Better locking

This commit is contained in:
Alex 2021-12-07 18:40:20 +01:00
parent 9119c2f45c
commit e8b789f5e0
No known key found for this signature in database
GPG key ID: EDABF9711E244EB1

View file

@ -87,6 +87,9 @@ impl CertStore {
info!("Renewing certificate for {}", domain);
// ---- Acquire lock ----
// the lock is acquired for fifteen minutes,
// so that in case of an error we won't retry before
// that delay expires
let lock_path = format!("renew_lock/{}", domain);
let lock_name = format!("tricot/renew:{}@{}", domain, self.consul.local_node.clone());
@ -94,12 +97,14 @@ impl CertStore {
.consul
.create_session(&ConsulSessionRequest {
name: lock_name.clone(),
node: Some(self.consul.local_node.clone()),
lock_delay: Some("30s".into()),
ttl: Some("1m".into()),
node: None,
lock_delay: Some("15m".into()),
ttl: Some("30m".into()),
behavior: Some("delete".into()),
})
.await?;
debug!("Lock session: {}", session);
if !self
.consul
.acquire(&lock_path, lock_name.clone().into(), &session)
@ -141,7 +146,7 @@ impl CertStore {
let chall = auths[0].http_challenge().unwrap();
let chall_key = format!("challenge/{}", chall.http_token());
self.consul
.kv_put(&chall_key, chall.http_proof()?.into())
.acquire(&chall_key, chall.http_proof()?.into(), &session)
.await?;
info!("Validating challenge");