Re: [Freeipa-devel] [PATCH 0015] Add wait_for_dns option to default.conf
On 28.3.2014 09:43, Martin Kosek wrote: On 03/28/2014 09:37 AM, Petr Viktorin wrote: On 03/27/2014 05:44 PM, Petr Spacek wrote: On 27.3.2014 13:15, Martin Kosek wrote: On 02/20/2014 03:56 PM, Martin Basti wrote: On Thu, 2014-02-20 at 14:36 +0100, Petr Spacek wrote: On 19.2.2014 17:55, Martin Basti wrote: On Wed, 2014-02-19 at 17:10 +0100, Petr Spacek wrote: On 19.2.2014 15:11, Petr Spacek wrote: On 18.2.2014 17:34, Nathaniel McCallum wrote: On Tue, 2014-02-18 at 17:06 +0100, Petr Viktorin wrote: On 02/18/2014 04:45 PM, Petr Spacek wrote: Hello, Add wait_for_dns option to default.conf. This option makes record changes in DNS tree synchronous. IPA calls will wait until new data are visible over DNS protocol. It is intended only for testing - it should prevent tests from failing if there is bigger delay between change in LDAP and DNS. I would recommend value like 10 seconds. Here are a few Python nitpicks you requested. Thank you very much. This new version solves problems you found + adds proper handling for real DNS timeouts. It seems to me like a more general TimeoutError would be useful in a broader context. DNSTimeout seems overly narrow to me, unless I'm missing something. I would like to keep them separate. DNSTimeout shouldn't be handled at all because it means that your DNS server or database is dead or broken in some interesting way. I assume that generic TimeoutError could be interpreted as 'try it again'/'failover' or something like that. Maybe the DNSTimeout is not the best name, I'm open to suggestions. I have sent the old version with new name, gggrrr. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Tests failed: test_dns[92]: dnsrecord_add: Add A record to u'ns2' in zone u'zone3.test' ... ok File "/usr/lib/python2.7/site-packages/nose/case.py", line 197, in runTest self.test(*self.arg) File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 291, in func = lambda: self.check(nice, **test) File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 309, in check self.check_output(nice, cmd, args, options, expected, extra_check) File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 348, in check_output got = api.Command[cmd](*args, **options) File "/root/freeipa/ipalib/frontend.py", line 436, in __call__ ret = self.run(*args, **options) File "/root/freeipa/ipalib/frontend.py", line 761, in run return self.forward(*args, **options) File "/root/freeipa/ipalib/frontend.py", line 782, in forward return self.Backend.rpcclient.forward(self.name, *args, **kw) File "/root/freeipa/ipalib/rpc.py", line 836, in forward return self._call_command(command, params) File "/root/freeipa/ipalib/rpc.py", line 813, in _call_command return command(*params) File "/root/freeipa/ipalib/rpc.py", line 951, in _call return self.__request(name, args) File "/root/freeipa/ipalib/rpc.py", line 945, in __request raise error_class(message=error['message']) DNSTimeout: DNS query timeout: Expected {_kerberos.zone2.test. 86400 IN TXT "IDM.LAB.ENG.BRQ.REDHAT.COM"} got {SERVFAIL} == ERROR: test_dns[51]: dnsrecord_add: Add NS+DNAME record to u'zone2.test' zone record using dnsrecord_add -- Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/nose/case.py", line 197, in runTest self.test(*self.arg) File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 291, in func = lambda: self.check(nice, **test) File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 309, in check self.check_output(nice, cmd, args, options, expected, extra_check) File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 348, in check_output got = api.Command[cmd](*args, **options) File "/root/freeipa/ipalib/frontend.py", line 436, in __call__ ret = self.run(*args, **options) File "/root/freeipa/ipalib/frontend.py", line 761, in run return self.forward(*args, **options) File "/root/freeipa/ipalib/frontend.py", line 782, in forward return self.Backend.rpcclient.forward(self.name, *args, **kw) File "/root/freeipa/ipalib/rpc.py", line 836, in forward return self._call_command(command, params) File "/root/freeipa/ipalib/rpc.py", line 813, in _call_command return command(*params) File "/root/freeipa/ipalib/rpc.py", line 951, in _call return self.__request(name, args) File "/root/freeipa/ipalib/rpc.py", line 945, in __request raise error_class(message=error['message']) DNSTimeout: DNS query timeout: Expected {zone2.test. 86400 IN NS ns1.dnszone.test. zone2.test. 86400 IN NS ns1.zone
Re: [Freeipa-devel] [PATCH 0015] Add wait_for_dns option to default.conf
On 03/28/2014 09:37 AM, Petr Viktorin wrote: > On 03/27/2014 05:44 PM, Petr Spacek wrote: >> On 27.3.2014 13:15, Martin Kosek wrote: >>> On 02/20/2014 03:56 PM, Martin Basti wrote: On Thu, 2014-02-20 at 14:36 +0100, Petr Spacek wrote: > On 19.2.2014 17:55, Martin Basti wrote: >> On Wed, 2014-02-19 at 17:10 +0100, Petr Spacek wrote: >>> On 19.2.2014 15:11, Petr Spacek wrote: On 18.2.2014 17:34, Nathaniel McCallum wrote: > On Tue, 2014-02-18 at 17:06 +0100, Petr Viktorin wrote: >> On 02/18/2014 04:45 PM, Petr Spacek wrote: >>> Hello, >>> >>> Add wait_for_dns option to default.conf. >>> >>> This option makes record changes in DNS tree synchronous. >>> IPA calls will wait until new data are visible over DNS protocol. >>> >>> It is intended only for testing - it should prevent tests from >>> failing if there is bigger delay between change in LDAP and DNS. >>> >>> I would recommend value like 10 seconds. >> >> Here are a few Python nitpicks you requested. Thank you very much. This new version solves problems you found + adds proper handling for real DNS timeouts. > It seems to me like a more general TimeoutError would be useful > in a > broader context. DNSTimeout seems overly narrow to me, unless I'm > missing something. I would like to keep them separate. DNSTimeout shouldn't be handled at all because it means that your DNS server or database is dead or broken in some interesting way. I assume that generic TimeoutError could be interpreted as 'try it again'/'failover' or something like that. Maybe the DNSTimeout is not the best name, I'm open to suggestions. >>> >>> I have sent the old version with new name, gggrrr. >>> >>> ___ >>> Freeipa-devel mailing list >>> Freeipa-devel@redhat.com >>> https://www.redhat.com/mailman/listinfo/freeipa-devel >> >> Tests failed: >> test_dns[92]: dnsrecord_add: Add A record to u'ns2' in zone >> u'zone3.test' ... ok >> File "/usr/lib/python2.7/site-packages/nose/case.py", line 