mirror of
https://github.com/certbot/certbot.git
synced 2026-01-26 07:41:33 +03:00
de867e26c8
This splits out the single daemon into four different daemons (for makechallenge, testchallenge, and issue, and for logging), switches all but the logging daemon to no longer use pubsub (but instead use brpop, which is a blocking queue pop), and tracks the number of times that a given session has been tested (limited to 3). There are also new scripts to try to start and stop all the daemons with a single command.
38 lines
1.8 KiB
Plaintext
38 lines
1.8 KiB
Plaintext
# The queue mechanism with pending-* is supposed to control
|
|
# concurrency issues properly, but this needs verification
|
|
# to ensure that there are no possible race conditions.
|
|
# Generally, the server process (as distinct from the daemon)
|
|
# is not supposed to change sessions at all once they have
|
|
# been added to a queue, except for marking them no longer
|
|
# live if the server realizes that something bad has happened
|
|
# to them. There may be some exceptions, and they should all
|
|
# be analyzed for possible races.
|
|
|
|
# TODO: check sessions' internal evidence for consistency
|
|
# with their queue membership (in case of crashes or bugs).
|
|
# In particular, check that a session in pending-makechallenge
|
|
# does not actually contain any challenges and that a
|
|
# session in pending-issue does not actually contain an
|
|
# issued cert.
|
|
|
|
# TODO: write queue rebuilding script that uses sessions'
|
|
# internal state to decide which queue they go in (to
|
|
# run when starting daemon, in case there was a crash
|
|
# that caused a session not to be in any pending queue
|
|
# because the daemon was actively working on it during
|
|
# the crash); consider marking sessions "dirty" when
|
|
# beginning to actually modify their contents in order
|
|
# to allow dirty sessions to be deleted after a crash instead
|
|
# of placing them back on a queue. Or, we could just
|
|
# decide that a crash invalidates each and every pending
|
|
# request, period, while still allowing clients to look
|
|
# up successfully issued certs.
|
|
|
|
# NOTE: The daemon enforces its own timeouts, which are
|
|
# defined in the ancient() function. These timeouts apply
|
|
# to any session that has been placed in a queue and can
|
|
# be completely independent of the session timeout policy
|
|
# in the server. Being marked as dead at any time by either
|
|
# the server or the daemon (due to timeout or error) causes
|
|
# a session to be treated as dead by both.
|