From 1b966f708aa33c07f68fc30daaf6e4800a6b4a53 Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Jun 22 2018 11:01:55 +0000 Subject: Use common replication wait timeout of 5min Instead of multiple timeout values all over the code base, all replication waits now use a common timeout value from api.env of 5 minutes. Waiting for HTTP/replica principal takes 90 to 120 seconds, so 5 minutes seem like a sufficient value for slow setups. Fixes: https://pagure.io/freeipa/issue/7595 Signed-off-by: Christian Heimes Reviewed-By: Fraser Tweedale --- diff --git a/ipalib/constants.py b/ipalib/constants.py index 17d03a5..2dc0438 100644 --- a/ipalib/constants.py +++ b/ipalib/constants.py @@ -149,6 +149,8 @@ DEFAULT_CONFIG = ( ('startup_timeout', 300), # How long http connection should wait for reply [seconds]. ('http_timeout', 30), + # How long to wait for an entry to appear on a replica + ('replication_wait_timeout', 300), # Web Application mount points ('mount_ipa', '/ipa/'), diff --git a/ipaserver/install/custodiainstance.py b/ipaserver/install/custodiainstance.py index 0b63312..12d97b8 100644 --- a/ipaserver/install/custodiainstance.py +++ b/ipaserver/install/custodiainstance.py @@ -5,6 +5,7 @@ from __future__ import print_function, absolute_import import enum import logging +from ipalib import api from ipaserver.secrets.kem import IPAKEMKeys, KEMLdap from ipaserver.secrets.client import CustodiaClient from ipaplatform.paths import paths @@ -212,7 +213,8 @@ class CustodiaInstance(SimpleServiceInstance): cli = self._get_custodia_client() cli.fetch_key('dm/DMHash') - def _wait_keys(self, timeout=300): + def _wait_keys(self): + timeout = api.env.replication_wait_timeout deadline = int(time.time()) + timeout logger.info("Waiting up to %s seconds to see our keys " "appear on host %s", timeout, self.ldap_uri) diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py index d91fb4c..9b6dc7b 100644 --- a/ipaserver/install/httpinstance.py +++ b/ipaserver/install/httpinstance.py @@ -607,7 +607,11 @@ class HTTPInstance(service.Service): else: remote_ldap.simple_bind(ipaldap.DIRMAN_DN, self.dm_password) - replication.wait_for_entry(remote_ldap, service_dn, timeout=60) + replication.wait_for_entry( + remote_ldap, + service_dn, + timeout=api.env.replication_wait_timeout + ) def migrate_to_mod_ssl(self): """For upgrades only, migrate from mod_nss to mod_ssl""" diff --git a/ipaserver/install/krbinstance.py b/ipaserver/install/krbinstance.py index 6ba05b2..330d43e 100644 --- a/ipaserver/install/krbinstance.py +++ b/ipaserver/install/krbinstance.py @@ -408,13 +408,16 @@ class KrbInstance(service.Service): def _wait_for_replica_kdc_entry(self): master_dn = self.api.Object.server.get_dn(self.fqdn) kdc_dn = DN(('cn', 'KDC'), master_dn) - - ldap_uri = 'ldap://{}'.format(self.master_fqdn) - + ldap_uri = ipaldap.get_ldap_uri(self.master_fqdn) with ipaldap.LDAPClient( - ldap_uri, cacert=paths.IPA_CA_CRT) as remote_ldap: + ldap_uri, cacert=paths.IPA_CA_CRT, start_tls=True + ) as remote_ldap: remote_ldap.gssapi_bind() - replication.wait_for_entry(remote_ldap, kdc_dn, timeout=60) + replication.wait_for_entry( + remote_ldap, + kdc_dn, + timeout=api.env.replication_wait_timeout + ) def _call_certmonger(self, certmonger_ca='IPA'): subject = str(DN(('cn', self.fqdn), self.subject_base)) diff --git a/ipaserver/install/replication.py b/ipaserver/install/replication.py index 6d9878e..5ce8fa6 100644 --- a/ipaserver/install/replication.py +++ b/ipaserver/install/replication.py @@ -161,7 +161,7 @@ def wait_for_task(conn, dn): return exit_code -def wait_for_entry(connection, dn, timeout=7200, attr=None, attrvalue='*', +def wait_for_entry(connection, dn, timeout, attr=None, attrvalue='*', quiet=True): """Wait for entry and/or attr to show up """ @@ -751,7 +751,9 @@ class ReplicationManager(object): # that we will have to set the memberof fixup task self.need_memberof_fixup = True - wait_for_entry(a_conn, entry.dn) + wait_for_entry( + a_conn, entry.dn, timeout=api.env.replication_wait_timeout + ) def needs_memberof_fixup(self): return self.need_memberof_fixup