URL: https://github.com/SSSD/sssd/pull/636
Author: pbrezina
Title: #636: failover: tune up default timeouts
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/636/head:pr636
git checkout pr636
From d5b5f29e0e049d773ff36c0e61780e951f1a4934 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Tue, 11 Jun 2019 13:49:13 +0200
Subject: [PATCH 1/4] man: fix description of dns_resolver_op_timeout
---
src/man/include/failover.xml | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/man/include/failover.xml b/src/man/include/failover.xml
index cd6fd4d798..11ff86a388 100644
--- a/src/man/include/failover.xml
+++ b/src/man/include/failover.xml
@@ -77,7 +77,13 @@
</term>
<listitem>
<para>
- How long would SSSD talk to a single DNS server.
+ Time in seconds to tell how long would SSSD try
+ to resolve single DNS query (e.g. resolution of a
+ hostname or an SRV record) before trying the next
+ hostname or discovery domain.
+ </para>
+ <para>
+ Default: 6
</para>
</listitem>
</varlistentry>
From e00dd707286dec4468f3f0a25e3d97686a3688df Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Tue, 11 Jun 2019 13:49:33 +0200
Subject: [PATCH 2/4] man: fix description of dns_resolver_timeout
---
src/man/include/failover.xml | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/man/include/failover.xml b/src/man/include/failover.xml
index 11ff86a388..7b451d8315 100644
--- a/src/man/include/failover.xml
+++ b/src/man/include/failover.xml
@@ -98,6 +98,9 @@
include several steps, such as resolving DNS SRV
queries or locating the site.
</para>
+ <para>
+ Default: 6
+ </para>
</listitem>
</varlistentry>
</variablelist>
From f9ed38b79f3f3b68093e3b50b2c7c856c81b1cf9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Tue, 11 Jun 2019 13:37:23 +0200
Subject: [PATCH 3/4] failover: add dns_resolver_server_timeout option
---
src/man/include/failover.xml | 17 ++++++++++++++++-
src/providers/data_provider.h | 1 +
src/providers/data_provider_fo.c | 3 +++
src/resolv/async_resolv.c | 10 ++++++----
src/resolv/async_resolv.h | 2 +-
5 files changed, 27 insertions(+), 6 deletions(-)
diff --git a/src/man/include/failover.xml b/src/man/include/failover.xml
index 7b451d8315..f2a01b933e 100644
--- a/src/man/include/failover.xml
+++ b/src/man/include/failover.xml
@@ -71,6 +71,20 @@
</citerefentry>,
manual page.
<variablelist>
+ <varlistentry>
+ <term>
+ dns_resolver_server_timeout
+ </term>
+ <listitem>
+ <para>
+ Time in milliseconds that sets how long would SSSD
+ talk to a single DNS server before trying next one.
+ </para>
+ <para>
+ Default: 2000
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term>
dns_resolver_op_timeout
@@ -111,7 +125,8 @@
<quote>ldap_opt_timeout></quote> timeout should be set to
a larger value than <quote>dns_resolver_timeout</quote>
which in turn should be set to a larger value than
- <quote>dns_resolver_op_timeout</quote>.
+ <quote>dns_resolver_op_timeout</quote> which should be larger
+ than <quote>dns_resolver_server_timeout</quote>.
