|
|
2737e7 |
From 3bf0ee3a4128dc538183ee8e45bc22a3966cfd4b Mon Sep 17 00:00:00 2001
|
|
|
2737e7 |
From: Christian Heimes <cheimes@redhat.com>
|
|
|
2737e7 |
Date: Fri, 22 Jun 2018 10:00:24 +0200
|
|
|
2737e7 |
Subject: [PATCH] Use common replication wait timeout of 5min
|
|
|
2737e7 |
|
|
|
2737e7 |
Instead of multiple timeout values all over the code base, all
|
|
|
2737e7 |
replication waits now use a common timeout value from api.env of 5
|
|
|
2737e7 |
minutes. Waiting for HTTP/replica principal takes 90 to 120 seconds, so
|
|
|
2737e7 |
5 minutes seem like a sufficient value for slow setups.
|
|
|
2737e7 |
|
|
|
2737e7 |
Fixes: https://pagure.io/freeipa/issue/7595
|
|
|
2737e7 |
Signed-off-by: Christian Heimes <cheimes@redhat.com>
|
|
|
2737e7 |
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
|
|
|
2737e7 |
---
|
|
|
2737e7 |
ipalib/constants.py | 2 ++
|
|
|
2737e7 |
ipaserver/install/custodiainstance.py | 4 +++-
|
|
|
2737e7 |
ipaserver/install/httpinstance.py | 6 +++++-
|
|
|
2737e7 |
ipaserver/install/krbinstance.py | 13 ++++++++-----
|
|
|
2737e7 |
ipaserver/install/replication.py | 6 ++++--
|
|
|
2737e7 |
5 files changed, 22 insertions(+), 9 deletions(-)
|
|
|
2737e7 |
|
|
|
2737e7 |
diff --git a/ipalib/constants.py b/ipalib/constants.py
|
|
|
2737e7 |
index ab466bab7fc17a563a849e2cd9bb89515caff77b..b6a79ce716b3ee0f832390f5bc895c3bb9d37e33 100644
|
|
|
2737e7 |
--- a/ipalib/constants.py
|
|
|
2737e7 |
+++ b/ipalib/constants.py
|
|
|
2737e7 |
@@ -142,6 +142,8 @@ DEFAULT_CONFIG = (
|
|
|
2737e7 |
('startup_timeout', 300),
|
|
|
2737e7 |
# How long http connection should wait for reply [seconds].
|
|
|
2737e7 |
('http_timeout', 30),
|
|
|
2737e7 |
+ # How long to wait for an entry to appear on a replica
|
|
|
2737e7 |
+ ('replication_wait_timeout', 300),
|
|
|
2737e7 |
|
|
|
2737e7 |
# Web Application mount points
|
|
|
2737e7 |
('mount_ipa', '/ipa/'),
|
|
|
2737e7 |
diff --git a/ipaserver/install/custodiainstance.py b/ipaserver/install/custodiainstance.py
|
|
|
2737e7 |
index ada8d03a6914e19c186264f68178cce2442945ca..b37032974e4825a3f3043929171533e4d94730e9 100644
|
|
|
2737e7 |
--- a/ipaserver/install/custodiainstance.py
|
|
|
2737e7 |
+++ b/ipaserver/install/custodiainstance.py
|
|
|
2737e7 |
@@ -4,6 +4,7 @@ from __future__ import print_function, absolute_import
|
|
|
2737e7 |
|
|
|
2737e7 |
import enum
|
|
|
2737e7 |
|
|
|
2737e7 |
+from ipalib import api
|
|
|
2737e7 |
from ipaserver.secrets.kem import IPAKEMKeys, KEMLdap
|
|
|
2737e7 |
from ipaserver.secrets.client import CustodiaClient
|
|
|
2737e7 |
from ipaplatform.paths import paths
|
|
|
2737e7 |
@@ -190,7 +191,8 @@ class CustodiaInstance(SimpleServiceInstance):
|
|
|
2737e7 |
cli = self._get_custodia_client()
|
|
|
2737e7 |
cli.fetch_key('dm/DMHash')
|
|
|
2737e7 |
|
|
|
2737e7 |
- def _wait_keys(self, timeout=300):
|
|
|
2737e7 |
+ def _wait_keys(self):
|
|
|
2737e7 |
+ timeout = api.env.replication_wait_timeout
|
|
|
2737e7 |
deadline = int(time.time()) + timeout
|
|
|
2737e7 |
root_logger.info("Waiting up to %s seconds to see our keys "
|
|
|
2737e7 |
"appear on host %s", timeout, self.ldap_uri)
|
|
|
2737e7 |
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
|
|
|
2737e7 |
