SSSD / sssd

Clone

261a843 IPA: Delay the first periodic refresh of trusted domains

1 file Authored by jhrozek 6 years ago, Committed by lslebodn 6 years ago,
raw patch tree parent
1 file changed. 6 lines added. 1 lines removed.
src/providers/ipa/ipa_subdomains.c
file modified
+6 -1 
    IPA: Delay the first periodic refresh of trusted domains
    
    When the IPA subdomains code is initialized, the responders send a request
    to fetch subdomains. This request first stores the list of trusted domains
    to the cache and then runs the ipa-getkeytab helper.
    
    At the same time, the periodical task to update the subdomains is also
    started. The task founds out that all the trusted domains are already known
    and finishes the request, which replies to the Data Provider requests as
    well even while the ipa-getkeytab request is still running.
    
    This unblocks requests from the responders, which try to connect to the AD
    DCs even before the keytab is available, which switches the SSSD status to
    offline.
    
    This patch simply delays the first periodic task in the IPA subdomains code
    by 10 minutes, thus mitigating the startup race.
    
    Resolves:
    https://pagure.io/SSSD/sssd/issue/3601
    
    Reviewed-by: Sumit Bose <sbose@redhat.com>
    Reviewed-by: Michal Židek <mzidek@redhat.com>
    Reviewed-by: Pavel Březina <pbrezina@redhat.com>
file modified
+6 -1
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.