Hello, DNS Locations: make ipa-ca record generation more robust
__add_ca_records_from_hostname() now skips over DNS exceptions and retries resolution until timeout of 120 seconds is reached. Luckily current logic fails safe: In cases where resolution failed for all the CA servers, the resulting zone object will not contain ipa-ca record at all and the update logic will skip update for this name. I.e. the original values in ipa-ca record set will be left in place. https://fedorahosted.org/freeipa/ticket/2008 -- Petr^2 Spacek
From 63fdff793acef0232bf352042f952d47d575d1d1 Mon Sep 17 00:00:00 2001 From: Petr Spacek <pspa...@redhat.com> Date: Mon, 20 Jun 2016 18:23:51 +0200 Subject: [PATCH] DNS Locations: make ipa-ca record generation more robust __add_ca_records_from_hostname() now skips over DNS exceptions and retries resolution until timeout of 120 seconds is reached. Luckily current logic fails safe: In cases where resolution failed for all the CA servers, the resulting zone object will not contain ipa-ca record at all and the update logic will skip update for this name. I.e. the original values in ipa-ca record set will be left in place. https://fedorahosted.org/freeipa/ticket/2008 --- ipaserver/dns_data_management.py | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/ipaserver/dns_data_management.py b/ipaserver/dns_data_management.py index 3ca40c785681a56fd6e7583c6b4db88c58317305..a9e9c0a3856961b5494c8d3ca30ddb2e4aa5c523 100644 --- a/ipaserver/dns_data_management.py +++ b/ipaserver/dns_data_management.py @@ -12,12 +12,16 @@ from dns import ( rdatatype, zone, ) +from dns.exception import DNSException from dns.rdtypes.IN.SRV import SRV from dns.rdtypes.ANY.TXT import TXT +from time import sleep, time + from ipalib import errors from ipalib.dns import record_name_format from ipapython.dnsutil import DNSName, resolve_rrsets +from ipapython.ipa_log_manager import root_logger if six.PY3: unicode=str @@ -134,7 +138,22 @@ class IPASystemRecords(object): def __add_ca_records_from_hostname(self, zone_obj, hostname): assert isinstance(hostname, DNSName) and hostname.is_absolute() r_name = DNSName('ipa-ca') + self.domain_abs - rrsets = resolve_rrsets(hostname, (rdatatype.A, rdatatype.AAAA)) + rrsets = [] + end_time = time() + 120 # timeout in seconds + while time() < end_time: + try: + rrsets = resolve_rrsets(hostname, (rdatatype.A, rdatatype.AAAA)) + except DNSException: # logging is done inside resolve_rrsets + pass + if rrsets: + break + sleep(5) + + if not rrsets: + root_logger.error('unable to resolve host name %s to IP address, ' + 'ipa-ca DNS record will be incomplete', hostname) + return + for rrset in rrsets: for rd in rrset: rdataset = zone_obj.get_rdataset( -- 2.5.5
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