index 434c2549dd868554735f4bcedc4cdceb23eeccdd..e68bfc09b34e087dfb4872b6565b06c6c2188384 100644
|
|
|
2737e7 |
--- a/ipaserver/install/httpinstance.py
|
|
|
2737e7 |
+++ b/ipaserver/install/httpinstance.py
|
|
|
2737e7 |
@@ -617,4 +617,8 @@ class HTTPInstance(service.Service):
|
|
|
2737e7 |
else:
|
|
|
2737e7 |
remote_ldap.simple_bind(ipaldap.DIRMAN_DN,
|
|
|
2737e7 |
self.dm_password)
|
|
|
2737e7 |
- replication.wait_for_entry(remote_ldap, service_dn, timeout=60)
|
|
|
2737e7 |
+ replication.wait_for_entry(
|
|
|
2737e7 |
+ remote_ldap,
|
|
|
2737e7 |
+ service_dn,
|
|
|
2737e7 |
+ timeout=api.env.replication_wait_timeout
|
|
|
2737e7 |
+ )
|
|
|
2737e7 |
diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py
|
|
|
2737e7 |
index 34fe46aa8ef297bf69eb74953c956ad9c3d30def..5971a30fc566f6e96ce0b08632772d33da5602d2 100644
|
|
|
2737e7 |
--- a/ipaserver/install/krbinstance.py
|
|
|
2737e7 |
+++ b/ipaserver/install/krbinstance.py
|
|
|
2737e7 |
@@ -390,13 +390,16 @@ class KrbInstance(service.Service):
|
|
|
2737e7 |
def _wait_for_replica_kdc_entry(self):
|
|
|
2737e7 |
master_dn = self.api.Object.server.get_dn(self.fqdn)
|
|
|
2737e7 |
kdc_dn = DN(('cn', 'KDC'), master_dn)
|
|
|
2737e7 |
-
|
|
|
2737e7 |
- ldap_uri = 'ldap://{}'.format(self.master_fqdn)
|
|
|
2737e7 |
-
|
|
|
2737e7 |
+ ldap_uri = ipaldap.get_ldap_uri(self.master_fqdn)
|
|
|
2737e7 |
with ipaldap.LDAPClient(
|
|
|
2737e7 |
- ldap_uri, cacert=paths.IPA_CA_CRT) as remote_ldap:
|
|
|
2737e7 |
+ ldap_uri, cacert=paths.IPA_CA_CRT, start_tls=True
|
|
|
2737e7 |
+ ) as remote_ldap:
|
|
|
2737e7 |
remote_ldap.gssapi_bind()
|
|
|
2737e7 |
- replication.wait_for_entry(remote_ldap, kdc_dn, timeout=60)
|
|
|
2737e7 |
+ replication.wait_for_entry(
|
|
|
2737e7 |
+ remote_ldap,
|
|
|
2737e7 |
+ kdc_dn,
|
|
|
2737e7 |
+ timeout=api.env.replication_wait_timeout
|
|
|
2737e7 |
+ )
|
|
|
2737e7 |
|
|
|
2737e7 |
def _call_certmonger(self, certmonger_ca='IPA'):
|
|
|
2737e7 |
subject = str(DN(('cn', self.fqdn), self.subject_base))
|
|
|
2737e7 |
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
|
|
|
2737e7 |
index 5a491f248236c8d2166484d0db2acccb28ccf178..c017764468674830670a817b3d815c5e2d78728e 100644
|
|
|
2737e7 |
--- a/ipaserver/install/replication.py
|
|
|
2737e7 |
+++ b/ipaserver/install/replication.py
|
|
|
2737e7 |
@@ -172,7 +172,7 @@ def wait_for_task(conn, dn):
|
|
|
2737e7 |
return exit_code
|
|
|
2737e7 |
|
|
|
2737e7 |
|
|
|
2737e7 |
-def wait_for_entry(connection, dn, timeout=7200, attr=None, attrvalue='*',
|
|
|
2737e7 |
+def wait_for_entry(connection, dn, timeout, attr=None, attrvalue='*',
|
|
|
2737e7 |
quiet=True):
|
|
|
2737e7 |
"""Wait for entry and/or attr to show up
|
|
|
2737e7 |
"""
|
|
|
2737e7 |
@@ -799,7 +799,9 @@ class ReplicationManager(object):
|
|
|
2737e7 |
# that we will have to set the memberof fixup task
|
|
|
2737e7 |
self.need_memberof_fixup = True
|
|
|
2737e7 |
|
|
|
2737e7 |
- wait_for_entry(a_conn, entry.dn)
|
|
|
2737e7 |
+ wait_for_entry(
|
|
|
2737e7 |
+ a_conn, entry.dn, timeout=api.env.replication_wait_timeout
|
|
|
2737e7 |
+ )
|
|
|
2737e7 |
|
|
|
2737e7 |
def needs_memberof_fixup(self):
|
|
|
2737e7 |
return self.need_memberof_fixup
|
|
|
2737e7 |
--
|
|
|
2737e7 |
2.17.1
|
|
|
2737e7 |
|