197, in >> runTest >> self.test(*self.arg) >> File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line >> 291, in >> >> func = lambda: self.check(nice, **test) >> File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line >> 309, in >> check >> self.check_output(nice, cmd, args, options, expected, >> extra_check) >> File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line >> 348, in >> check_output >> got = api.Command[cmd](*args, **options) >> File "/root/freeipa/ipalib/frontend.py", line 436, in __call__ >> ret = self.run(*args, **options) >> File "/root/freeipa/ipalib/frontend.py", line 761, in run >> return self.forward(*args, **options) >> File "/root/freeipa/ipalib/frontend.py", line 782, in forward >> return self.Backend.rpcclient.forward(self.name, *args, **kw) >> File "/root/freeipa/ipalib/rpc.py", line 836, in forward >> return self._call_command(command, params) >> File "/root/freeipa/ipalib/rpc.py", line 813, in _call_command >> return command(*params) >> File "/root/freeipa/ipalib/rpc.py", line 951, in _call >> return self.__request(name, args) >> File "/root/freeipa/ipalib/rpc.py", line 945, in __request >> raise error_class(message=error['message']) >> DNSTimeout: DNS query timeout: Expected {_kerberos.zone2.test. >> 86400 IN >> TXT "IDM.LAB.ENG.BRQ.REDHAT.COM"} got {SERVFAIL} >> >> == >> ERROR: test_dns[51]: dnsrecord_add: Add NS+DNAME record to >> u'zone2.test' >> zone record using dnsrecord_add >> -- >> Traceback (most recent call last): >> File "/usr/lib/python2.7/site-packages/nose/case.py", line 197, in >> runTest >> self.test(*self.arg) >> File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line >> 291, in >> >> func = lambda: self.check(nice, **test) >> File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line >> 309, in >> check >> self.check_output(nice, cmd, args, options, expected, >> extra_check) >> File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line >> 348, in >> check_output >> got = api.Command[cmd](*args, **options) >> File "/root/freeipa/ipalib/frontend.py", line 436, in __call__ >> ret = self.run(*args, **options
Re: [Freeipa-devel] [PATCH 0015] Add wait_for_dns option to default.conf
On 03/27/2014 05:44 PM, Petr Spacek wrote: On 27.3.2014 13:15, Martin Kosek wrote: On 02/20/2014 03:56 PM, Martin Basti wrote: On Thu, 2014-02-20 at 14:36 +0100, Petr Spacek wrote: On 19.2.2014 17:55, Martin Basti wrote: On Wed, 2014-02-19 at 17:10 +0100, Petr Spacek wrote: On 19.2.2014 15:11, Petr Spacek wrote: On 18.2.2014 17:34, Nathaniel McCallum wrote: On Tue, 2014-02-18 at 17:06 +0100, Petr Viktorin wrote: On 02/18/2014 04:45 PM, Petr Spacek wrote: Hello, Add wait_for_dns option to default.conf. This option makes record changes in DNS tree synchronous. IPA calls will wait until new data are visible over DNS protocol. It is intended only for testing - it should prevent tests from failing if there is bigger delay between change in LDAP and DNS. I would recommend value like 10 seconds. Here are a few Python nitpicks you requested. Thank you very much. This new version solves problems you found + adds proper handling for real DNS timeouts. It seems to me like a more general TimeoutError would be useful in a broader context. DNSTimeout seems overly narrow to me, unless I'm missing something. I would like to keep them separate. DNSTimeout shouldn't be handled at all because it means that your DNS server or database is dead or broken in some interesting way. I assume that generic TimeoutError could be interpreted as 'try it again'/'failover' or something like that. Maybe the DNSTimeout is not the best name, I'm open to suggestions. I have sent the old version with new name, gggrrr. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Tests failed: test_dns[92]: dnsrecord_add: Add A record to u'ns2' in zone u'zone3.test' ... ok File "/usr/lib/python2.7/site-packages/nose/case.py", line 197, in runTest self.test(*self.arg) File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 291, in func = lambda: self.check(nice, **test) File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 309, in check self.check_output(nice, cmd, args, options, expected, extra_check) File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 348, in check_output got = api.Command[cmd](*args, **options) File "/root/freeipa/ipalib/frontend.py", line 436, in __call__ ret = self.run(*args, **options) File "/root/freeipa/ipalib/frontend.py", line 761, in run return self.forward(*args, **options) File "/root/freeipa/ipalib/frontend.py", line 782, in forward return self.Backend.rpcclient.forward(self.name, *args, **kw) File "/root/freeipa/ipalib/rpc.py", line 836, in forward return self._call_command(command, params) File "/root/freeipa/ipalib/rpc.py", line 813, in _call_command return command(*params) File "/root/freeipa/ipalib/rpc.py", line 951, in _call return self.__request(name, args) File "/root/freeipa/ipalib/rpc.py", line 945, in __request raise error_class(message=error['message']) DNSTimeout: DNS query timeout: Expected {_kerberos.zone2.test. 86400 IN TXT "IDM.LAB.ENG.BRQ.REDHAT.COM"} got {SERVFAIL} == ERROR: test_dns[51]: dnsrecord_add: Add NS+DNAME record to u'zone2.test' zone record using dnsrecord_add -- Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/nose/case.py", line 197, in runTest self.test(*self.arg) File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 291, in func = lambda: self.check(nice, **test) File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 309, in check self.check_output(nice, cmd, args, options, expected, extra_check) File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 348, in check_output got = api.Command[cmd](*args, **options) File "/root/freeipa/ipalib/frontend.py", line 436, in __call__ ret = self.run(*args, **options) File "/root/freeipa/ipalib/frontend.py", line 761, in run return self.forward(*args, **options) File "/root/freeipa/ipalib/frontend.py", line 782, in forward return self.Backend.rpcclient.forward(self.name, *args, **kw) File "/root/freeipa/ipalib/rpc.py", line 836, in forward return self._call_command(command, params) File "/root/freeipa/ipalib/rpc.py", line 813, in _call_command return command(*params) File "/root/freeipa/ipalib/rpc.py", line 951, in _call return self.__request(name, args) File "/root/freeipa/ipalib/rpc.py", line 945, in __request raise error_class(message=error['message']) DNSTimeout: DNS query timeout: Expected {zone2.test. 86400 IN NS ns1.dnszone.test. zone2.test. 86400 IN NS ns1.zone2.test.} got {SERVFAIL} configuration was: wait_for_dns=10 All tests passed without wait_for_dns option. Sometimes at first run,
