From 08d27e373976f82e054d17a76b8653221c56225c Mon Sep 17 00:00:00 2001

From: Christian Heimes <cheimes@redhat.com>

Date: Fri, 22 Jun 2018 10:00:24 +0200

Subject: [PATCH] Use common replication wait timeout of 5min

Instead of multiple timeout values all over the code base, all

replication waits now use a common timeout value from api.env of 5

minutes. Waiting for HTTP/replica principal takes 90 to 120 seconds, so

5 minutes seem like a sufficient value for slow setups.

Fixes: https://pagure.io/freeipa/issue/7595

Signed-off-by: Christian Heimes <cheimes@redhat.com>

Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>

---

 ipalib/constants.py                   |  2 ++

 ipaserver/install/custodiainstance.py |  4 +++-

 ipaserver/install/httpinstance.py     |  6 +++++-

 ipaserver/install/krbinstance.py      | 13 ++++++++-----

 ipaserver/install/replication.py      |  6 ++++--

 5 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/ipalib/constants.py b/ipalib/constants.py

index 9ae6e0aaaee0577372fe458feb7660e05c7fed4d..38ed57b3cc35afe536f90b1f4245fd73ad4d3740 100644

--- a/ipalib/constants.py

+++ b/ipalib/constants.py

@@ -149,6 +149,8 @@ DEFAULT_CONFIG = (

     ('startup_timeout', 300),

     # How long http connection should wait for reply [seconds].

     ('http_timeout', 30),

+    # How long to wait for an entry to appear on a replica

+    ('replication_wait_timeout', 300),

     # Web Application mount points

     ('mount_ipa', '/ipa/'),

diff --git a/ipaserver/install/custodiainstance.py b/ipaserver/install/custodiainstance.py

index c87306d2f48367031e888613b07c1091fc1a70f4..fcfe0908426bf71243974c384b0147eb763ad32f 100644

--- a/ipaserver/install/custodiainstance.py

+++ b/ipaserver/install/custodiainstance.py

@@ -5,6 +5,7 @@ from __future__ import print_function, absolute_import

 import enum

 import logging

+from ipalib import api

 from ipaserver.secrets.kem import IPAKEMKeys, KEMLdap

 from ipaserver.secrets.client import CustodiaClient

 from ipaplatform.paths import paths

@@ -214,7 +215,8 @@ class CustodiaInstance(SimpleServiceInstance):

         cli = self._get_custodia_client()

         cli.fetch_key('dm/DMHash')

-    def _wait_keys(self, timeout=300):

+    def _wait_keys(self):

+        timeout = api.env.replication_wait_timeout

         deadline = int(time.time()) + timeout

         logger.info("Waiting up to %s seconds to see our keys "

                     "appear on host %s", timeout, self.ldap_uri)

diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py

index 3764870ee77f2ba0da18ec004664e6f66c13bba1..bdd79b1dafda7de664eed664a18bf36c541212bc 100644

--- a/ipaserver/install/httpinstance.py

+++ b/ipaserver/install/httpinstance.py

@@ -644,4 +644,8 @@ class HTTPInstance(service.Service):

                 else:

                     remote_ldap.simple_bind(ipaldap.DIRMAN_DN,

                                             self.dm_password)

-                replication.wait_for_entry(remote_ldap, service_dn, timeout=60)

+                replication.wait_for_entry(

+                    remote_ldap,

+                    service_dn,

+                    timeout=api.env.replication_wait_timeout

+                )

diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py

index 4a5a52dcc831c4edfe0cd52c44fb18bcb6adaef7..a356d5e0c1b96dc6511c335fc22a326a2133bdd8 100644

--- a/ipaserver/install/krbinstance.py

+++ b/ipaserver/install/krbinstance.py

@@ -399,13 +399,16 @@ class KrbInstance(service.Service):

     def _wait_for_replica_kdc_entry(self):

         master_dn = self.api.Object.server.get_dn(self.fqdn)

         kdc_dn = DN(('cn', 'KDC'), master_dn)

-

-        ldap_uri = 'ldap://{}'.format(self.master_fqdn)

-

+        ldap_uri = ipaldap.get_ldap_uri(self.master_fqdn)

         with ipaldap.LDAPClient(

-                ldap_uri, cacert=paths.IPA_CA_CRT) as remote_ldap:

+                ldap_uri, cacert=paths.IPA_CA_CRT, start_tls=True

+        ) as remote_ldap:

             remote_ldap.gssapi_bind()

-            replication.wait_for_entry(remote_ldap, kdc_dn, timeout=60)

+            replication.wait_for_entry(

+                remote_ldap,

+                kdc_dn,

+                timeout=api.env.replication_wait_timeout

+            )

     def _call_certmonger(self, certmonger_ca='IPA'):

         subject = str(DN(('cn', self.fqdn), self.subject_base))

diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py

index 6d9878e16faab1b88a5ab79649571de6802c8536..5ce8fa689c1a6fd3b9d4cbddbd5454d36334b729 100644

--- a/ipaserver/install/replication.py

+++ b/ipaserver/install/replication.py

@@ -161,7 +161,7 @@ def wait_for_task(conn, dn):

     return exit_code

-def wait_for_entry(connection, dn, timeout=7200, attr=None, attrvalue='*',

+def wait_for_entry(connection, dn, timeout, attr=None, attrvalue='*',

                    quiet=True):

     """Wait for entry and/or attr to show up

     """

@@ -751,7 +751,9 @@ class ReplicationManager(object):

             # that we will have to set the memberof fixup task

             self.need_memberof_fixup = True

-        wait_for_entry(a_conn, entry.dn)

+        wait_for_entry(

+            a_conn, entry.dn, timeout=api.env.replication_wait_timeout

+        )

     def needs_memberof_fixup(self):

         return self.need_memberof_fixup

-- 

2.14.4