Re: svn commit: r1903677 - in /httpd/httpd/trunk: changes-entries/ docs/manual/mod/ modules/md/ test/modules/md/

Tue, 10 Jan 2023 01:16:05 -0800 


> Am 09.01.2023 um 22:14 schrieb Christophe JAILLET 
> <christophe.jail...@wanadoo.fr>:
> 
> Le 25/08/2022 à 16:00, ic...@apache.org a écrit :
>> Author: icing
>> Date: Thu Aug 25 14:00:13 2022
>> New Revision: 1903677
>> URL: http://svn.apache.org/viewvc?rev=1903677&view=rev
>> Log:
>> mod_md v2.4.19 from github sync
>>   *) mod_md: a new directive `MDStoreLocks` can be used on cluster
>>      setups with a shared file system for `MDStoreDir` to order
>>      activation of renewed certificates when several cluster nodes are
>>      restarted at the same time. Store locks are not enabled by default.
>>      Restored curl_easy cleanup behaviour from v2.4.14 and refactored
>>      the use of curl_multi for OCSP requests to work with that.
>>      Fixes <https://github.com/icing/mod_md/issues/293>.
>> Added:
>>     httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt
>>     httpd/httpd/trunk/test/modules/md/test_820_locks.py
>> Modified:
>>     httpd/httpd/trunk/docs/manual/mod/mod_md.xml
>>     httpd/httpd/trunk/modules/md/md_curl.c
>>     httpd/httpd/trunk/modules/md/md_http.c
>>     httpd/httpd/trunk/modules/md/md_http.h
>>     httpd/httpd/trunk/modules/md/md_log.h
>>     httpd/httpd/trunk/modules/md/md_reg.c
>>     httpd/httpd/trunk/modules/md/md_reg.h
>>     httpd/httpd/trunk/modules/md/md_store.c
>>     httpd/httpd/trunk/modules/md/md_store.h
>>     httpd/httpd/trunk/modules/md/md_store_fs.c
>>     httpd/httpd/trunk/modules/md/md_version.h
>>     httpd/httpd/trunk/modules/md/mod_md.c
>>     httpd/httpd/trunk/modules/md/mod_md_config.c
>>     httpd/httpd/trunk/modules/md/mod_md_config.h
>>     httpd/httpd/trunk/test/modules/md/conftest.py
>> Added: httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt
>> URL: 
>> http://svn.apache.org/viewvc/httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt?rev=1903677&view=auto
>> ==============================================================================
>> --- httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt (added)
>> +++ httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt Thu Aug 25 
>> 14:00:13 2022
>> @@ -0,0 +1,8 @@
>> +  *) mod_md: a new directive `MDStoreLocks` can be used on cluster
>> +     setups with a shared file system for `MDStoreDir` to order
>> +     activation of renewed certificates when several cluster nodes are
>> +     restarted at the same time. Store locks are not enabled by default.
>> +
>> +     Restored curl_easy cleanup behaviour from v2.4.14 and refactored
>> +     the use of curl_multi for OCSP requests to work with that.
>> +     Fixes <https://github.com/icing/mod_md/issues/293>.
>> Modified: httpd/httpd/trunk/docs/manual/mod/mod_md.xml
>> URL: 
>> http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_md.xml?rev=1903677&r1=1903676&r2=1903677&view=diff
>> ==============================================================================
>> --- httpd/httpd/trunk/docs/manual/mod/mod_md.xml (original)
>> +++ httpd/httpd/trunk/docs/manual/mod/mod_md.xml Thu Aug 25 14:00:13 2022
>> @@ -1405,7 +1405,7 @@ MDMessageCmd /etc/apache/md-message
>>          </usage>
>>      </directivesynopsis>
>>  -        <directivesynopsis>
>> +    <directivesynopsis>
>>          <name>MDRetryFailover</name>
>>          <description></description>
>>          <syntax>MDRetryFailover <var>number</var></syntax>
>> @@ -1423,5 +1423,39 @@ MDMessageCmd /etc/apache/md-message
>>              </p>
>>          </usage>
>>      </directivesynopsis>
>> +
>> +    <directivesynopsis>
>> +        <name>MDStoreLocks</name>
>> +        <description></description>
> 
> Hi,
> 
> a description is missing.
> Not sure how to write it myself.

ChatGPT?
-.-
> 
> CJ
> 
>> +        <syntax>MDStoreLocks on|off|<var>duration</var></syntax>
>> +        <default>MDStoreLocks off</default>
>> +        <contextlist>
>> +            <context>server config</context>
>> +        </contextlist>
>> +        <compatibility>Available in version 2.4.55 and later</compatibility>
>> +        <usage>
>> +            <p>
>> +                Enable this to use a lock file on server startup when
>> +                <directive>MDStoreDir</directive> is synchronized with the 
>> server
>> +                configuration and renewed certificates are activated.
>> +            </p><p>
>> +                Locking is intended for setups in a cluster that have a 
>> shared
>> +                file system for MDStoreDir. It will protect the activation 
>> of
>> +                renewed certificates when cluster nodes are 
>> restarted/reloaded
>> +                at the same time. Under the condition that the shared file
>> +                 system does support file locking.
>> +            </p><p>
>> +                The default duration to obtain the lock is 5 seconds. If 
>> the log
>> +                cannot be obtained, an error is logged and the server 
>> startup will
>> +                continue. This may result in a cluster node to still use the
>> +                previous certificate afterwards.
>> +            </p><p>
>> +                A higher timeout will reduce that likelihood, but may delay 
>> server
>> +                startups/reloads in case the locks are not properly handled 
>> in
>> +                the underlying file system. A lock should only be held by a
>> +                httpd instance for a short duration.
>> +            </p>
>> +        </usage>
>> +    </directivesynopsis>
> 























					Reply via email to