IPA: Delay the first periodic refresh of trusted domains
When the IPA subdomains code is initialized, the responders send a request
to fetch subdomains. This request first stores the list of trusted domains
to the cache and then runs the ipa-getkeytab helper.
At the same time, the periodical task to update the subdomains is also
started. The task founds out that all the trusted domains are already known
and finishes the request, which replies to the Data Provider requests as
well even while the ipa-getkeytab request is still running.
This unblocks requests from the responders, which try to connect to the AD
DCs even before the keytab is available, which switches the SSSD status to
offline.
This patch simply delays the first periodic task in the IPA subdomains code
by 10 minutes, thus mitigating the startup race.
Resolves:
https://pagure.io/SSSD/sssd/issue/3601
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Michal Židek <mzidek@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>