Re: svn commit: r1903677 - in /httpd/httpd/trunk: changes-entries/ docs/manual/mod/ modules/md/ test/modules/md/

[Stefan Eissing via dev]

> Am 09.01.2023 um 22:14 schrieb Christophe JAILLET 
> :
> 
> Le 25/08/2022 à 16:00, ic...@apache.org a écrit :
>> Author: icing
>> Date: Thu Aug 25 14:00:13 2022
>> New Revision: 1903677
>> URL: http://svn.apache.org/viewvc?rev=1903677&view=rev
>> Log:
>> mod_md v2.4.19 from github sync
>>   *) mod_md: a new directive `MDStoreLocks` can be used on cluster
>>  setups with a shared file system for `MDStoreDir` to order
>>  activation of renewed certificates when several cluster nodes are
>>  restarted at the same time. Store locks are not enabled by default.
>>  Restored curl_easy cleanup behaviour from v2.4.14 and refactored
>>  the use of curl_multi for OCSP requests to work with that.
>>  Fixes .
>> Added:
>> httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt
>> httpd/httpd/trunk/test/modules/md/test_820_locks.py
>> Modified:
>> httpd/httpd/trunk/docs/manual/mod/mod_md.xml
>> httpd/httpd/trunk/modules/md/md_curl.c
>> httpd/httpd/trunk/modules/md/md_http.c
>> httpd/httpd/trunk/modules/md/md_http.h
>> httpd/httpd/trunk/modules/md/md_log.h
>> httpd/httpd/trunk/modules/md/md_reg.c
>> httpd/httpd/trunk/modules/md/md_reg.h
>> httpd/httpd/trunk/modules/md/md_store.c
>> httpd/httpd/trunk/modules/md/md_store.h
>> httpd/httpd/trunk/modules/md/md_store_fs.c
>> httpd/httpd/trunk/modules/md/md_version.h
>> httpd/httpd/trunk/modules/md/mod_md.c
>> httpd/httpd/trunk/modules/md/mod_md_config.c
>> httpd/httpd/trunk/modules/md/mod_md_config.h
>> httpd/httpd/trunk/test/modules/md/conftest.py
>> Added: httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt
>> URL: 
>> http://svn.apache.org/viewvc/httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt?rev=1903677&view=auto
>> ==
>> --- httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt (added)
>> +++ httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt Thu Aug 25 
>> 14:00:13 2022
>> @@ -0,0 +1,8 @@
>> +  *) mod_md: a new directive `MDStoreLocks` can be used on cluster
>> + setups with a shared file system for `MDStoreDir` to order
>> + activation of renewed certificates when several cluster nodes are
>> + restarted at the same time. Store locks are not enabled by default.
>> +
>> + Restored curl_easy cleanup behaviour from v2.4.14 and refactored
>> + the use of curl_multi for OCSP requests to work with that.
>> + Fixes .
>> Modified: httpd/httpd/trunk/docs/manual/mod/mod_md.xml
>> URL: 
>> http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_md.xml?rev=1903677&r1=1903676&r2=1903677&view=diff
>> ==
>> --- httpd/httpd/trunk/docs/manual/mod/mod_md.xml (original)
>> +++ httpd/httpd/trunk/docs/manual/mod/mod_md.xml Thu Aug 25 14:00:13 2022
>> @@ -1405,7 +1405,7 @@ MDMessageCmd /etc/apache/md-message
>>  
>>  
>>  -
>> +
>>  MDRetryFailover
>>  
>>  MDRetryFailover number
>> @@ -1423,5 +1423,39 @@ MDMessageCmd /etc/apache/md-message
>>  
>>  
>>  
>> +
>> +
>> +MDStoreLocks
>> +
> 
> Hi,
> 
> a description is missing.
> Not sure how to write it myself.

ChatGPT?
-.-
> 
> CJ
> 
>> +MDStoreLocks on|off|duration
>> +MDStoreLocks off
>> +
>> +server config
>> +
>> +Available in version 2.4.55 and later
>> +
>> +
>> +Enable this to use a lock file on server startup when
>> +MDStoreDir is synchronized with the 
>> server
>> +configuration and renewed certificates are activated.
>> +
>> +Locking is intended for setups in a cluster that have a 
>> shared
>> +file system for MDStoreDir. It will protect the activation 
>> of
>> +renewed certificates when cluster nodes are 
>> restarted/reloaded
>> +at the same time. Under the condition that the shared file
>> + system does support file locking.
>> +
>> +The default duration to obtain the lock is 5 seconds. If 
>> the log
>> +cannot be obtained, an error is logged and the server 
>> startup will
>> +continue. This may result in a cluster node to still use the
>> +previous certificate afterwards.
>> +
>> +A higher timeout will reduce that likelihood, but may delay 
>> server
>> +startups/reloads in case the locks are not properly handled 
>> in
>> +the underlying file system. A lock should only be held by a
>> +httpd instance for a short duration.
>> +
>> +
>> +
> 