Re: [Freeipa-devel] [PATCH 0015] Add wait_for_dns option to default.conf
On 27.3.2014 13:15, Martin Kosek wrote: On 02/20/2014 03:56 PM, Martin Basti wrote: On Thu, 2014-02-20 at 14:36 +0100, Petr Spacek wrote: On 19.2.2014 17:55, Martin Basti wrote: On Wed, 2014-02-19 at 17:10 +0100, Petr Spacek wrote: On 19.2.2014 15:11, Petr Spacek wrote: On 18.2.2014 17:34, Nathaniel McCallum wrote: On Tue, 2014-02-18 at 17:06 +0100, Petr Viktorin wrote: On 02/18/2014 04:45 PM, Petr Spacek wrote: Hello, Add wait_for_dns option to default.conf. This option makes record changes in DNS tree synchronous. IPA calls will wait until new data are visible over DNS protocol. It is intended only for testing - it should prevent tests from failing if there is bigger delay between change in LDAP and DNS. I would recommend value like 10 seconds. Here are a few Python nitpicks you requested. Thank you very much. This new version solves problems you found + adds proper handling for real DNS timeouts. It seems to me like a more general TimeoutError would be useful in a broader context. DNSTimeout seems overly narrow to me, unless I'm missing something. I would like to keep them separate. DNSTimeout shouldn't be handled at all because it means that your DNS server or database is dead or broken in some interesting way. I assume that generic TimeoutError could be interpreted as 'try it again'/'failover' or something like that. Maybe the DNSTimeout is not the best name, I'm open to suggestions. I have sent the old version with new name, gggrrr. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Tests failed: test_dns[92]: dnsrecord_add: Add A record to u'ns2' in zone u'zone3.test' ... ok File "/usr/lib/python2.7/site-packages/nose/case.py", line 197, in runTest self.test(*self.arg) File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 291, in func = lambda: self.check(nice, **test) File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 309, in check self.check_output(nice, cmd, args, options, expected, extra_check) File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 348, in check_output got = api.Command[cmd](*args, **options) File "/root/freeipa/ipalib/frontend.py", line 436, in __call__ ret = self.run(*args, **options) File "/root/freeipa/ipalib/frontend.py", line 761, in run return self.forward(*args, **options) File "/root/freeipa/ipalib/frontend.py", line 782, in forward return self.Backend.rpcclient.forward(self.name, *args, **kw) File "/root/freeipa/ipalib/rpc.py", line 836, in forward return self._call_command(command, params) File "/root/freeipa/ipalib/rpc.py", line 813, in _call_command return command(*params) File "/root/freeipa/ipalib/rpc.py", line 951, in _call return self.__request(name, args) File "/root/freeipa/ipalib/rpc.py", line 945, in __request raise error_class(message=error['message']) DNSTimeout: DNS query timeout: Expected {_kerberos.zone2.test. 86400 IN TXT "IDM.LAB.ENG.BRQ.REDHAT.COM"} got {SERVFAIL} == ERROR: test_dns[51]: dnsrecord_add: Add NS+DNAME record to u'zone2.test' zone record using dnsrecord_add -- Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/nose/case.py", line 197, in runTest self.test(*self.arg) File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 291, in func = lambda: self.check(nice, **test) File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 309, in check self.check_output(nice, cmd, args, options, expected, extra_check) File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 348, in check_output got = api.Command[cmd](*args, **options) File "/root/freeipa/ipalib/frontend.py", line 436, in __call__ ret = self.run(*args, **options) File "/root/freeipa/ipalib/frontend.py", line 761, in run return self.forward(*args, **options) File "/root/freeipa/ipalib/frontend.py", line 782, in forward return self.Backend.rpcclient.forward(self.name, *args, **kw) File "/root/freeipa/ipalib/rpc.py", line 836, in forward return self._call_command(command, params) File "/root/freeipa/ipalib/rpc.py", line 813, in _call_command return command(*params) File "/root/freeipa/ipalib/rpc.py", line 951, in _call return self.__request(name, args) File "/root/freeipa/ipalib/rpc.py", line 945, in __request raise error_class(message=error['message']) DNSTimeout: DNS query timeout: Expected {zone2.test. 86400 IN NS ns1.dnszone.test. zone2.test. 86400 IN NS ns1.zone2.test.} got {SERVFAIL} configuration was: wait_for_dns=10 All tests passed without wait_for_dns option. Sometimes at first run, I get only error and testing is interrupted
Re: [Freeipa-devel] [PATCH 0015] Add wait_for_dns option to default.conf
On 02/20/2014 03:56 PM, Martin Basti wrote: > On Thu, 2014-02-20 at 14:36 +0100, Petr Spacek wrote: >> On 19.2.2014 17:55, Martin Basti wrote: >>> On Wed, 2014-02-19 at 17:10 +0100, Petr Spacek wrote: On 19.2.2014 15:11, Petr Spacek wrote: > On 18.2.2014 17:34, Nathaniel McCallum wrote: >> On Tue, 2014-02-18 at 17:06 +0100, Petr Viktorin wrote: >>> On 02/18/2014 04:45 PM, Petr Spacek wrote: Hello, Add wait_for_dns option to default.conf. This option makes record changes in DNS tree synchronous. IPA calls will wait until new data are visible over DNS protocol. It is intended only for testing - it should prevent tests from failing if there is bigger delay between change in LDAP and DNS. I would recommend value like 10 seconds. >>> >>> Here are a few Python nitpicks you requested. > > Thank you very much. This new version solves problems you found + adds > proper > handling for real DNS timeouts. > >> It seems to me like a more general TimeoutError would be useful in a >> broader context. DNSTimeout seems overly narrow to me, unless I'm >> missing something. > > I would like to keep them separate. DNSTimeout shouldn't be handled at all > because it means that your DNS server or database is dead or broken in > some > interesting way. > > I assume that generic TimeoutError could be interpreted as 'try it > again'/'failover' or something like that. > > Maybe the DNSTimeout is not the best name, I'm open to suggestions. I have sent the old version with new name, gggrrr. