Configuration override from lemonldap-ng.ini can be lost due to cache issues
Affected version
Version: 2.18.2
Summary
This bug is easier to reproduce with a separate handler and portal, but happens with all configurations
- Configure a remote handler with globalStorage=REST
- Access the handler a few times => overrides are applied
- Save a new configuration on the portal, without triggering a configuration reload (reloadUrls) on the remote handler
- On the remote handler, wait for configuration cache to expire
- On the remote handler, run purgeCentralCache/purgeLocalCache (! AS WWW-DATA/APACHE! )
- Access the remote handler again => globalStorage is lost
Logs
Before cache expiration:
[debug] Check configuration for Lemonldap::NG::Handler::Server::Main
[debug] Get configuration from cache without verification.
cache content:
globalStorage='Lemonldap::NG::Common::Apache::Session::REST'
Cache contains conf from DB + INI overrides
Publish a new version, wait for cache to expire, run purgeCentralCache (as www-data)
cache content:
globalStorage='Apache::Session::File'
Cache contains conf from DB without overrides
Try to access the handler
[debug] Check configuration for Lemonldap::NG::Handler::Server::Main
[debug] Get configuration from cache without verification.
[debug] Get configuration 448 aged 1709392350
[info] Loading configuration 448 for process 77060
Configuration is loaded from (incorrect) cache, new version is found, and Handler is reloaded from this new version that doesn't have INI overrides
Later:
[info] Session cannot be tied: unexistant session xxx at /usr/share/perl5/Apache/Session/Store/File.pm
Possible fixes
This is a subtle bug but I have hit many different versions of it over the years:
- checkTime being reset from 1 to default of 600
- globalStorage being randomly lost on remote handler
- etc
This bug comes from the fact that Common::Conf stores INI overrides in the config cache. IMO this is a bad idea. The cache, which is shared by all LLNG processes on the machine, should only contain DB conf, and overrides should be applied on top of it.
This behavior also means that it's also impossible to have a config override be different for two components, such as:
[portal]
globalStorage=Apache::Session::File
[handler]
globalStorage=Lemonldap::NG::Common::Apache::Session::REST