mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-12-01 07:41:07 +01:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: acme: better challenge_ready processing

Browse Source 
Improve the challenge_ready processing:

- do a lookup directly instead looping in the task tree
- only do a task_wakeup when every challenges are ready to avoid starting
  the task and stopping it just after
- Compute the number of remaining challenge to setup
- Output a message giving the number of remaining challenges to setup
  and if the task started again.

Backport to 3.2.
This commit is contained in:
William Lallemand 2025-11-21 22:47:52 +01:00
parent 8418c001ce
commit d77d3479ed
1 changed files with 21 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
src/acme.c
View File

@ -2856,54 +2856,58 @@ err:
static int cli_acme_chall_ready_parse(char **args, char *payload, struct appctx *appctx, void *private) static int cli_acme_chall_ready_parse(char **args, char *payload, struct appctx *appctx, void *private)
{ {
char *errmsg = NULL; char *msg = NULL;
const char *crt; const char *crt;
const char *dns; const char *dns;
struct acme_ctx *ctx; struct acme_ctx *ctx;
struct acme_auth *auth; struct acme_auth *auth;
int found = 0; int found = 0;
int remain = 0;
struct ebmb_node *node = NULL; struct ebmb_node *node = NULL;
if (!*args[2] && !*args[3] && !*args[4]) { if (!*args[2] && !*args[3] && !*args[4]) {
memprintf(&errmsg, ": not enough parameters\n"); memprintf(&msg, ": not enough parameters\n");
goto err; goto err;
} }
crt = args[2]; crt = args[2];
dns = args[4]; dns = args[4];
HA_RWLOCK_RDLOCK(OTHER_LOCK, &acme_lock); HA_RWLOCK_WRLOCK(OTHER_LOCK, &acme_lock);
node = ebmb_first(&acme_tasks); node = ebst_lookup(&acme_tasks, crt);
while (node) { if (node) {
ctx = ebmb_entry(node, struct acme_ctx, node); ctx = ebmb_entry(node, struct acme_ctx, node);
if (strcmp(ctx->store->path, crt) != 0)
continue;
auth = ctx->auths; auth = ctx->auths;
while (auth) { while (auth) {
if (strncmp(dns, auth->dns.ptr, auth->dns.len) == 0) { if (strncmp(dns, auth->dns.ptr, auth->dns.len) == 0) {
if (!auth->ready) { if (!auth->ready) {
auth->ready = 1; auth->ready = 1;
task_wakeup(ctx->task, TASK_WOKEN_MSG); found++;
found = 1;
} else { } else {
memprintf(&errmsg, "ACME challenge for crt \"%s\" and dns \"%s\" was already READY !\n", crt, dns); memprintf(&msg, "ACME challenge for crt \"%s\" and dns \"%s\" was already READY !\n", crt, dns);
} }
} }
if (auth->ready == 0)
remain++;
auth = auth->next; auth = auth->next;
} }
node = ebmb_next(node);
} }
HA_RWLOCK_RDUNLOCK(OTHER_LOCK, &acme_lock); HA_RWLOCK_WRUNLOCK(OTHER_LOCK, &acme_lock);
if (!found) { if (!found) {
memprintf(&errmsg, "Couldn't find the ACME task using crt \"%s\" and dns \"%s\" !\n", crt, dns); if (!msg)
memprintf(&msg, "Couldn't find the ACME task using crt \"%s\" and dns \"%s\" !\n", crt, dns);
goto err; goto err;
} }
return cli_msg(appctx, LOG_INFO, "Challenge Ready!"); if (!remain) {
task_wakeup(ctx->task, TASK_WOKEN_MSG);
return cli_dynmsg(appctx, LOG_INFO, memprintf(&msg, "%d '%s' challenge(s) ready! All challenges ready, starting challenges validation!", found, dns));
} else {
return cli_dynmsg(appctx, LOG_INFO, memprintf(&msg, "%d '%s' challenge(s) ready! Remaining challenges to deploy: %d", found, dns, remain));
}
err: err:
return cli_dynerr(appctx, errmsg); return cli_dynerr(appctx, msg);
} }
static int cli_acme_status_io_handler(struct appctx *appctx) static int cli_acme_status_io_handler(struct appctx *appctx)