[freeipa PR#2058][opened] [Backport][ipa-4-5] Fix replication races in Dogtag admin code
by tiran
URL: https://github.com/freeipa/freeipa/pull/2058
Author: tiran
Title: #2058: [Backport][ipa-4-5] Fix replication races in Dogtag admin code
Action: opened
PR body:
"""
Manual backport of PR #2051
PR fixes two related issues:
# Fix replication races in Dogtag admin code
DogtagInstance.setup_admin and related methods have multiple LDAP
replication race conditions. The bugs can cause parallel
ipa-replica-install to fail.
The code from __add_admin_to_group() has been changed to use MOD_ADD
ather than search + MOD_REPLACE. The MOD_REPLACE approach can lead to
data loss, when more than one writer changes a group.
setup_admin() now waits until both admin user and group membership have
been replicated to the master peer.
Fixes: https://pagure.io/freeipa/issue/7593
# Improve and fix timeout bug in wait_for_entry()
replication.wait_for_entry() now can wait for an attribute value to
appear on a replica.
Fixed timeout handling caused by bad rounding and comparison. For small
timeouts, the actual time was rounded down. For example for 60 seconds
timeout and fast replica, the query accumulated to about 0.45 seconds
plus 60 seconds sleep. 60.45 is large enough to terminate the loop
"while int(time.time()) < timeout", but not large enough to trigger the
exception in "if int(time.time()) > timeout", because int(60.65) == 60.
Fixes: https://pagure.io/freeipa/issue/7595
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2058/head:pr2058
git checkout pr2058
5 years, 10 months
[freeipa PR#2059][opened] [Backport][ipa-4-6] Fix replication races in Dogtag admin code
by tiran
URL: https://github.com/freeipa/freeipa/pull/2059
Author: tiran
Title: #2059: [Backport][ipa-4-6] Fix replication races in Dogtag admin code
Action: opened
PR body:
"""
Manual backport of PR #2051
PR fixes two related issues:
# Fix replication races in Dogtag admin code
DogtagInstance.setup_admin and related methods have multiple LDAP
replication race conditions. The bugs can cause parallel
ipa-replica-install to fail.
The code from __add_admin_to_group() has been changed to use MOD_ADD
ather than search + MOD_REPLACE. The MOD_REPLACE approach can lead to
data loss, when more than one writer changes a group.
setup_admin() now waits until both admin user and group membership have
been replicated to the master peer.
Fixes: https://pagure.io/freeipa/issue/7593
# Improve and fix timeout bug in wait_for_entry()
replication.wait_for_entry() now can wait for an attribute value to
appear on a replica.
Fixed timeout handling caused by bad rounding and comparison. For small
timeouts, the actual time was rounded down. For example for 60 seconds
timeout and fast replica, the query accumulated to about 0.45 seconds
plus 60 seconds sleep. 60.45 is large enough to terminate the loop
"while int(time.time()) < timeout", but not large enough to trigger the
exception in "if int(time.time()) > timeout", because int(60.65) == 60.
Fixes: https://pagure.io/freeipa/issue/7595
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2059/head:pr2059
git checkout pr2059
5 years, 10 months
[freeipa PR#2051][opened] Fix replication races in Dogtag admin code
by tiran
URL: https://github.com/freeipa/freeipa/pull/2051
Author: tiran
Title: #2051: Fix replication races in Dogtag admin code
Action: opened
PR body:
"""
DogtagInstance.setup_admin and related methods have multiple LDAP
replication race conditions. The bugs can cause parallel
ipa-replica-install to fail.
The code from __add_admin_to_group() has been changed to use MOD_ADD
ather than search + MOD_REPLACE. The MOD_REPLACE approach can lead to
data loss, when more than one writer changes a group.
setup_admin() now waits until both admin user and group membership have
been replicated to the master peer.
Fixes: https://pagure.io/freeipa/issue/7593
Signed-off-by: Christian Heimes <cheimes(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2051/head:pr2051
git checkout pr2051
5 years, 10 months