pgreco / rpms / ipa

Forked from forks/areguera/rpms/ipa 4 years ago
Clone
Source Code
GIT

Blame SOURCES/0045-Add-nsds5ReplicaReleaseTimeout-to-replica-config.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client
  1.   7c07bd2affc6cb25e8c3a96656b00eb0c6536a73
  2.   SOURCES
  3.   0045-Add-nsds5ReplicaReleaseTimeout-to-replica-config.patch
Blob History Raw
2f4199 
From 7076fd22e744fd51dbcc0c4e4a4089884a3dae48 Mon Sep 17 00:00:00 2001
2f4199 
From: Christian Heimes <cheimes@redhat.com>
2f4199 
Date: Wed, 11 Apr 2018 13:34:41 +0200
2f4199 
Subject: [PATCH] Add nsds5ReplicaReleaseTimeout to replica config
2f4199
2f4199 
The nsds5ReplicaReleaseTimeout setting prevents the monopolization of
2f4199 
replicas during initial or busy master-master replication. 389-DS
2f4199 
documentation suggets a timeout of 60 seconds to improve convergence of
2f4199 
replicas.
2f4199
2f4199 
See: http://directory.fedoraproject.org/docs/389ds/design/repl-conv-design.html
2f4199 
Fixes: https://pagure.io/freeipa/issue/7488
2f4199 
Signed-off-by: Christian Heimes <cheimes@redhat.com>
2f4199 
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2f4199 
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
2f4199 
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2f4199 
---
2f4199 
 ipaserver/install/replication.py    | 21 ++++++++++++++++-----
2f4199 
 ipaserver/install/server/upgrade.py | 17 +++++++++++++++++
2f4199 
 2 files changed, 33 insertions(+), 5 deletions(-)
2f4199
2f4199 
diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py
2f4199 
index 3cd871e5df44398fd994504a3807a5648af5e048..e0055b792ce5b51fd411a7ea1f4316bb017984ba 100644
2f4199 
--- a/ipaserver/install/replication.py
2f4199 
+++ b/ipaserver/install/replication.py
2f4199 
@@ -468,20 +468,30 @@ class ReplicationManager(object):
2f4199
2f4199 
         try:
2f4199 
             entry = conn.get_entry(dn)
2f4199 
+        except errors.NotFound:
2f4199 
+            pass
2f4199 
+        else:
2f4199 
             managers = {DN(m) for m in entry.get('nsDS5ReplicaBindDN', [])}
2f4199
2f4199 
+            mods = []
2f4199 
             if replica_binddn not in managers:
2f4199 
                 # Add the new replication manager
2f4199 
-                mod = [(ldap.MOD_ADD, 'nsDS5ReplicaBindDN',
2f4199 
-                        replica_binddn)]
2f4199 
-                conn.modify_s(dn, mod)
2f4199 
+                mods.append(
2f4199 
+                    (ldap.MOD_ADD, 'nsDS5ReplicaBindDN', replica_binddn)
2f4199 
+                )
2f4199 
+            if 'nsds5replicareleasetimeout' not in entry:
2f4199 
+                # See https://pagure.io/freeipa/issue/7488
2f4199 
+                mods.append(
2f4199 
+                    (ldap.MOD_ADD, 'nsds5replicareleasetimeout', ['60'])
2f4199 
+                )
2f4199 
+
2f4199 
+            if mods:
2f4199 
+                conn.modify_s(dn, mods)
2f4199
2f4199 
             self.set_replica_binddngroup(conn, entry)
2f4199
2f4199 
             # replication is already configured
2f4199 
             return
2f4199 
-        except errors.NotFound:
2f4199 
-            pass
2f4199
2f4199 
         replica_type = self.get_replica_type()
2f4199
2f4199 
@@ -496,6 +506,7 @@ class ReplicationManager(object):
2f4199 
             nsds5replicabinddn=[replica_binddn],
2f4199 
             nsds5replicabinddngroup=[self.repl_man_group_dn],
2f4199 
             nsds5replicabinddngroupcheckinterval=["60"],
2f4199 
+            nsds5replicareleasetimeout=["60"],
2f4199 
             nsds5replicalegacyconsumer=["off"],
2f4199 
         )
2f4199 
         conn.add_entry(entry)
2f4199 
diff --git a/ipaserver/install/server/upgrade.py b/ipaserver/install/server/upgrade.py
2f4199 
index 62665d56ca0fb2c632f8ba135f8b6191a18b6aa1..62a75510ad331923f468c28908ea407789ec380c 100644
2f4199 
--- a/ipaserver/install/server/upgrade.py
2f4199 
+++ b/ipaserver/install/server/upgrade.py
2f4199 
@@ -1565,6 +1565,19 @@ def disable_httpd_system_trust(http):
2f4199 
             db.add_cert(cert, nickname, trust_flags)
2f4199
2f4199
2f4199 
+def update_replica_config(db_suffix):
2f4199 
+    dn = DN(
2f4199 
+        ('cn', 'replica'), ('cn', db_suffix), ('cn', 'mapping tree'),
2f4199 
+        ('cn', 'config')
2f4199 
+    )
2f4199 
+    entry = api.Backend.ldap2.get_entry(dn)
2f4199 
+    if 'nsds5replicareleasetimeout' not in entry:
2f4199 
+        # See https://pagure.io/freeipa/issue/7488
2f4199 
+        root_logger.info("Adding nsds5replicaReleaseTimeout=60 to %s", dn)
2f4199 
+        entry['nsds5replicareleasetimeout'] = '60'
2f4199 
+        api.Backend.ldap2.update_entry(entry)
2f4199 
+
2f4199 
+
2f4199 
 def upgrade_configuration():
2f4199 
     """
2f4199 
     Execute configuration upgrade of the IPA services
2f4199 
@@ -1681,6 +1694,10 @@ def upgrade_configuration():
2f4199
2f4199 
     ds.configure_dirsrv_ccache()
2f4199
2f4199 
+    update_replica_config(ipautil.realm_to_suffix(api.env.realm))
2f4199 
+    if ca.is_configured():
2f4199 
+        update_replica_config(DN(('o', 'ipaca')))
2f4199 
+
2f4199 
     ntpinstance.ntp_ldap_enable(api.env.host, api.env.basedn, api.env.realm)
2f4199
2f4199 
     ds.stop(ds_serverid)
2f4199 
--
2f4199 
2.14.3
2f4199

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation