* Some notifications cleanups:

- notifications about errors no longer change the status of the ongoing renewal. - notifications about a successful renewal are re-attempted on failure, just like other failures cause a retry with a backing-off delay. - warnings about expiring certificates are only sent, if there is no renewal already done (but maybe not activated yet) for a domain - failure to notify about expiring certficates also cause retry and are cleared when/if finally successful.
icing · Oct 1, 2019 · 9de38a2 · 9de38a2
1 parent 03f0807
commit 9de38a2
Show file tree

Hide file tree

Showing 7 changed files with 43 additions and 15 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,14 @@
+v2.1.8
+----------------------------------------------------------------------------------------------------
+ * Some notifications cleanups:
+   - notifications about errors no longer change the status of the ongoing renewal.
+   - notifications about a successful renewal are re-attempted on failure, just like
+     other failures cause a retry with a backing-off delay.
+   - warnings about expiring certificates are only sent, if there is no renewal
+     already done (but maybe not activated yet) for a domain
+   - failure to notify about expiring certficates also cause retry and are cleared
+     when/if finally successful.
+
 v2.1.7
 ----------------------------------------------------------------------------------------------------
  * Changed server-status section headings to make more clear what is listed there.

diff --git a/configure.ac b/configure.ac
@@ -14,7 +14,7 @@
 #
 
 AC_PREREQ([2.69])
-AC_INIT([mod_md], [2.1.7], [[email protected]])
+AC_INIT([mod_md], [2.1.8], [[email protected]])
 
 LT_PREREQ([2.2.6])
 LT_INIT()

diff --git a/src/md_ocsp.c b/src/md_ocsp.c
@@ -740,7 +740,7 @@ static apr_status_t ostat_on_req_status(const md_http_request_t *req, apr_status
         md_result_log(update->result, MD_LOG_DEBUG);
         md_job_log_append(update->job, "ocsp-error", 
                           update->result->problem, update->result->detail);
-        md_job_notify(update->job, "ocsp-errored", update->result);
+        md_job_holler(update->job, "ocsp-errored");
         goto leave;
     }
     md_job_notify(update->job, "ocsp-renewed", update->result);

diff --git a/src/md_status.c b/src/md_status.c
@@ -235,6 +235,7 @@ static void md_job_from_json(md_job_t *job, md_json_t *json, apr_pool_t *p)
     /* not good, this is malloced from a temp pool */
     /*job->mdomain = md_json_gets(json, MD_KEY_NAME, NULL);*/
     job->finished = md_json_getb(json, MD_KEY_FINISHED, NULL);
+    job->notified = md_json_getb(json, MD_KEY_NOTIFIED, NULL);
     s = md_json_dups(p, json, MD_KEY_NEXT_RUN, NULL);
     if (s && *s) job->next_run = apr_date_parse_rfc(s);
     s = md_json_dups(p, json, MD_KEY_LAST_RUN, NULL);
@@ -255,6 +256,7 @@ static void job_to_json(md_json_t *json, const md_job_t *job,
 
     md_json_sets(job->mdomain, json, MD_KEY_NAME, NULL);
     md_json_setb(job->finished, json, MD_KEY_FINISHED, NULL);
+    md_json_setb(job->notified, json, MD_KEY_NOTIFIED, NULL);
     if (job->next_run > 0) {
         apr_rfc822_date(ts, job->next_run);
         md_json_sets(ts, json, MD_KEY_NEXT_RUN, NULL);
@@ -515,7 +517,26 @@ void md_job_retry_at(md_job_t *job, apr_time_t later)
 apr_status_t md_job_notify(md_job_t *job, const char *reason, md_result_t *result)
 {
     if (job->notify) return job->notify(job, reason, result, job->p, job->notify_ctx);
-    return APR_SUCCESS;
+    job->dirty = 1;
+    if (APR_SUCCESS == result->status) {
+        job->notified = 1;
+        job->error_runs = 0;
+    }
+    else {
+        ++job->error_runs;
+        job->next_run = apr_time_now() + md_job_delay_on_errors(job->error_runs);
+    }
+    return result->status;
+}
+
+void md_job_holler(md_job_t *job, const char *reason)
+{
+    md_result_t *result;
+
+    if (job->notify) {
+        result = md_result_make(job->p, APR_SUCCESS);
+        job->notify(job, reason, result, job->p, job->notify_ctx);
+    }
 }
 
