From e8b789f5e047c074af25dd814ed8309216d57e0f Mon Sep 17 00:00:00 2001 From: Alex Auvolat Date: Tue, 7 Dec 2021 18:40:20 +0100 Subject: Better locking --- src/cert_store.rs | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/cert_store.rs b/src/cert_store.rs index eca39b9..a2f67ec 100644 --- a/src/cert_store.rs +++ b/src/cert_store.rs @@ -87,6 +87,9 @@ impl CertStore { info!("Renewing certificate for {}", domain); // ---- Acquire lock ---- + // the lock is acquired for fifteen minutes, + // so that in case of an error we won't retry before + // that delay expires let lock_path = format!("renew_lock/{}", domain); let lock_name = format!("tricot/renew:{}@{}", domain, self.consul.local_node.clone()); @@ -94,12 +97,14 @@ impl CertStore { .consul .create_session(&ConsulSessionRequest { name: lock_name.clone(), - node: Some(self.consul.local_node.clone()), - lock_delay: Some("30s".into()), - ttl: Some("1m".into()), + node: None, + lock_delay: Some("15m".into()), + ttl: Some("30m".into()), behavior: Some("delete".into()), }) .await?; + debug!("Lock session: {}", session); + if !self .consul .acquire(&lock_path, lock_name.clone().into(), &session) @@ -141,7 +146,7 @@ impl CertStore { let chall = auths[0].http_challenge().unwrap(); let chall_key = format!("challenge/{}", chall.http_token()); self.consul - .kv_put(&chall_key, chall.http_proof()?.into()) + .acquire(&chall_key, chall.http_proof()?.into(), &session) .await?; info!("Validating challenge"); -- cgit v1.2.3