Re: svn commit: r1903677 - in /httpd/httpd/trunk: changes-entries/ docs/manual/mod/ modules/md/ test/modules/md/

Mon, 09 Jan 2023 13:14:53 -0800 

Le 25/08/2022 à 16:00, ic...@apache.org a écrit :

Author: icing
Date: Thu Aug 25 14:00:13 2022
New Revision: 1903677

URL: http://svn.apache.org/viewvc?rev=1903677&view=rev
Log:
mod_md v2.4.19 from github sync

   *) mod_md: a new directive `MDStoreLocks` can be used on cluster
      setups with a shared file system for `MDStoreDir` to order
      activation of renewed certificates when several cluster nodes are
      restarted at the same time. Store locks are not enabled by default.

      Restored curl_easy cleanup behaviour from v2.4.14 and refactored
      the use of curl_multi for OCSP requests to work with that.
      Fixes <https://github.com/icing/mod_md/issues/293>.


Added:
     httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt
     httpd/httpd/trunk/test/modules/md/test_820_locks.py
Modified:
     httpd/httpd/trunk/docs/manual/mod/mod_md.xml
     httpd/httpd/trunk/modules/md/md_curl.c
     httpd/httpd/trunk/modules/md/md_http.c
     httpd/httpd/trunk/modules/md/md_http.h
     httpd/httpd/trunk/modules/md/md_log.h
     httpd/httpd/trunk/modules/md/md_reg.c
     httpd/httpd/trunk/modules/md/md_reg.h
     httpd/httpd/trunk/modules/md/md_store.c
     httpd/httpd/trunk/modules/md/md_store.h
     httpd/httpd/trunk/modules/md/md_store_fs.c
     httpd/httpd/trunk/modules/md/md_version.h
     httpd/httpd/trunk/modules/md/mod_md.c
     httpd/httpd/trunk/modules/md/mod_md_config.c
     httpd/httpd/trunk/modules/md/mod_md_config.h
     httpd/httpd/trunk/test/modules/md/conftest.py

Added: httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt
URL: 
http://svn.apache.org/viewvc/httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt?rev=1903677&view=auto
==============================================================================
--- httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt (added)
+++ httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt Thu Aug 25 14:00:13 
2022
@@ -0,0 +1,8 @@
+  *) mod_md: a new directive `MDStoreLocks` can be used on cluster
+     setups with a shared file system for `MDStoreDir` to order
+     activation of renewed certificates when several cluster nodes are
+     restarted at the same time. Store locks are not enabled by default.
+
+     Restored curl_easy cleanup behaviour from v2.4.14 and refactored
+     the use of curl_multi for OCSP requests to work with that.
+     Fixes <https://github.com/icing/mod_md/issues/293>.

Modified: httpd/httpd/trunk/docs/manual/mod/mod_md.xml
URL: 
http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_md.xml?rev=1903677&r1=1903676&r2=1903677&view=diff
==============================================================================
--- httpd/httpd/trunk/docs/manual/mod/mod_md.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_md.xml Thu Aug 25 14:00:13 2022
@@ -1405,7 +1405,7 @@ MDMessageCmd /etc/apache/md-message
          </usage>
      </directivesynopsis>
- <directivesynopsis> 
+    <directivesynopsis>
          <name>MDRetryFailover</name>
          <description></description>
          <syntax>MDRetryFailover <var>number</var></syntax>
@@ -1423,5 +1423,39 @@ MDMessageCmd /etc/apache/md-message
              </p>
          </usage>
      </directivesynopsis>
+
+    <directivesynopsis>
+        <name>MDStoreLocks</name>
+        <description></description>


Hi,

a description is missing.
Not sure how to write it myself.

CJ


+        <syntax>MDStoreLocks on|off|<var>duration</var></syntax>
+        <default>MDStoreLocks off</default>
+        <contextlist>
+            <context>server config</context>
+        </contextlist>
+        <compatibility>Available in version 2.4.55 and later</compatibility>
+        <usage>
+            <p>
+                Enable this to use a lock file on server startup when
+                <directive>MDStoreDir</directive> is synchronized with the 
server
+                configuration and renewed certificates are activated.
+            </p><p>
+                Locking is intended for setups in a cluster that have a shared
+                file system for MDStoreDir. It will protect the activation of
+                renewed certificates when cluster nodes are restarted/reloaded
+                at the same time. Under the condition that the shared file
+                 system does support file locking.
+            </p><p>
+                The default duration to obtain the lock is 5 seconds. If the 
log
+                cannot be obtained, an error is logged and the server startup 
will
+                continue. This may result in a cluster node to still use the
+                previous certificate afterwards.
+            </p><p>
+                A higher timeout will reduce that likelihood, but may delay 
server
+                startups/reloads in case the locks are not properly handled in
+                the underlying file system. A lock should only be held by a
+                httpd instance for a short duration.
+            </p>
+        </usage>
+    </directivesynopsis>

Reply via email to