nonparallel will not be honored for explorers #18
Labels
No Label
bugfix
cleanup
discussion
documentation
doing
done
feature
improvement
packaging
Stale
testing
TODO
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: ungleich-public/cdist#18
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
By using the type
__letsencypt_cert
, I noticed that it generated code all times. I found this somehow suspicious because I have it different in memory. After a bit of research, I found that it generated code cause the explorercertificate-exists
returned "no" all the time. While debugging, I found error messages that Certbot can't be executed if an other instance is still running.After I checked this, I first ran it single-threaded and it doesn't generated code for the type. Then, I wanted to add the
nonparallel
file but saw it was already added. So executing it a second time with-j 4
led to the same problem again.Testing:
__letsencrypt_cert
__letsencrypt_cert
and multiple threads, which now generates code each executionTL;DR:
nonparallel
doesn't apply to explorers from different instances of the same type because the explorer says that certificates don't exist cause of an "Another instance of Certbot is already running." error. This indicates that the explorers of different object instances are executed at the same time, which don't work for Certbot.Btw. this might not be that good that the certificates will be refreshed at every execution. Maybe not in production, but by debugging the problem, I got into the rate-limiting of Let's Encrypt :-)
mentioned in issue #839
nonparallel
only applies tocode-*
. Since explorers are read-only and manifests do not touch the target system directly, I think this makes sense (unless you have to configure broken software).Ideally, each type should be able to specify which parts need which locking, but this is not currently possible.
I had the same problem in !896.
Since certbot is written in Python, the locking code could maybe be simplified by using the
fcntl
Python module.