ipa-client-install is prone for installation failures in high-load environments with unstable network or network that has some packet loss. The installation most often fails on kinit when trying to get TGT ticket for the host.
kinit
Moving to TCP (ticket #4725, downstream Bugzilla) partially helped, however there were still failures that could be only solved by retrying the TGT kinit step. Given that this step is critical for the client installation and prone to failures, ipa-client-install should be able to retry. There can be new option --no-retry or similar to achieve faster failures.
--no-retry
Note that in the respective user environment, only the host TGT kinit failed. The preceding admin kinit worked.
This should be a good starting ticket for mbabinsk.
Should we also add some option to let the user specify the number of attempts before the script gives up (something like '--tgt-kinit-attempts' with some default numerical value)? Or is it enough to hardcode some reasonable number of attempts (3, 5, etc.) internally?
I would replace the --no-retry option from the original proposal with --tgt-kinit-attempts(or some different name) option. --tgt-kinit-attempts=0 would basically mean --no-retry. --tgt-kinit--attempts should have some reasonable default: 4?.
--tgt-kinit-attempts
--tgt-kinit-attempts=0
--tgt-kinit--attempts
4.1.3 was released.
4.1.4 was released, moving to new milestone
master:
ipa-4-1:
ipa-client-install fails to kinit when non-default config is used. Reopening.
Metadata Update from @mkosek: - Issue assigned to mbabinsk - Issue set to the milestone: FreeIPA 4.1.5
Login to comment on this ticket.