[Freeipa-devel] [PATCH 0015] Add wait_for_dns option to default.conf

Petr Viktorin pviktori at redhat.com
Fri Mar 28 08:37:14 UTC 2014 

On 03/27/2014 05:44 PM, Petr Spacek wrote:
> On 27.3.2014 13:15, Martin Kosek wrote:
>> On 02/20/2014 03:56 PM, Martin Basti wrote:
>>> On Thu, 2014-02-20 at 14:36 +0100, Petr Spacek wrote:
>>>> On 19.2.2014 17:55, Martin Basti wrote:
>>>>> On Wed, 2014-02-19 at 17:10 +0100, Petr Spacek wrote:
>>>>>> On 19.2.2014 15:11, Petr Spacek wrote:
>>>>>>> On 18.2.2014 17:34, Nathaniel McCallum wrote:
>>>>>>>> On Tue, 2014-02-18 at 17:06 +0100, Petr Viktorin wrote:
>>>>>>>>> On 02/18/2014 04:45 PM, Petr Spacek wrote:
>>>>>>>>>> Hello,
>>>>>>>>>>
>>>>>>>>>> Add wait_for_dns option to default.conf.
>>>>>>>>>>
>>>>>>>>>> This option makes record changes in DNS tree synchronous.
>>>>>>>>>> IPA calls will wait until new data are visible over DNS protocol.
>>>>>>>>>>
>>>>>>>>>> It is intended only for testing - it should prevent tests from
>>>>>>>>>> failing if there is bigger delay between change in LDAP and DNS.
>>>>>>>>>>
>>>>>>>>>> I would recommend value like 10 seconds.
>>>>>>>>>
>>>>>>>>> Here are a few Python nitpicks you requested.
>>>>>>>
>>>>>>> Thank you very much. This new version solves problems you found +
>>>>>>> adds proper
>>>>>>> handling for real DNS timeouts.
>>>>>>>
>>>>>>>> It seems to me like a more general TimeoutError would be useful
>>>>>>>> in a
>>>>>>>> broader context. DNSTimeout seems overly narrow to me, unless I'm
>>>>>>>> missing something.
>>>>>>>
>>>>>>> I would like to keep them separate. DNSTimeout shouldn't be
>>>>>>> handled at all
>>>>>>> because it means that your DNS server or database is dead or
>>>>>>> broken in some
>>>>>>> interesting way.
>>>>>>>
>>>>>>> I assume that generic TimeoutError could be interpreted as 'try it
>>>>>>> again'/'failover' or something like that.
>>>>>>>
>>>>>>> Maybe the DNSTimeout is not the best name, I'm open to suggestions.
>>>>>>
>>>>>> I have sent the old version with new name, gggrrr.
>>>>>>
>>>>>> _______________________________________________
>>>>>> Freeipa-devel mailing list
>>>>>> Freeipa-devel at redhat.com
>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>>>>
>>>>> Tests failed:
>>>>> test_dns[92]: dnsrecord_add: Add A record to u'ns2' in zone
>>>>> u'zone3.test' ... ok
>>>>>     File "/usr/lib/python2.7/site-packages/nose/case.py", line 197, in
>>>>> runTest
>>>>>       self.test(*self.arg)
>>>>>     File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line
>>>>> 291, in
>>>>> <lambda>
>>>>>       func = lambda: self.check(nice, **test)
>>>>>     File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line
>>>>> 309, in
>>>>> check
>>>>>       self.check_output(nice, cmd, args, options, expected,
>>>>> extra_check)
>>>>>     File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line
>>>>> 348, in
>>>>> check_output
>>>>>       got = api.Command[cmd](*args, **options)
>>>>>     File "/root/freeipa/ipalib/frontend.py", line 436, in __call__
>>>>>       ret = self.run(*args, **options)
>>>>>     File "/root/freeipa/ipalib/frontend.py", line 761, in run
>>>>>       return self.forward(*args, **options)
>>>>>     File "/root/freeipa/ipalib/frontend.py", line 782, in forward
>>>>>       return self.Backend.rpcclient.forward(self.name, *args, **kw)
>>>>>     File "/root/freeipa/ipalib/rpc.py", line 836, in forward
>>>>>       return self._call_command(command, params)
>>>>>     File "/root/freeipa/ipalib/rpc.py", line 813, in _call_command
>>>>>       return command(*params)
