We had a hard-coded timeout of five seconds for DNS lookups in the
async resolver. This patch adds an option 'dns_resolver_timeout'
to specify this value (Default: 5)
--
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
From 2f71d8880e2420a2b295b72f8323356917f35da9 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgall...@redhat.com>
Date: Mon, 26 Apr 2010 13:02:04 -0400
Subject: [PATCH] Add dns_resolver_timeout option
We had a hard-coded timeout of five seconds for DNS lookups in the
async resolver. This patch adds an option 'dns_resolver_timeout'
to specify this value (Default: 5)
---
src/confdb/confdb.h | 1 +
src/config/SSSDConfig.py | 1 +
src/config/SSSDConfigTest.py | 2 ++
src/config/etc/sssd.api.conf | 1 +
src/man/sssd.conf.5.xml | 15 +++++++++++++++
src/providers/data_provider_fo.c | 10 +++++++++-
src/resolv/async_resolv.c | 6 +++++-
7 files changed, 34 insertions(+), 2 deletions(-)
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index 452fbdc9a7da82b8a88efc74055fba1f541de7d1..3543f43b06222ecd38bc4301cdf10f2044844fef 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -100,6 +100,7 @@
#define CONFDB_DOMAIN_MPG "magic_private_groups"
#define CONFDB_DOMAIN_FQ "use_fully_qualified_names"
#define CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT "entry_cache_timeout"
+#define CONFDB_DOMAIN_RESOLV_TIMEOUT "dns_resolver_timeout"
#define CONFDB_DOMAIN_FAMILY_ORDER "lookup_family_order"
#define CONFDB_DOMAIN_ACCOUNT_CACHE_EXPIRATION "account_cache_expiration"
diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py
index d4256d1e0b2b609247abc20aac4128f92e3ae7de..b88c09628b79234991f203190486562a4c35bc68 100644
--- a/src/config/SSSDConfig.py
+++ b/src/config/SSSDConfig.py
@@ -81,6 +81,7 @@ option_strings = {
'entry_cache_timeout' : _('Entry cache timeout length (seconds)'),
'lookup_family_order' : _('Restrict or prefer a specific address family when performing DNS lookups'),
'account_cache_expiration' : _('How long to keep cached entries after last successful login (days)'),
+ 'dns_resolver_timeout' : _('How long to wait for replies from DNS when resolving servers (seconds)'),
# [provider/ipa]
'ipa_domain' : _('IPA domain'),
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index 127ad22cfd8ae3e75a9a365adb2f1054f21152d4..e8899653421a1214ffe35a3ff17ef2ecef2dff91 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -478,6 +478,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
'entry_cache_timeout',
'lookup_family_order',
'account_cache_expiration',
+ 'dns_resolver_timeout',
'id_provider',
'auth_provider',
'access_provider',
@@ -794,6 +795,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
'entry_cache_timeout',
'account_cache_expiration',
'lookup_family_order',
+ 'dns_resolver_timeout',
'id_provider',
'auth_provider',
'access_provider',
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index 3347d9fa4581c74d36a8c7d95c84e45553c093bf..7d0e20c7743642d19f98397a4512e6c02cae5fe3 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -58,6 +58,7 @@ lookup_family_order = str, None, false
account_cache_expiration = int, None, false
filter_users = list, str, false
filter_groups = list, str, false
+dns_resolver_timeout = int, None, false
# Special providers
[provider/permit]
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index daf61afc42066204b0413d4deec31c643a0b8a97..ac388554bf47f4a4b052e547742eb26e03799de2 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -641,6 +641,21 @@
</para>
</listitem>
</varlistentry>
+
+ <varlistentry>
+ <term>dns_resolver_timeout (integer)</term>
+ <listitem>
+ <para>
+ Defines the amount of time (in seconds) to wait for a reply from
+ the DNS resolver before assuming that it is unreachable. If this
+ timeout is reached, the domain will continue to operate in
+ offline mode.
+ </para>
+ <para>
+ Default: 5
+ </para>
+ </listitem>
+ </varlistentry>
</variablelist>
</para>
diff --git a/src/providers/data_provider_fo.c b/src/providers/data_provider_fo.c
index 482f74446919f57c26a623d870759a3dd426ef69..cbdb78624d42b7be0c12a4eac1890a7daa04a8ef 100644
--- a/src/providers/data_provider_fo.c
+++ b/src/providers/data_provider_fo.c
@@ -93,6 +93,7 @@ static int be_fo_get_options(TALLOC_CTX *mem_ctx, struct be_ctx *ctx,
int be_init_failover(struct be_ctx *ctx)
{
int ret;
+ int fo_timeout;
struct fo_options fopts;
if (ctx->be_fo != NULL) {
@@ -104,7 +105,14 @@ int be_init_failover(struct be_ctx *ctx)
return ENOMEM;
}
- ret = resolv_init(ctx, ctx->ev, 5, &ctx->be_fo->resolv);
+ ret = confdb_get_int(ctx->cdb, ctx, ctx->conf_path,
+ CONFDB_DOMAIN_RESOLV_TIMEOUT,
+ 5, &fo_timeout);
+ if (ret != EOK) {
+ return ret;
+ }
+
+ ret = resolv_init(ctx, ctx->ev, fo_timeout, &ctx->be_fo->resolv);
if (ret != EOK) {
talloc_zfree(ctx->be_fo);
return ret;
diff --git a/src/resolv/async_resolv.c b/src/resolv/async_resolv.c
index d0c5b7a33b148a4ecadf0a36e99066f74683e3fd..81459fddaab44afed78717b80e00793bd571a69a 100644
--- a/src/resolv/async_resolv.c
+++ b/src/resolv/async_resolv.c
@@ -325,7 +325,7 @@ recreate_ares_channel(struct resolv_ctx *ctx)
DEBUG(4, ("Initializing new c-ares channel\n"));
/* FIXME: the options would contain
* the nameservers to contact, the domains
- * to search, timeout... => get from confdb
+ * to search... => get from confdb
*/
options.sock_state_cb = fd_event;
options.sock_state_cb_data = ctx;
@@ -358,6 +358,10 @@ resolv_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx,
int ret;
struct resolv_ctx *ctx;
+ if (timeout < 1) {
+ return EINVAL;
+ }
+
ctx = talloc_zero(mem_ctx, struct resolv_ctx);
if (ctx == NULL)
return ENOMEM;
--
1.7.0.1
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