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel >>> >>> Tests failed: >>> test_dns[92]: dnsrecord_add: Add A record to u'ns2' in zone >>> u'zone3.test' ... ok >>>File "/usr/lib/python2.7/site-packages/nose/case.py", line 197, in >>> runTest >>> self.test(*self.arg) >>>File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 291, in >>> >>> func = lambda: self.check(nice, **test) >>>File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 309, in >>> check >>> self.check_output(nice, cmd, args, options, expected, extra_check) >>>File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 348, in >>> check_output >>> got = api.Command[cmd](*args, **options) >>>File "/root/freeipa/ipalib/frontend.py", line 436, in __call__ >>> ret = self.run(*args, **options) >>>File "/root/freeipa/ipalib/frontend.py", line 761, in run >>> return self.forward(*args, **options) >>>File "/root/freeipa/ipalib/frontend.py", line 782, in forward >>> return self.Backend.rpcclient.forward(self.name, *args, **kw) >>>File "/root/freeipa/ipalib/rpc.py", line 836, in forward >>> return self._call_command(command, params) >>>File "/root/freeipa/ipalib/rpc.py", line 813, in _call_command >>> return command(*params) >>>File "/root/freeipa/ipalib/rpc.py", line 951, in _call >>> return self.__request(name, args) >>>File "/root/freeipa/ipalib/rpc.py", line 945, in __request >>> raise error_class(message=error['message']) >>> DNSTimeout: DNS query timeout: Expected {_kerberos.zone2.test. 86400 IN >>> TXT "IDM.LAB.ENG.BRQ.REDHAT.COM"} got {SERVFAIL} >>> >>> == >>> ERROR: test_dns[51]: dnsrecord_add: Add NS+DNAME record to u'zone2.test' >>> zone record using dnsrecord_add >>> -- >>> Traceback (most recent call last): >>>File "/usr/lib/python2.7/site-packages/nose/case.py", line 197, in >>> runTest >>> self.test(*self.arg) >>>File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 291, in >>> >>> func = lambda: self.check(nice, **test) >>>File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 309, in >>> check >>> self.check_output(nice, cmd, args, options, expected, extra_check) >>>File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 348, in >>> check_output >>> got = api.Command[cmd](*args, **options) >>>File "/root/freeipa/ipalib/frontend.py", line 436, in __call__ >>> ret = self.run(*args, **options) >>>File "/root/freeipa/ipalib/frontend.py", line 761, in run >>> return self.forward(*args, **options) >>>File "/root/freeipa/ipalib/frontend.py", line 782, in forward >>> return self.Backend.rpcclient.forward(self.name, *args, **kw) >>>File "/root/freeipa/ipalib/rpc.py", line 836, in forward >>> return self._call_command(command, params) >>>File "/root/freeipa/ipalib/rpc.py", line 813, in _call_command >>> return command(*params) >>>File "/root/freeipa/ipalib/rpc.py", line 951, in _call >>> ret
Re: [Freeipa-devel] [PATCH 0015] Add wait_for_dns option to default.conf
On Thu, 2014-02-20 at 14:36 +0100, Petr Spacek wrote: > On 19.2.2014 17:55, Martin Basti wrote: > > On Wed, 2014-02-19 at 17:10 +0100, Petr Spacek wrote: > >> On 19.2.2014 15:11, Petr Spacek wrote: > >>> On 18.2.2014 17:34, Nathaniel McCallum wrote: > On Tue, 2014-02-18 at 17:06 +0100, Petr Viktorin wrote: > > On 02/18/2014 04:45 PM, Petr Spacek wrote: > >> Hello, > >> > >> Add wait_for_dns option to default.conf. > >> > >> This option makes record changes in DNS tree synchronous. > >> IPA calls will wait until new data are visible over DNS protocol. > >> > >> It is intended only for testing - it should prevent tests from > >> failing if there is bigger delay between change in LDAP and DNS. > >> > >> I would recommend value like 10 seconds. > > > > Here are a few Python nitpicks you requested. > >>> > >>> Thank you very much. This new version solves problems you found + adds > >>> proper > >>> handling for real DNS timeouts. > >>> > It seems to me like a more general TimeoutError would be useful in a > broader context. DNSTimeout seems overly narrow to me, unless I'm > missing something. > >>> > >>> I would like to keep them separate. DNSTimeout shouldn't be handled at all > >>> because it means that your DNS server or database is dead or broken in > >>> some > >>> interesting way. > >>> > >>> I assume that generic TimeoutError could be interpreted as 'try it > >>> again'/'failover' or something like that. > >>> > >>> Maybe the DNSTimeout is not the best name, I'm open to suggestions. > >> > >> I have sent the old version with new name, gggrrr. > >> > >> ___ > >> Freeipa-devel mailing list > >> Freeipa-devel@redhat.com > >> https://www.redhat.com/mailman/listinfo/freeipa-devel > > > > Tests failed: > > test_dns[92]: dnsrecord_add: Add A record to u'ns2' in zone > > u'zone3.test' ... ok > >File "/usr/lib/python2.7/site-packages/nose/case.py", line 197, in > > runTest > > self.test(*self.arg) > >File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 291, in > > > > func = lambda: self.check(nice, **test) > >File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 309, in > > check > > self.check_output(nice, cmd, args, options, expected, extra_check) > >File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 348, in > > check_output > > got = api.Command[cmd](*args, **options) > >File "/root/freeipa/ipalib/frontend.py", line 436, in __call__ > > ret = self.run(*args, **options) > >File "/root/freeipa/ipalib/frontend.py", line 761, in run > > return self.forward(*args, **options) > >File "/root/freeipa/ipalib/frontend.py", line 782, in forward > > return self.Backend.rpcclient.forward(self.name, *args, **kw) > >File "/root/freeipa/ipalib/rpc.py", line 836, in forward > > return self._call_command(command, params) > >File "/root/freeipa/ipalib/rpc.py", line 813, in _call_command > > return command(*params) > >File "/root/freeipa/ipalib/rpc.py", line 951, in _call > > return self.__request(name, args) > >File "/root/freeipa/ipalib/rpc.py", line 945, in __request > > raise error_class(message=error['message']) > > DNSTimeout: DNS query timeout: Expected {_kerberos.zone2.test. 86400 IN > > TXT "IDM.LAB.ENG.BRQ.REDHAT.COM"} got {SERVFAIL} > > > > == > > ERROR: test_dns[51]: dnsrecord_add: Add NS+DNAME record to u'zone2.test' > > zone record using dnsrecord_add > > -- > > Traceback (most recent call last): > >File "/usr/lib/python2.7/site-packages/nose/case.py", line 197, in > > runTest > > self.test(*self.arg) > >File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 291, in > > > > func = lambda: self.check(nice, **test) > >File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 309, in > > check > > self.check_output(nice, cmd, args, options, expected, extra_check) > >File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 348, in > > check_output > > got = api.Command[cmd](*args, **options) > >File "/root/freeipa/ipalib/frontend.py", line 436, in __call__ > > ret = self.run(*args, **options) > >File "/root/freeipa/ipalib/frontend.py", line 761, in run > > return self.forward(*args, **options) > >File "/root/freeipa/ipalib/frontend.py", line 782, in forward > > return self.Backend.rpcclient.forward(self.name, *args, **kw) > >File "/root/freeipa/ipalib/rpc.py", line 836, in forward > > return self._call_command(command, params) > >File "/root/freeipa/ipalib/rpc.py", line 813, in _call_command > > return command(*params) > >File "/root/freeipa/ipalib/rpc.py", line 951, in _call > > return self.__request(name, args) > >File "/ro
