docs/manual/mod/mod_md.xml
>> URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_md.xml?rev=1903677&r1=1903676&r2=1903677&view=diff
>> ==============================================================================
>> --- httpd/httpd/trunk/docs/manual/mod/mod_md.xml (original)
>> +++ httpd/httpd/trunk/docs/manual/mod/mod_md.xml Thu Aug 25 14:00:13 2022
>> @@ -1405,7 +1405,7 @@ MDMessageCmd /etc/apache/md-message
>> </usage>
>> </directivesynopsis>
>> - <directivesynopsis>
>> + <directivesynopsis>
>> <name>MDRetryFailover</name>
>> <description></description>
>> <syntax>MDRetryFailover <var>number</var></syntax>
>> @@ -1423,5 +1423,39 @@ MDMessageCmd /etc/apache/md-message
>> </p>
>> </usage>
>> </directivesynopsis>
>> +
>> + <directivesynopsis>
>> + <name>MDStoreLocks</name>
>> + <description></description>
>
> Hi,
>
> a description is missing.
> Not sure how to write it myself.

ChatGPT?
-.-
>
> CJ
>
>> + <syntax>MDStoreLocks on|off|<var>duration</var></syntax>
>> + <default>MDStoreLocks off</default>
>> + <contextlist>
>> + <context>server config</context>
>> + </contextlist>
>> + <compatibility>Available in version 2.4.55 and later</compatibility>
>> + <usage>
>> + <p>
>> + Enable this to use a lock file on server startup when
>> + <directive>MDStoreDir</directive> is synchronized with the server
>> + configuration and renewed certificates are activated.
>> + </p><p>
>> + Locking is intended for setups in a cluster that have a shared
>> + file system for MDStoreDir. It will protect the activation of
>> + renewed certificates when cluster nodes are restarted/reloaded
>> + at the same time. Under the condition that the shared file
>> + system does support file locking.
>> + </p><p>
>> + The default duration to obtain the lock is 5 seconds. If the log
>> + cannot be obtained, an error is logged and the server startup will
>> + continue. This may result in a cluster node to still use the
>> + previous certificate afterwards.
>> + </p><p>
>> + A higher timeout will reduce that likelihood, but may delay server
>> + startups/reloads in case the locks are not properly handled in
>> + the underlying file system. A lock should only be held by a
>> + httpd instance for a short duration.
>> + </p>
>> + </usage>
>> + </directivesynopsis>
>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal