[Freeipa-devel] [PATCH 0015] Add wait_for_dns option to default.conf

Petr Spacek pspacek at redhat.com
Thu Mar 27 16:44:27 UTC 2014 

On 27.3.2014 13:15, Martin Kosek wrote:
> On 02/20/2014 03:56 PM, Martin Basti wrote:
>> On Thu, 2014-02-20 at 14:36 +0100, Petr Spacek wrote:
>>> On 19.2.2014 17:55, Martin Basti wrote:
>>>> On Wed, 2014-02-19 at 17:10 +0100, Petr Spacek wrote:
>>>>> On 19.2.2014 15:11, Petr Spacek wrote:
>>>>>> On 18.2.2014 17:34, Nathaniel McCallum wrote:
>>>>>>> On Tue, 2014-02-18 at 17:06 +0100, Petr Viktorin wrote:
>>>>>>>> On 02/18/2014 04:45 PM, Petr Spacek wrote:
>>>>>>>>> Hello,
>>>>>>>>>
>>>>>>>>> Add wait_for_dns option to default.conf.
>>>>>>>>>
>>>>>>>>> This option makes record changes in DNS tree synchronous.
>>>>>>>>> IPA calls will wait until new data are visible over DNS protocol.
>>>>>>>>>
>>>>>>>>> It is intended only for testing - it should prevent tests from
>>>>>>>>> failing if there is bigger delay between change in LDAP and DNS.
>>>>>>>>>
>>>>>>>>> I would recommend value like 10 seconds.
>>>>>>>>
>>>>>>>> Here are a few Python nitpicks you requested.
>>>>>>
>>>>>> Thank you very much. This new version solves problems you found + adds proper
>>>>>> handling for real DNS timeouts.
>>>>>>
>>>>>>> It seems to me like a more general TimeoutError would be useful in a
>>>>>>> broader context. DNSTimeout seems overly narrow to me, unless I'm
>>>>>>> missing something.
>>>>>>
>>>>>> I would like to keep them separate. DNSTimeout shouldn't be handled at all
>>>>>> because it means that your DNS server or database is dead or broken in some
>>>>>> interesting way.
>>>>>>
>>>>>> I assume that generic TimeoutError could be interpreted as 'try it
>>>>>> again'/'failover' or something like that.
>>>>>>
>>>>>> Maybe the DNSTimeout is not the best name, I'm open to suggestions.
>>>>>
>>>>> I have sent the old version with new name, gggrrr.
>>>>>
>>>>> _______________________________________________
>>>>> Freeipa-devel mailing list
>>>>> Freeipa-devel at redhat.com
>>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>>>
>>>> Tests failed:
>>>> test_dns[92]: dnsrecord_add: Add A record to u'ns2' in zone
>>>> u'zone3.test' ... ok
>>>>     File "/usr/lib/python2.7/site-packages/nose/case.py", line 197, in
>>>> runTest
>>>>       self.test(*self.arg)
>>>>     File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 291, in
>>>> <lambda>
>>>>       func = lambda: self.check(nice, **test)
>>>>     File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 309, in
>>>> check
>>>>       self.check_output(nice, cmd, args, options, expected, extra_check)
>>>>     File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 348, in
>>>> check_output
>>>>       got = api.Command[cmd](*args, **options)
>>>>     File "/root/freeipa/ipalib/frontend.py", line 436, in __call__
>>>>       ret = self.run(*args, **options)
>>>>     File "/root/freeipa/ipalib/frontend.py", line 761, in run
>>>>       return self.forward(*args, **options)
>>>>     File "/root/freeipa/ipalib/frontend.py", line 782, in forward
>>>>       return self.Backend.rpcclient.forward(self.name, *args, **kw)
>>>>     File "/root/freeipa/ipalib/rpc.py", line 836, in forward
>>>>       return self._call_command(command, params)
>>>>     File "/root/freeipa/ipalib/rpc.py", line 813, in _call_command
>>>>       return command(*params)
>>>>     File "/root/freeipa/ipalib/rpc.py", line 951, in _call
>>>>       return self.__request(name, args)
>>>>     File "/root/freeipa/ipalib/rpc.py", line 945, in __request
>>>>       raise error_class(message=error['message'])
>>>> DNSTimeout: DNS query timeout: Expected {_kerberos.zone2.test. 86400 IN
>>>> TXT "IDM.LAB.ENG.BRQ.REDHAT.COM"} got {SERVFAIL}
>>>>
>>>> ======================================================================
>>>> ERROR: test_dns[51]: dnsrecord_add: Add NS+DNAME record to u'zone2.test'
>>>> zone record using dnsrecord_add
>>>> ----------------------------------------------------------------------
>>>> Traceback (most recent call last):
>>>>     File "/usr/lib/python2.7/site-packages/nose/case.py", line 197, in
>>>> runTest
>>>>       self.test(*self.arg)
>>>>     File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 291, in
>>>> <lambda>
>>>>       func = lambda: self.check(nice, **test)
>>>>     File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 309, in
>>>> check
>>>>       self.check_output(nice, cmd, args, options, expected, extra_check)
>>>>     File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line 348, in
>>>> check_output
>>>>       got = api.Command[cmd](*args, **options)
>>>>     File "/root/freeipa/ipalib/frontend.py", line 436, in __call__
>>>>       ret = self.run(*args, **options)
>>>>     File "/root/freeipa/ipalib/frontend.py", line 761, in run
>>>>       return self.forward(*args, **options)
>>>>     File "/root/freeipa/ipalib/frontend.py", line 782, in forward
>>>>       return self.Backend.rpcclient.forward(self.name, *args, **kw)
>>>>     File "/root/freeipa/ipalib/rpc.py", line 836, in forward
>>>>       return self._call_command(command, params)
>>>>     File "/root/freeipa/ipalib/rpc.py", line 813, in _call_command
>>>>       return command(*params)
>>>>     File "/root/freeipa/ipalib/rpc.py", line 951, in _call
>>>>       return self.__request(name, args)
>>>>     File "/root/freeipa/ipalib/rpc.py", line 945, in __request
>>>>       raise error_class(message=error['message'])
>>>> DNSTimeout: DNS query timeout: Expected {zone2.test. 86400 IN NS
>>>> ns1.dnszone.test.
>>>> zone2.test. 86400 IN NS ns1.zone2.test.} got {SERVFAIL}
>>>>
>>>> configuration was: wait_for_dns=10
>>>>
>>>> All tests passed without wait_for_dns option.
>>>>
>>>> Sometimes at first run, I get only error and testing is interrupted.
>>>
>>> I hope I covered all corner cases in this version.
>>>
>>> I renamed DNSTimeout exception to DNSDataMismatch in hope that it will be less
>>> confusing.
>>>
>>
>> A change in patch was required to pass doctest.
>> With this change ACK.
>> Updated patch attached.
>
> This patch seems to be in limbo for more than one month now. Do I get it right
> that it is now clear to be pushed?
>
> Is wait_for_dns enabled in our DNS test suite so that it is stable? Do we want
> it to be enabled?

Ah, good point. In meantime I have released bind-dyndb-ldap 4.x and nobody 
complained about race conditions and mysterious errors in test suite.

Apparently, it is faster than I expected :-)

I will try to finish the patch but I wouldn't enable it if it is not necessary.

-- 
Petr^2 Spacek

More information about the Freeipa-devel mailing list