Re: [Freeipa-devel] [PATCH 0015] Add wait_for_dns option to default.conf
On 19.2.2014 17:55, Martin Basti wrote: On Wed, 2014-02-19 at 17:10 +0100, Petr Spacek wrote: On 19.2.2014 15:11, Petr Spacek wrote: On 18.2.2014 17:34, Nathaniel McCallum wrote: On Tue, 2014-02-18 at 17:06 +0100, Petr Viktorin wrote: On 02/18/2014 04:45 PM, Petr Spacek wrote: Hello, Add wait_for_dns option to default.conf. This option makes record changes in DNS tree synchronous. IPA calls will wait until new data are visible over DNS protocol. It is intended only for testing - it should prevent tests from failing if there is bigger delay between change in LDAP and DNS. I would recommend value like 10 seconds. Here are a few Python nitpicks you requested. Thank you very much. This new version solves problems you found + adds proper handling for real DNS timeouts. It seems to me like a more general TimeoutError would be useful in a broader context. DNSTimeout seems overly narrow to me, unless I'm missing something. I would like to keep them separate. DNSTimeout shouldn't be handled at all because it means that your DNS server or database is dead or broken in some interesting way. I assume that generic TimeoutError could be interpreted as 'try it again'/'failover' or something like that. Maybe the DNSTimeout is not the best name, I'm open to suggestions. I have sent the old version with new name, gggrrr. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel Tests failed: test_dns[92]: dnsrecord_add: Add A record to u'ns2' in zone u'zone3.test' ... ok File "/usr/lib/python2.7/site-packages/nose/case.py", line 197, in runTest self.test(*self.arg) File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 291, in func = lambda: self.check(nice, **test) File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 309, in check self.check_output(nice, cmd, args, options, expected, extra_check) File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 348, in check_output got = api.Command[cmd](*args, **options) File "/root/freeipa/ipalib/frontend.py", line 436, in __call__ ret = self.run(*args, **options) File "/root/freeipa/ipalib/frontend.py", line 761, in run return self.forward(*args, **options) File "/root/freeipa/ipalib/frontend.py", line 782, in forward return self.Backend.rpcclient.forward(self.name, *args, **kw) File "/root/freeipa/ipalib/rpc.py", line 836, in forward return self._call_command(command, params) File "/root/freeipa/ipalib/rpc.py", line 813, in _call_command return command(*params) File "/root/freeipa/ipalib/rpc.py", line 951, in _call return self.__request(name, args) File "/root/freeipa/ipalib/rpc.py", line 945, in __request raise error_class(message=error['message']) DNSTimeout: DNS query timeout: Expected {_kerberos.zone2.test. 86400 IN TXT "IDM.LAB.ENG.BRQ.REDHAT.COM"} got {SERVFAIL} == ERROR: test_dns[51]: dnsrecord_add: Add NS+DNAME record to u'zone2.test' zone record using dnsrecord_add -- Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/nose/case.py", line 197, in runTest self.test(*self.arg) File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 291, in func = lambda: self.check(nice, **test) File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 309, in check self.check_output(nice, cmd, args, options, expected, extra_check) File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 348, in check_output got = api.Command[cmd](*args, **options) File "/root/freeipa/ipalib/frontend.py", line 436, in __call__ ret = self.run(*args, **options) File "/root/freeipa/ipalib/frontend.py", line 761, in run return self.forward(*args, **options) File "/root/freeipa/ipalib/frontend.py", line 782, in forward return self.Backend.rpcclient.forward(self.name, *args, **kw) File "/root/freeipa/ipalib/rpc.py", line 836, in forward return self._call_command(command, params) File "/root/freeipa/ipalib/rpc.py", line 813, in _call_command return command(*params) File "/root/freeipa/ipalib/rpc.py", line 951, in _call return self.__request(name, args) File "/root/freeipa/ipalib/rpc.py", line 945, in __request raise error_class(message=error['message']) DNSTimeout: DNS query timeout: Expected {zone2.test. 86400 IN NS ns1.dnszone.test. zone2.test. 86400 IN NS ns1.zone2.test.} got {SERVFAIL} configuration was: wait_for_dns=10 All tests passed without wait_for_dns option. Sometimes at first run, I get only error and testing is interrupted. I hope I covered all corner cases in this version. I renamed DNSTimeout exception to DNSDataMismatch in hope that it will be less confusing. -- Petr^2 Spacek From 6d5c7c96e96d24
Re: [Freeipa-devel] [PATCH 0015] Add wait_for_dns option to default.conf
On Wed, 2014-02-19 at 17:10 +0100, Petr Spacek wrote: > On 19.2.2014 15:11, Petr Spacek wrote: > > On 18.2.2014 17:34, Nathaniel McCallum wrote: > >> On Tue, 2014-02-18 at 17:06 +0100, Petr Viktorin wrote: > >>> On 02/18/2014 04:45 PM, Petr Spacek wrote: > Hello, > > Add wait_for_dns option to default.conf. > > This option makes record changes in DNS tree synchronous. > IPA calls will wait until new data are visible over DNS protocol. > > It is intended only for testing - it should prevent tests from > failing if there is bigger delay between change in LDAP and DNS. > > I would recommend value like 10 seconds. > >>> > >>> Here are a few Python nitpicks you requested. > > > > Thank you very much. This new version solves problems you found + adds > > proper > > handling for real DNS timeouts. > > > >> It seems to me like a more general TimeoutError would be useful in a > >> broader context. DNSTimeout seems overly narrow to me, unless I'm > >> missing something. > > > > I would like to keep them separate. DNSTimeout shouldn't be handled at all > > because it means that your DNS server