diff options
author | Stefan Eissing <icing@apache.org> | 2022-08-25 14:00:13 +0000 |
---|---|---|
committer | Stefan Eissing <icing@apache.org> | 2022-08-25 14:00:13 +0000 |
commit | f2b7303efa8c3a12d3f119ba100e633f685943b2 (patch) | |
tree | 8b789558fc52d2e51039474a8ec3179fc1a1b2df /test | |
parent | d0b4a30216b5c97ca493e657681af36dc79ecf98 (diff) | |
download | httpd-f2b7303efa8c3a12d3f119ba100e633f685943b2.tar.gz |
mod_md v2.4.19 from github sync
*) mod_md: a new directive `MDStoreLocks` can be used on cluster
setups with a shared file system for `MDStoreDir` to order
activation of renewed certificates when several cluster nodes are
restarted at the same time. Store locks are not enabled by default.
Restored curl_easy cleanup behaviour from v2.4.14 and refactored
the use of curl_multi for OCSP requests to work with that.
Fixes <https://github.com/icing/mod_md/issues/293>.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1903677 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'test')
-rwxr-xr-x | test/modules/md/conftest.py | 2 | ||||
-rw-r--r-- | test/modules/md/test_820_locks.py | 72 |
2 files changed, 74 insertions, 0 deletions
diff --git a/test/modules/md/conftest.py b/test/modules/md/conftest.py index 146d0316b9..04165a2dfc 100755 --- a/test/modules/md/conftest.py +++ b/test/modules/md/conftest.py @@ -51,6 +51,7 @@ def _session_scope(env): 'AH10170', # mod_md, wrong config, tested 'AH10171', # mod_md, wrong config, tested 'AH10373', # SSL errors on uncompleted handshakes + 'AH10398', # test on global store lock ]) env.httpd_error_log.add_ignored_patterns([ @@ -61,6 +62,7 @@ def _session_scope(env): re.compile(r'.*problem\[urn:org:apache:httpd:log:AH\d+:].*'), re.compile(r'.*Unsuccessful in contacting ACME server at :*'), re.compile(r'.*test-md-720-002-\S+.org: dns-01 setup command failed .*'), + re.compile(r'.*AH\d*: unable to obtain global registry lock, .*'), ]) if env.lacks_ocsp(): env.httpd_error_log.add_ignored_patterns([ diff --git a/test/modules/md/test_820_locks.py b/test/modules/md/test_820_locks.py new file mode 100644 index 0000000000..f7dde6a1cc --- /dev/null +++ b/test/modules/md/test_820_locks.py @@ -0,0 +1,72 @@ +import os + +import pytest +from filelock import Timeout, FileLock + +from .md_cert_util import MDCertUtil +from .md_conf import MDConf +from .md_env import MDTestEnv + + +@pytest.mark.skipif(condition=not MDTestEnv.has_acme_server(), + reason="no ACME test server configured") +class TestLocks: + + @pytest.fixture(autouse=True, scope='class') + def _class_scope(self, env, acme): + env.APACHE_CONF_SRC = "data/test_auto" + acme.start(config='default') + env.check_acme() + env.clear_store() + + @pytest.fixture(autouse=True, scope='function') + def _method_scope(self, env, request): + env.clear_store() + self.test_domain = env.get_request_domain(request) + + def configure_httpd(self, env, domains, add_lines=""): + conf = MDConf(env) + conf.add(add_lines) + conf.add_md(domains) + conf.add_vhost(domains) + conf.install() + + # normal renewal with store locks activated + def test_md_820_001(self, env): + domain = self.test_domain + self.configure_httpd(env, [domain], add_lines=[ + "MDStoreLocks 1s" + ]) + assert env.apache_restart() == 0 + assert env.await_completion([domain]) + + # renewal, with global lock held during restert + def test_md_820_002(self, env): + domain = self.test_domain + self.configure_httpd(env, [domain], add_lines=[ + "MDStoreLocks 1s" + ]) + assert env.apache_restart() == 0 + assert env.await_completion([domain]) + # we have a cert now, add a dns name to force renewal + certa = MDCertUtil(env.store_domain_file(domain, 'pubcert.pem')) + self.configure_httpd(env, [domain, f"x.{domain}"], add_lines=[ + "MDStoreLocks 1s" + ]) + assert env.apache_restart() == 0 + # await new cert, but do not restart, keeps the cert in staging + assert env.await_completion([domain], restart=False) + # obtain global lock and restart + lockfile = os.path.join(env.store_dir, "store.lock") + with FileLock(lockfile): + assert env.apache_restart() == 0 + # lock should have prevented staging from being activated, + # meaning we will have the same cert + certb = MDCertUtil(env.store_domain_file(domain, 'pubcert.pem')) + assert certa.same_serial_as(certb) + # now restart without lock + assert env.apache_restart() == 0 + certc = MDCertUtil(env.store_domain_file(domain, 'pubcert.pem')) + assert not certa.same_serial_as(certc) + + |