From b0a40530e2203ad0ebe7183245392cf2eb3ccd37 Mon Sep 17 00:00:00 2001 From: Jacob Hoffman-Andrews Date: Tue, 7 Jan 2025 11:21:01 -0800 Subject: [PATCH] doc: add detail on ShutdownStopTimeout Also move the ShutdownStopTimeout stanza next to timeout, and make the comment the same across the multiple components. In the future we may want to factor out some of the common config fields into a struct that can be embedded. --- cmd/boulder-wfe2/main.go | 9 ++++++--- cmd/ocsp-responder/main.go | 11 +++++++---- cmd/sfe/main.go | 7 ++++--- 3 files changed, 17 insertions(+), 10 deletions(-) diff --git a/cmd/boulder-wfe2/main.go b/cmd/boulder-wfe2/main.go index 2ad988180fc..625026cfecb 100644 --- a/cmd/boulder-wfe2/main.go +++ b/cmd/boulder-wfe2/main.go @@ -42,16 +42,19 @@ type Config struct { TLSListenAddress string `validate:"omitempty,hostname_port"` // Timeout is the per-request overall timeout. This should be slightly - // lower than the upstream's timeout when making requests to the WFE. + // lower than the upstream's timeout when making requests to this service. Timeout config.Duration `validate:"-"` + // ShutdownStopTimeout determines the maximum amount of time to wait + // for extant request handlers to complete before exiting. It should be + // greater than Timeout. + ShutdownStopTimeout config.Duration + ServerCertificatePath string `validate:"required_with=TLSListenAddress"` ServerKeyPath string `validate:"required_with=TLSListenAddress"` AllowOrigins []string - ShutdownStopTimeout config.Duration - SubscriberAgreementURL string TLS cmd.TLSConfig diff --git a/cmd/ocsp-responder/main.go b/cmd/ocsp-responder/main.go index 4c14ead1e39..ec03eb05fc9 100644 --- a/cmd/ocsp-responder/main.go +++ b/cmd/ocsp-responder/main.go @@ -51,10 +51,15 @@ type Config struct { // OCSP requests. This has a default value of ":80". ListenAddress string `validate:"omitempty,hostname_port"` - // When to timeout a request. This should be slightly lower than the - // upstream's timeout when making request to ocsp-responder. + // Timeout is the per-request overall timeout. This should be slightly + // lower than the upstream's timeout when making requests to this service. Timeout config.Duration `validate:"-"` + // ShutdownStopTimeout determines the maximum amount of time to wait + // for extant request handlers to complete before exiting. It should be + // greater than Timeout. + ShutdownStopTimeout config.Duration + // How often a response should be signed when using Redis/live-signing // path. This has a default value of 60h. LiveSigningPeriod config.Duration `validate:"-"` @@ -80,8 +85,6 @@ type Config struct { // 40 * 5 / 0.02 = 10,000 requests before the oldest request times out. MaxSigningWaiters int `validate:"min=0"` - ShutdownStopTimeout config.Duration - RequiredSerialPrefixes []string `validate:"omitempty,dive,hexadecimal"` Features features.Config diff --git a/cmd/sfe/main.go b/cmd/sfe/main.go index ebd06cac061..aeb8e8b9d22 100644 --- a/cmd/sfe/main.go +++ b/cmd/sfe/main.go @@ -25,11 +25,12 @@ type Config struct { ListenAddress string `validate:"omitempty,hostname_port"` // Timeout is the per-request overall timeout. This should be slightly - // lower than the upstream's timeout when making requests to the SFE. + // lower than the upstream's timeout when making requests to this service. Timeout config.Duration `validate:"-"` - // ShutdownStopTimeout is the duration that the SFE will wait before - // shutting down any listening servers. + // ShutdownStopTimeout determines the maximum amount of time to wait + // for extant request handlers to complete before exiting. It should be + // greater than Timeout. ShutdownStopTimeout config.Duration TLS cmd.TLSConfig