or database is dead or broken in some > > interesting way. > > > > I assume that generic TimeoutError could be interpreted as 'try it > > again'/'failover' or something like that. > > > > Maybe the DNSTimeout is not the best name, I'm open to suggestions. > > I have sent the old version with new name, gggrrr. > > ___ > Freeipa-devel mailing list > Freeipa-devel@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel Tests failed: test_dns[92]: dnsrecord_add: Add A record to u'ns2' in zone u'zone3.test' ... ok File "/usr/lib/python2.7/site-packages/nose/case.py", line 197, in runTest self.test(*self.arg) File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 291, in func = lambda: self.check(nice, **test) File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 309, in check self.check_output(nice, cmd, args, options, expected, extra_check) File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 348, in check_output got = api.Command[cmd](*args, **options) File "/root/freeipa/ipalib/frontend.py", line 436, in __call__ ret = self.run(*args, **options) File "/root/freeipa/ipalib/frontend.py", line 761, in run return self.forward(*args, **options) File "/root/freeipa/ipalib/frontend.py", line 782, in forward return self.Backend.rpcclient.forward(self.name, *args, **kw) File "/root/freeipa/ipalib/rpc.py", line 836, in forward return self._call_command(command, params) File "/root/freeipa/ipalib/rpc.py", line 813, in _call_command return command(*params) File "/root/freeipa/ipalib/rpc.py", line 951, in _call return self.__request(name, args) File "/root/freeipa/ipalib/rpc.py", line 945, in __request raise error_class(message=error['message']) DNSTimeout: DNS query timeout: Expected {_kerberos.zone2.test. 86400 IN TXT "IDM.LAB.ENG.BRQ.REDHAT.COM"} got {SERVFAIL} == ERROR: test_dns[51]: dnsrecord_add: Add NS+DNAME record to u'zone2.test' zone record using dnsrecord_add -- Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/nose/case.py", line 197, in runTest self.test(*self.arg) File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 291, in func = lambda: self.check(nice, **test) File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 309, in check self.check_output(nice, cmd, args, options, expected, extra_check) File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 348, in check_output got = api.Command[cmd](*args, **options) File "/root/freeipa/ipalib/frontend.py", line 436, in __call__ ret = self.run(*args, **options) File "/root/freeipa/ipalib/frontend.py", line 761, in run return self.forward(*args, **options) File "/root/freeipa/ipalib/frontend.py", line 782, in forward return self.Backend.rpcclient.forward(self.name, *args, **kw) File "/root/freeipa/ipalib/rpc.py", line 836, in forward return self._call_command(command, params) File "/root/freeipa/ipalib/rpc.py", line 813, in _call_command return command(*params) File "/root/freeipa/ipalib/rpc.py", line 951, in _call return self.__request(name, args) File "/root/freeipa/ipalib/rpc.py", line 945, in __request raise error_class(message=error['message']) DNSTimeout: DNS query timeout: Expected {zone2.test. 86400 IN NS ns1.dnszone.test. zone2.test. 86400 IN NS ns1.zone2.test.} got {SERVFAIL} configuration was: wait_for_dns=10 All tests passed without wait_for_dns option. Sometimes at first run, I get only error and testing is interrupted. -- Martin^2 Basti ___ Freeipa-devel mailing list Fr
Re: [Freeipa-devel] [PATCH 0015] Add wait_for_dns option to default.conf
On 19.2.2014 15:11, Petr Spacek wrote: On 18.2.2014 17:34, Nathaniel McCallum wrote: On Tue, 2014-02-18 at 17:06 +0100, Petr Viktorin wrote: On 02/18/2014 04:45 PM, Petr Spacek wrote: Hello, Add wait_for_dns option to default.conf. This option makes record changes in DNS tree synchronous. IPA calls will wait until new data are visible over DNS protocol. It is intended only for testing - it should prevent tests from failing if there is bigger delay between change in LDAP and DNS. I would recommend value like 10 seconds. Here are a few Python nitpicks you requested. Thank you very much. This new version solves problems you found + adds proper handling for real DNS timeouts. It seems to me like a more general TimeoutError would be useful in a broader context. DNSTimeout seems overly narrow to me, unless I'm missing something. I would like to keep them separate. DNSTimeout shouldn't be handled at all because it means that your DNS server or database is dead or broken in some interesting way. I assume that generic TimeoutError could be interpreted as 'try it again'/'failover' or something like that. Maybe the DNSTimeout is not the best name, I'm open to suggestions. I have sent the old version with new name, gggrrr. -- Petr^2 Spacek From 39483c21c26bcc883161481d1987a6af216e1581 Mon Sep 17 00:00:00 2001 From: Petr Spacek Date: Wed, 19 Feb 2014 14:18:38 +0100 Subject: [PATCH] Add wait_for_dns option to default.conf. This option makes record changes in DNS tree synchronous. IPA calls will wait until new data are visible over DNS protocol. It is intended only for testing - it should prevent tests from failing if there is bigger delay between change in LDAP and DNS. --- ipa-client/man/default.conf.5 | 3 + ipalib/constants.py | 1 + ipalib/errors.py | 18 ++ ipalib/plugins/dns.py | 146 -- 4 files changed, 164 insertions(+), 4 deletions(-) diff --git a/ipa-client/man/default.conf.5 b/ipa-client/man/default.conf.5 index 5d5a48db62cb97e7424b42b6cb70d0c872b2bc34..e8938cb5799c4fa41e5a1b75125e2a4063bf010f 100644 --- a/ipa-client/man/default.conf.5 +++ b/ipa-client/man/default.conf.5 @@ -178,6 +178,9 @@ Used internally in the IPA source package to verify that the API has not changed .B verbose When True provides more information. Specifically this sets the global log level to "info". .TP +.B wait_for_dns +Controls whether the IPA commands dnsrecord\-{add,mod,del} work synchronously or not. The DNS commands will repeat DNS queries (up to the specified number of attempts) until the DNS server returns an up\-to\-date answer to a query for modified records. Delay between retries is one second. The DNS commands will return a DNSTimeout exception if the answer doesn't match the expected value even after the specified number of attempts. The DNS queries will be sent to the resolver configured in /etc/resolv.conf on the IPA server. Do not enable this in production! It could cause problems if the resolver on IPA server uses a caching server instead of a local