 void md_job_set_notify_cb(md_job_t *job, md_job_notify_cb *cb, void *baton)

diff --git a/src/md_status.h b/src/md_status.h
@@ -58,6 +58,7 @@ struct md_job_t {
     apr_time_t last_run;   /* Time this job ran last (or 0) */
     struct md_result_t *last_result; /* Result from last run */
     int finished;          /* true iff the job finished successfully */
+    int notified;          /* true iff notifications were handled successfully */
     apr_time_t valid_from; /* at which time the finished job results become valid, 0 if immediate */
     int error_runs;        /* Number of errored runs of an unfinished job */
     int fatal_error;       /* a fatal error is remedied by retrying */
@@ -119,5 +120,7 @@ apr_time_t md_job_delay_on_errors(int err_count);
 
 void md_job_set_notify_cb(md_job_t *job, md_job_notify_cb *cb, void *baton);
 apr_status_t md_job_notify(md_job_t *job, const char *reason, struct md_result_t *result);
+/* Same as notify but without checks on success and no change to job */
+void md_job_holler(md_job_t *job, const char *reason);
 
 #endif /* md_status_h */
diff --git a/src/md_version.h b/src/md_version.h
@@ -27,15 +27,15 @@
  * @macro
  * Version number of the md module as c string
  */
-#define MOD_MD_VERSION "2.1.7-git"
+#define MOD_MD_VERSION "2.1.8-git"
 
 /**
  * @macro
  * Numerical representation of the version number of the md module
  * release. This is a 24 bit number with 8 bits for major number, 8 bits
  * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
  */
-#define MOD_MD_VERSION_NUM 0x020107
+#define MOD_MD_VERSION_NUM 0x020108
 
 #define MD_ACME_DEF_URL    "https://acme-v02.api.letsencrypt.org/directory"
 

diff --git a/src/mod_md_drive.c b/src/mod_md_drive.c
@@ -79,7 +79,7 @@ static void process_drive_job(md_renew_ctx_t *dctx, md_job_t *job, apr_pool_t *p
     if (apr_time_now() < job->next_run) return;
 
     job->next_run = 0;
-    if (job->finished && (md_job_log_get_time_of_latest(job, "message-renewed") != 0)) {
+    if (job->finished && job->notified) {
         /* finished and notification handled, nothing to do. */
         goto leave;
     }
@@ -125,20 +125,13 @@ static void process_drive_job(md_renew_ctx_t *dctx, md_job_t *job, apr_pool_t *p
                 goto leave;
             }
 
-            if (md_job_log_get_time_of_latest(job, "message-renewed") == 0) {
-                md_job_notify(job, "renewed", result);
-                if (APR_SUCCESS != result->status) {
-                    /* we treat this as an error that triggers retries */
-                    md_job_end_run(job, result);
-                    goto leave;
-                }
-            }
+            if (!job->notified) md_job_notify(job, "renewed", result);
         }
         else {
             ap_log_error( APLOG_MARK, APLOG_ERR, result->status, dctx->s, APLOGNO(10056) 
                          "processing %s: %s", job->mdomain, result->detail);
             md_job_log_append(job, "renewal-error", result->problem, result->detail);
-            md_job_notify(job, "errored", result);
+            md_job_holler(job, "errored");
             ap_log_error(APLOG_MARK, APLOG_INFO, 0, dctx->s, APLOGNO(10057) 
                          "%s: encountered error for the %d. time, next run in %s",
                          job->mdomain, job->error_runs,