URL: https://github.com/freeipa/freeipa/pull/2058 Author: tiran Title: #2058: [Backport][ipa-4-5] Fix replication races in Dogtag admin code Action: opened
PR body: """ Manual backport of PR #2051
PR fixes two related issues:
# Fix replication races in Dogtag admin code
DogtagInstance.setup_admin and related methods have multiple LDAP replication race conditions. The bugs can cause parallel ipa-replica-install to fail.
The code from __add_admin_to_group() has been changed to use MOD_ADD ather than search + MOD_REPLACE. The MOD_REPLACE approach can lead to data loss, when more than one writer changes a group.
setup_admin() now waits until both admin user and group membership have been replicated to the master peer.
Fixes: https://pagure.io/freeipa/issue/7593
# Improve and fix timeout bug in wait_for_entry()
replication.wait_for_entry() now can wait for an attribute value to appear on a replica.
Fixed timeout handling caused by bad rounding and comparison. For small timeouts, the actual time was rounded down. For example for 60 seconds timeout and fast replica, the query accumulated to about 0.45 seconds plus 60 seconds sleep. 60.45 is large enough to terminate the loop "while int(time.time()) < timeout", but not large enough to trigger the exception in "if int(time.time()) > timeout", because int(60.65) == 60.
Fixes: https://pagure.io/freeipa/issue/7595 """
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2058/head:pr2058 git checkout pr2058
URL: https://github.com/freeipa/freeipa/pull/2058 Author: tiran Title: #2058: [Backport][ipa-4-5] Fix replication races in Dogtag admin code Action: closed
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2058/head:pr2058 git checkout pr2058
freeipa-devel@lists.fedorahosted.org