</para>
</refsect2>
</refsect1>
diff --git a/src/providers/data_provider.h b/src/providers/data_provider.h
index a0a21cc123..2d10dbb5bc 100644
--- a/src/providers/data_provider.h
+++ b/src/providers/data_provider.h
@@ -265,6 +265,7 @@ enum dp_res_opts {
DP_RES_OPT_FAMILY_ORDER,
DP_RES_OPT_RESOLVER_TIMEOUT,
DP_RES_OPT_RESOLVER_OP_TIMEOUT,
+ DP_RES_OPT_RESOLVER_SERVER_TIMEOUT,
DP_RES_OPT_DNS_DOMAIN,
DP_RES_OPTS /* attrs counter */
diff --git a/src/providers/data_provider_fo.c b/src/providers/data_provider_fo.c
index 473b667e58..a7af3e2a54 100644
--- a/src/providers/data_provider_fo.c
+++ b/src/providers/data_provider_fo.c
@@ -833,6 +833,7 @@ static struct dp_option dp_res_default_opts[] = {
{ "lookup_family_order", DP_OPT_STRING, { "ipv4_first" }, NULL_STRING },
{ "dns_resolver_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
{ "dns_resolver_op_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
+ { "dns_resolver_server_timeout", DP_OPT_NUMBER, { .number = 2000 }, NULL_NUMBER },
{ "dns_discovery_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING },
DP_OPTION_TERMINATOR
};
@@ -894,6 +895,8 @@ errno_t be_res_init(struct be_ctx *ctx)
ret = resolv_init(ctx, ctx->ev,
dp_opt_get_int(ctx->be_res->opts,
DP_RES_OPT_RESOLVER_OP_TIMEOUT),
+ dp_opt_get_int(ctx->be_res->opts,
+ DP_RES_OPT_RESOLVER_SERVER_TIMEOUT),
&ctx->be_res->resolv);
if (ret != EOK) {
talloc_zfree(ctx->be_res);
diff --git a/src/resolv/async_resolv.c b/src/resolv/async_resolv.c
index bb27011548..b833d72116 100644
--- a/src/resolv/async_resolv.c
+++ b/src/resolv/async_resolv.c
@@ -60,8 +60,6 @@
#define DNS_RR_LEN(r) DNS__16BIT((r) + 8)
#define DNS_RR_TTL(r) DNS__32BIT((r) + 4)
-#define RESOLV_TIMEOUTMS 2000
-
enum host_database default_host_dbs[] = { DB_FILES, DB_DNS, DB_SENTINEL };
struct fd_watch {
@@ -83,6 +81,9 @@ struct resolv_ctx {
/* Time in milliseconds before canceling a DNS request */
int timeout;
+ /* Time in milliseconds for communication with single DNS server. */
+ int ares_timeout;
+
/* The timeout watcher periodically calls ares_process_fd() to check
* if our pending requests didn't timeout. */
int pending_requests;
@@ -423,7 +424,7 @@ recreate_ares_channel(struct resolv_ctx *ctx)
*/
options.sock_state_cb = fd_event;
options.sock_state_cb_data = ctx;
- options.timeout = RESOLV_TIMEOUTMS;
+ options.timeout = ctx->ares_timeout;
/* Only affects ares_gethostbyname */
options.lookups = discard_const("f");
options.tries = 1;
@@ -450,7 +451,7 @@ recreate_ares_channel(struct resolv_ctx *ctx)
int
resolv_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx,
- int timeout, struct resolv_ctx **ctxp)
+ int timeout, int ares_timeout, struct resolv_ctx **ctxp)
{
int ret;
struct resolv_ctx *ctx;
@@ -467,6 +468,7 @@ resolv_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx,
ctx->ev_ctx = ev_ctx;
ctx->timeout = timeout;
+ ctx->ares_timeout = ares_timeout;
ret = recreate_ares_channel(ctx);
if (ret != EOK) {
diff --git a/src/resolv/async_resolv.h b/src/resolv/async_resolv.h
index 90ed037075..d83a7be447 100644
--- a/src/resolv/async_resolv.h
+++ b/src/resolv/async_resolv.h
@@ -52,7 +52,7 @@
struct resolv_ctx;
int resolv_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx,
- int timeout, struct resolv_ctx **ctxp);
+ int timeout, int ares_timeout, struct resolv_ctx **ctxp);
void resolv_reread_configuration(struct resolv_ctx *ctx);
From 9c3eac5a93ba7b18e06d8769b35ad88ef023cfa0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com>
Date: Tue, 11 Jun 2019 14:01:17 +0200
Subject: [PATCH 4/4] failover: change default timeouts
---
src/man/include/failover.xml | 6 +++---
src/man/sssd-ldap.5.xml | 2 +-
src/providers/ad/ad_opts.c | 2 +-
src/providers/data_provider_fo.c | 4 ++--
src/providers/ipa/ipa_opts.c | 2 +-
src/providers/ldap/ldap_opts.c | 2 +-
6 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/src/man/include/failover.xml b/src/man/include/failover.xml
index f2a01b933e..288d91807a 100644
--- a/src/man/include/failover.xml
+++ b/src/man/include/failover.xml
@@ -81,7 +81,7 @@
talk to a single DNS server before trying next one.
</para>
<para>
- Default: 2000
+ Default: 1000
</para>
</listitem>
</varlistentry>
@@ -97,7 +97,7 @@
hostname or discovery domain.