authoritative server. The default is disabled (the option is not present). +.TP .B xmlrpc_uri Specifies the URI of the XML\-RPC server for a client. This may be used by IPA, and is used by some external tools, such as ipa\-getcert. Example: https://ipa.example.com/ipa/xml .TP diff --git a/ipalib/constants.py b/ipalib/constants.py index ae0827729764983675d5ae59bbd16bad1c0805ce..d6955f8cb62822d123f6debcefa4a2f35e40aa96 100644 --- a/ipalib/constants.py +++ b/ipalib/constants.py @@ -139,6 +139,7 @@ DEFAULT_CONFIG = ( ('debug', False), ('startup_traceback', False), ('mode', 'production'), +('wait_for_dns', False), # CA plugin: ('ca_host', FQDN), # Set in Env._finalize_core() diff --git a/ipalib/errors.py b/ipalib/errors.py index 716decb2b41baf5470a1dc23c0cfb5d1c995e5ff..e6563c0a0ea0f65457b942426e45283dd237ed6e 100644 --- a/ipalib/errors.py +++ b/ipalib/errors.py @@ -1512,6 +1512,24 @@ class DatabaseTimeout(DatabaseError): format = _('LDAP timeout') +class DNSTimeout(ExecutionError): +""" +**4212** Raised when an DNS query didn't return expected answer +in expected time period + +For example: + +>>> raise DNSTimeout(expected="zone3.test. 86400 IN A 192.0.2.1", \ + got="zone3.test. 86400 IN A 192.168.1.1") +Traceback (most recent call last): + ... +DNSTimeout: DNS query timeout: Expected {zone3.test. 86400 IN A 192.0.2.1} got {zone3.test. 86400 IN A 192.168.1.1} +""" + +errno = 4212 +format = _('DNS query timeout: Expected {%(expected)s} got {%(got)s}') + + class CertificateError(ExecutionError): """ **4300** Base class for Certificate execution errors (*4300 - 4399*). diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index e7301a9f78466e9a790d26f03bfab757de501ed6..61a2346904ffcd73e289fc207bf189e90525efa0 100644 --- a/ipalib/plugins/dns.py +
Re: [Freeipa-devel] [PATCH 0015] Add wait_for_dns option to default.conf
On 18.2.2014 17:34, Nathaniel McCallum wrote: On Tue, 2014-02-18 at 17:06 +0100, Petr Viktorin wrote: On 02/18/2014 04:45 PM, Petr Spacek wrote: Hello, Add wait_for_dns option to default.conf. This option makes record changes in DNS tree synchronous. IPA calls will wait until new data are visible over DNS protocol. It is intended only for testing - it should prevent tests from failing if there is bigger delay between change in LDAP and DNS. I would recommend value like 10 seconds. Here are a few Python nitpicks you requested. Thank you very much. This new version solves problems you found + adds proper handling for real DNS timeouts. It seems to me like a more general TimeoutError would be useful in a broader context. DNSTimeout seems overly narrow to me, unless I'm missing something. I would like to keep them separate. DNSTimeout shouldn't be handled at all because it means that your DNS server or database is dead or broken in some interesting way. I assume that generic TimeoutError could be interpreted as 'try it again'/'failover' or something like that. Maybe the DNSTimeout is not the best name, I'm open to suggestions. -- Petr^2 Spacek From 7ad81ab266754afb1e5b33b459bc92399ff2f09c Mon Sep 17 00:00:00 2001 From: Petr Spacek Date: Fri, 14 Feb 2014 15:33:24 +0100 Subject: [PATCH] Add wait_for_dns option to default.conf. This option makes record changes in DNS tree synchronous. IPA calls will wait until new data are visible over DNS protocol. It is intended only for testing - it should prevent tests from failing if there is bigger delay between change in LDAP and DNS. --- ipa-client/man/default.conf.5 | 3 + ipalib/constants.py | 1 + ipalib/errors.py | 18 ++ ipalib/plugins/dns.py | 145 -- 4 files changed, 163 insertions(+), 4 deletions(-) diff --git a/ipa-client/man/default.conf.5 b/ipa-client/man/default.conf.5 index 5d5a48db62cb97e7424b42b6cb70d0c872b2bc34..7e3e02858732789776b9225ae6e9cffeac4004d1 100644 --- a/ipa-client/man/default.conf.5 +++ b/ipa-client/man/default.conf.5 @@ -178,6 +178,9 @@ Used internally in the IPA source package to verify that the API has not changed .B verbose When True provides more information. Specifically this sets the global log level to "info". .TP +.B wait_for_dns +Controls whether the IPA commands dnsrecord\-{add,mod,del} work synchronously or not. The DNS commands will wait up to the specified time until the DNS server returns an up\-to\-date answer to a query for modified records. The DNS commands will return a DNSTimeout exception if the answer doesn't match the expected value after the specified timeout. The DNS queries will be sent to the resolver configured in /etc/resolv.conf on the IPA server. Do not enable this in production! It could cause problems if the resolver on IPA server uses a caching server instead of a local authoritative server. The default is disabled (the option is not present). +.TP .B xmlrpc_uri Specifies the URI of the XML\-RPC server for a client. This may be used by IPA, and is used by some external tools, such as ipa\-getcert. Example: https://ipa.example.com/ipa/xml .TP diff --git a/ipalib/constants.py b/ipalib/constants.py index ae0827729764983675d5ae59bbd16bad1c0805ce..d6955f8cb62822d123f6debcefa4a2f35e40aa96 100644 --- a/ipalib/constants.py +++ b/ipalib/constants.py @@ -139,6 +139,7 @@ DEFAULT_CONFIG = ( ('debug', False), ('startup_traceback', False), ('mode', 'production'), +('wait_for_dns', False), # CA plugin: ('ca_host', FQDN), # Set in Env._finalize_core() diff --git a/ipalib/errors.py b/ipalib/errors.py index 716decb2b41baf5470a1dc23c0cfb5d1c995e5ff..e6563c0a0ea0f65457b942426e45283dd237ed6e 100644 --- a/ipalib/errors.py +++ b/ipalib/errors.py @@ -1512,6 +1512,24 @@ class DatabaseTimeout(DatabaseError): format = _('LDAP timeout') +class DNSTimeout(ExecutionError): +""" +**4212** Raised when an DNS query didn't return expected answer +in expected time period + +For example: + +>>> raise DNSTimeout(expected="zone3.test. 86400 IN A 192.0.2.1", \ + got="zone3.test. 86400 IN A 192.168.1.1") +Traceback (most recent call last): + ... +DNSTimeout: DNS query timeout: Expected {zone3.test. 86400 IN A 192.0.2.1} got {zone3.test. 86400 IN A 192.168.1.1} +""" + +errno = 4212 +format = _('DNS query timeout: Expected {%(expected)s} got {%(got)s}') + + class CertificateError(ExecutionError): """ **4300** Base class for Certificate execution errors (*4300 - 4399*). diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index e7301a9f78466e9a790d26f03bfab757de501ed6..ee330df93e02e895971b7b1090ea969080e072e4 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -24,6 +24,7 @@ import netaddr import time import re import dns.name +import dns.resolver from ipalib.request import context from ipa