Re: svn commit: r1903677 - in /httpd/httpd/trunk: changes-entries/ docs/manual/mod/ modules/md/ test/modules/md/

[Christophe JAILLET]

Le 25/08/2022 à 16:00, ic...@apache.org a écrit :

Author: icing
Date: Thu Aug 25 14:00:13 2022
New Revision: 1903677

URL: http://svn.apache.org/viewvc?rev=1903677&view=rev
Log:
mod_md v2.4.19 from github sync

   *) mod_md: a new directive `MDStoreLocks` can be used on cluster
  setups with a shared file system for `MDStoreDir` to order
  activation of renewed certificates when several cluster nodes are
  restarted at the same time. Store locks are not enabled by default.

  Restored curl_easy cleanup behaviour from v2.4.14 and refactored
  the use of curl_multi for OCSP requests to work with that.
  Fixes .


Added:
 httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt
 httpd/httpd/trunk/test/modules/md/test_820_locks.py
Modified:
 httpd/httpd/trunk/docs/manual/mod/mod_md.xml
 httpd/httpd/trunk/modules/md/md_curl.c
 httpd/httpd/trunk/modules/md/md_http.c
 httpd/httpd/trunk/modules/md/md_http.h
 httpd/httpd/trunk/modules/md/md_log.h
 httpd/httpd/trunk/modules/md/md_reg.c
 httpd/httpd/trunk/modules/md/md_reg.h
 httpd/httpd/trunk/modules/md/md_store.c
 httpd/httpd/trunk/modules/md/md_store.h
 httpd/httpd/trunk/modules/md/md_store_fs.c
 httpd/httpd/trunk/modules/md/md_version.h
 httpd/httpd/trunk/modules/md/mod_md.c
 httpd/httpd/trunk/modules/md/mod_md_config.c
 httpd/httpd/trunk/modules/md/mod_md_config.h
 httpd/httpd/trunk/test/modules/md/conftest.py

Added: httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt
URL: 
http://svn.apache.org/viewvc/httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt?rev=1903677&view=auto
==
--- httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt (added)
+++ httpd/httpd/trunk/changes-entries/md_locks_and_fix.txt Thu Aug 25 14:00:13 
2022
@@ -0,0 +1,8 @@
+  *) mod_md: a new directive `MDStoreLocks` can be used on cluster
+ setups with a shared file system for `MDStoreDir` to order
+ activation of renewed certificates when several cluster nodes are
+ restarted at the same time. Store locks are not enabled by default.
+
+ Restored curl_easy cleanup behaviour from v2.4.14 and refactored
+ the use of curl_multi for OCSP requests to work with that.
+ Fixes .

Modified: httpd/httpd/trunk/docs/manual/mod/mod_md.xml
URL: 
http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_md.xml?rev=1903677&r1=1903676&r2=1903677&view=diff
==
--- httpd/httpd/trunk/docs/manual/mod/mod_md.xml (original)
+++ httpd/httpd/trunk/docs/manual/mod/mod_md.xml Thu Aug 25 14:00:13 2022
@@ -1405,7 +1405,7 @@ MDMessageCmd /etc/apache/md-message
  
  
  
-

+
  MDRetryFailover
  
  MDRetryFailover number
@@ -1423,5 +1423,39 @@ MDMessageCmd /etc/apache/md-message
  
  
  
+
+
+MDStoreLocks
+


Hi,

a description is missing.
Not sure how to write it myself.

CJ


+MDStoreLocks on|off|duration
+MDStoreLocks off
+
+server config
+
+Available in version 2.4.55 and later
+
+
+Enable this to use a lock file on server startup when
+MDStoreDir is synchronized with the 
server
+configuration and renewed certificates are activated.
+
+Locking is intended for setups in a cluster that have a shared
+file system for MDStoreDir. It will protect the activation of
+renewed certificates when cluster nodes are restarted/reloaded
+at the same time. Under the condition that the shared file
+ system does support file locking.
+
+The default duration to obtain the lock is 5 seconds. If the 
log
+cannot be obtained, an error is logged and the server startup 
will
+continue. This may result in a cluster node to still use the
+previous certificate afterwards.
+
+A higher timeout will reduce that likelihood, but may delay 
server
+startups/reloads in case the locks are not properly handled in
+the underlying file system. A lock should only be held by a
+httpd instance for a short duration.
+
+
+