</para>
<para>
- Default: 6
+ Default: 2
</para>
</listitem>
</varlistentry>
@@ -113,7 +113,7 @@
queries or locating the site.
</para>
<para>
- Default: 6
+ Default: 4
</para>
</listitem>
</varlistentry>
diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
index b6496b50f3..a37f81279c 100644
--- a/src/man/sssd-ldap.5.xml
+++ b/src/man/sssd-ldap.5.xml
@@ -1432,7 +1432,7 @@
StartTLS operation.
</para>
<para>
- Default: 6
+ Default: 8
</para>
</listitem>
</varlistentry>
diff --git a/src/providers/ad/ad_opts.c b/src/providers/ad/ad_opts.c
index 978c395ef2..3f7ec08b1d 100644
--- a/src/providers/ad/ad_opts.c
+++ b/src/providers/ad/ad_opts.c
@@ -65,7 +65,7 @@ struct dp_option ad_def_ldap_opts[] = {
{ "ldap_default_authtok", DP_OPT_BLOB, NULL_BLOB, NULL_BLOB },
{ "ldap_search_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
{ "ldap_network_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
- { "ldap_opt_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
+ { "ldap_opt_timeout", DP_OPT_NUMBER, { .number = 8 }, NULL_NUMBER },
{ "ldap_tls_reqcert", DP_OPT_STRING, { "hard" }, NULL_STRING },
{ "ldap_user_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_user_search_scope", DP_OPT_STRING, { "sub" }, NULL_STRING },
diff --git a/src/providers/data_provider_fo.c b/src/providers/data_provider_fo.c
index a7af3e2a54..c634b8d49f 100644
--- a/src/providers/data_provider_fo.c
+++ b/src/providers/data_provider_fo.c
@@ -832,8 +832,8 @@ void _be_fo_set_port_status(struct be_ctx *ctx,
static struct dp_option dp_res_default_opts[] = {
{ "lookup_family_order", DP_OPT_STRING, { "ipv4_first" }, NULL_STRING },
{ "dns_resolver_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
- { "dns_resolver_op_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
- { "dns_resolver_server_timeout", DP_OPT_NUMBER, { .number = 2000 }, NULL_NUMBER },
+ { "dns_resolver_op_timeout", DP_OPT_NUMBER, { .number = 3 }, NULL_NUMBER },
+ { "dns_resolver_server_timeout", DP_OPT_NUMBER, { .number = 1000 }, NULL_NUMBER },
{ "dns_discovery_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING },
DP_OPTION_TERMINATOR
};
diff --git a/src/providers/ipa/ipa_opts.c b/src/providers/ipa/ipa_opts.c
index c38a7da0ed..7974cb8ea0 100644
--- a/src/providers/ipa/ipa_opts.c
+++ b/src/providers/ipa/ipa_opts.c
@@ -76,7 +76,7 @@ struct dp_option ipa_def_ldap_opts[] = {
{ "ldap_default_authtok", DP_OPT_BLOB, NULL_BLOB, NULL_BLOB },
{ "ldap_search_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
{ "ldap_network_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
- { "ldap_opt_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
+ { "ldap_opt_timeout", DP_OPT_NUMBER, { .number = 8 }, NULL_NUMBER },
{ "ldap_tls_reqcert", DP_OPT_STRING, { "hard" }, NULL_STRING },
{ "ldap_user_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_user_search_scope", DP_OPT_STRING, { "sub" }, NULL_STRING },
diff --git a/src/providers/ldap/ldap_opts.c b/src/providers/ldap/ldap_opts.c
index dc56f07125..616934a21e 100644
--- a/src/providers/ldap/ldap_opts.c
+++ b/src/providers/ldap/ldap_opts.c
@@ -36,7 +36,7 @@ struct dp_option default_basic_opts[] = {
{ "ldap_default_authtok", DP_OPT_BLOB, NULL_BLOB, NULL_BLOB },
{ "ldap_search_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
{ "ldap_network_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
- { "ldap_opt_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
+ { "ldap_opt_timeout", DP_OPT_NUMBER, { .number = 8 }, NULL_NUMBER },
{ "ldap_tls_reqcert", DP_OPT_STRING, { "hard" }, NULL_STRING },
{ "ldap_user_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_user_search_scope", DP_OPT_STRING, { "sub" }, NULL_STRING },
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