Re: [Freeipa-devel] [PATCH 0015] Add wait_for_dns option to default.conf
On Tue, 2014-02-18 at 16:45 +0100, Petr Spacek wrote: > Hello, > > Add wait_for_dns option to default.conf. > > This option makes record changes in DNS tree synchronous. > IPA calls will wait until new data are visible over DNS protocol. > > It is intended only for testing - it should prevent tests from > failing if there is bigger delay between change in LDAP and DNS. > > I would recommend value like 10 seconds. > > __ @@ -2681,7 +2799,13 @@ class dnsrecord_mod(LDAPUpdate): break if del_all: -return self.obj.methods.delentry(*keys, version=options['version']) +result = self.obj.methods.delentry(*keys) I think, version param is missing there -^^ > _ > Freeipa-devel mailing list > Freeipa-devel@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-devel -- Martin^2 Basti ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0015] Add wait_for_dns option to default.conf
On Tue, 2014-02-18 at 17:06 +0100, Petr Viktorin wrote: > On 02/18/2014 04:45 PM, Petr Spacek wrote: > > Hello, > > > > Add wait_for_dns option to default.conf. > > > > This option makes record changes in DNS tree synchronous. > > IPA calls will wait until new data are visible over DNS protocol. > > > > It is intended only for testing - it should prevent tests from > > failing if there is bigger delay between change in LDAP and DNS. > > > > I would recommend value like 10 seconds. > > Here are a few Python nitpicks you requested. It seems to me like a more general TimeoutError would be useful in a broader context. DNSTimeout seems overly narrow to me, unless I'm missing something. Nathaniel ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
Re: [Freeipa-devel] [PATCH 0015] Add wait_for_dns option to default.conf
On 02/18/2014 04:45 PM, Petr Spacek wrote: Hello, Add wait_for_dns option to default.conf. This option makes record changes in DNS tree synchronous. IPA calls will wait until new data are visible over DNS protocol. It is intended only for testing - it should prevent tests from failing if there is bigger delay between change in LDAP and DNS. I would recommend value like 10 seconds. Here are a few Python nitpicks you requested. -- PetrĀ³ From 7ad81ab266754afb1e5b33b459bc92399ff2f09c Mon Sep 17 00:00:00 2001 From: Petr Spacek Date: Fri, 14 Feb 2014 15:33:24 +0100 Subject: [PATCH] Add wait_for_dns option to default.conf. This option makes record changes in DNS tree synchronous. IPA calls will wait until new data are visible over DNS protocol. It is intended only for testing - it should prevent tests from failing if there is bigger delay between change in LDAP and DNS. --- ipa-client/man/default.conf.5 | 3 + ipalib/constants.py | 1 + ipalib/errors.py | 18 ++ ipalib/plugins/dns.py | 145 -- 4 files changed, 163 insertions(+), 4 deletions(-) diff --git a/ipa-client/man/default.conf.5 b/ipa-client/man/default.conf.5 index 5d5a48db62cb97e7424b42b6cb70d0c872b2bc34..7e3e02858732789776b9225ae6e9cffeac4004d1 100644 --- a/ipa-client/man/default.conf.5 +++ b/ipa-client/man/default.conf.5 @@ -178,6 +178,9 @@ Used internally in the IPA source package to verify that the API has not changed .B verbose When True provides more information. Specifically this sets the global log level to "info". .TP +.B wait_for_dns +Controls whether the IPA commands dnsrecord\-{add,mod,del} work synchronously or not. The DNS commands will wait up to the specified time until the DNS server returns an up\-to\-date answer to a query for modified records. The DNS commands will return a DNSTimeout exception if the answer doesn't match the expected value after the specified timeout. The DNS queries will be sent to the resolver configured in /etc/resolv.conf on the IPA server. Do not enable this in production! It could cause problems if the resolver on IPA server uses a caching server instead of a local authoritative server. The default is disabled (the option is not present). +.TP .B xmlrpc_uri Specifies the URI of the XML\-RPC server for a client. This may be used by IPA, and is used by some external tools, such as ipa\-getcert. Example: https://ipa.example.com/ipa/xml .TP diff --git a/ipalib/constants.py b/ipalib/constants.py index ae0827729764983675d5ae59bbd16bad1c0805ce..d6955f8cb62822d123f6debcefa4a2f35e40aa96 100644 --- a/ipalib/constants.py +++ b/ipalib/constants.py @@ -139,6 +139,7 @@ DEFAULT_CONFIG = ( ('debug', False), ('startup_traceback', False), ('mode', 'production'), +('wait_for_dns', False), # CA plugin: ('ca_host', FQDN), # Set in Env._finalize_core() diff --git a/ipalib/errors.py b/ipalib/errors.py index 716decb2b41baf5470a1dc23c0cfb5d1c995e5ff..e6563c0a0ea0f65457b942426e45283dd237ed6e 100644 --- a/ipalib/errors.py +++ b/ipalib/errors.py @@ -1512,6 +1512,24 @@ class DatabaseTimeout(DatabaseError): format = _('LDAP timeout') +class DNSTimeout(ExecutionError): +""" +**4212** Raised when an DNS query didn't return expected answer +in expected time period + +For example: + +>>> raise DNSTimeout(expected="zone3.test. 86400 IN A 192.0.2.1", \ + got="zone3.test. 86400 IN A 192.168.1.1") +Traceback (most recent call last): + ... +DNSTimeout: DNS query timeout: Expected {zone3.test. 86400 IN A 192.0.2.1} got {zone3.test. 86400 IN A 192.168.1.1} +""" + +errno = 4212 +format = _('DNS query timeout: Expected {%(expected)s} got {%(got)s}') + + class CertificateError(ExecutionError): """ **4300** Base class for Certificate execution errors (*4300 - 4399*). diff --git a/ipalib/plugins/dns.py b/ipalib/plugins/dns.py index e7301a9f78466e9a790d26f03bfab757de501ed6..ee330df93e02e895971b7b1090ea969080e072e4 100644 --- a/ipalib/plugins/dns.py +++ b/ipalib/plugins/dns.py @@ -24,6 +24,7 @@ import netaddr import time import re import dns.name +import dns.resolver from ipalib.request import context from ipalib import api, errors, output @@ -2396,6 +2397,112 @@ class dnsrecord(LDAPObject): 'NS record except when located in a zone root ' 'record (RFC 6672, section 2.3)')) +def wait_for_modified_entries(self, entries): +'''Call wait_for_modified_attrs for all entries in given dict. + +:param entries: +Dict {(dns_domain, dns_name): entry_for_wait_for_modified_attrs} +''' +for entry_name, entry in entries.iteritems(): +dns_domain = dns.name.from_text(entry_name[0]) +dns_name = dns.name.from_text(entry_name[1], origin=dns_domain) +self.wait_for_modified_attrs(entry, dns_name, +