>>>>>     File "/root/freeipa/ipalib/rpc.py", line 951, in _call
>>>>>       return self.__request(name, args)
>>>>>     File "/root/freeipa/ipalib/rpc.py", line 945, in __request
>>>>>       raise error_class(message=error['message'])
>>>>> DNSTimeout: DNS query timeout: Expected {_kerberos.zone2.test.
>>>>> 86400 IN
>>>>> TXT "IDM.LAB.ENG.BRQ.REDHAT.COM"} got {SERVFAIL}
>>>>>
>>>>> ======================================================================
>>>>> ERROR: test_dns[51]: dnsrecord_add: Add NS+DNAME record to
>>>>> u'zone2.test'
>>>>> zone record using dnsrecord_add
>>>>> ----------------------------------------------------------------------
>>>>> Traceback (most recent call last):
>>>>>     File "/usr/lib/python2.7/site-packages/nose/case.py", line 197, in
>>>>> runTest
>>>>>       self.test(*self.arg)
>>>>>     File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line
>>>>> 291, in
>>>>> <lambda>
>>>>>       func = lambda: self.check(nice, **test)
>>>>>     File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line
>>>>> 309, in
>>>>> check
>>>>>       self.check_output(nice, cmd, args, options, expected,
>>>>> extra_check)
>>>>>     File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line
>>>>> 348, in
>>>>> check_output
>>>>>       got = api.Command[cmd](*args, **options)
>>>>>     File "/root/freeipa/ipalib/frontend.py", line 436, in __call__
>>>>>       ret = self.run(*args, **options)
>>>>>     File "/root/freeipa/ipalib/frontend.py", line 761, in run
>>>>>       return self.forward(*args, **options)
>>>>>     File "/root/freeipa/ipalib/frontend.py", line 782, in forward
>>>>>       return self.Backend.rpcclient.forward(self.name, *args, **kw)
>>>>>     File "/root/freeipa/ipalib/rpc.py", line 836, in forward
>>>>>       return self._call_command(command, params)
>>>>>     File "/root/freeipa/ipalib/rpc.py", line 813, in _call_command
>>>>>       return command(*params)
>>>>>     File "/root/freeipa/ipalib/rpc.py", line 951, in _call
>>>>>       return self.__request(name, args)
>>>>>     File "/root/freeipa/ipalib/rpc.py", line 945, in __request
>>>>>       raise error_class(message=error['message'])
>>>>> DNSTimeout: DNS query timeout: Expected {zone2.test. 86400 IN NS
>>>>> ns1.dnszone.test.
>>>>> zone2.test. 86400 IN NS ns1.zone2.test.} got {SERVFAIL}
>>>>>
>>>>> configuration was: wait_for_dns=10
>>>>>
>>>>> All tests passed without wait_for_dns option.
>>>>>
>>>>> Sometimes at first run, I get only error and testing is interrupted.
>>>>
>>>> I hope I covered all corner cases in this version.
>>>>
>>>> I renamed DNSTimeout exception to DNSDataMismatch in hope that it
>>>> will be less
>>>> confusing.
>>>>
>>>
>>> A change in patch was required to pass doctest.
>>> With this change ACK.
>>> Updated patch attached.
>>
>> This patch seems to be in limbo for more than one month now. Do I get
>> it right
>> that it is now clear to be pushed?
>>
>> Is wait_for_dns enabled in our DNS test suite so that it is stable? Do
>> we want
>> it to be enabled?
>
> Ah, good point. In meantime I have released bind-dyndb-ldap 4.x and
> nobody complained

Let me do that then!

>  about race conditions and mysterious errors in test
> suite.

Sometimes (very rarely) there are some mysterious failures in the DNS 
tests. They just don't get noticed too much because the ones from 
automember rebuild are far more frequent.

> Apparently, it is faster than I expected :-)
>
> I will try to finish the patch but I wouldn't enable it if it is not
> necessary.


-- 
Petr³

More information about the Freeipa-devel mailing list