[Freeipa-devel] [PATCH 0015] Add wait_for_dns option to default.conf

Martin Kosek mkosek at redhat.com
Fri Mar 28 08:43:46 UTC 2014 

On 03/28/2014 09:37 AM, Petr Viktorin wrote:
> On 03/27/2014 05:44 PM, Petr Spacek wrote:
>> On 27.3.2014 13:15, Martin Kosek wrote:
>>> On 02/20/2014 03:56 PM, Martin Basti wrote:
>>>> On Thu, 2014-02-20 at 14:36 +0100, Petr Spacek wrote:
>>>>> On 19.2.2014 17:55, Martin Basti wrote:
>>>>>> On Wed, 2014-02-19 at 17:10 +0100, Petr Spacek wrote:
>>>>>>> On 19.2.2014 15:11, Petr Spacek wrote:
>>>>>>>> On 18.2.2014 17:34, Nathaniel McCallum wrote:
>>>>>>>>> On Tue, 2014-02-18 at 17:06 +0100, Petr Viktorin wrote:
>>>>>>>>>> On 02/18/2014 04:45 PM, Petr Spacek wrote:
>>>>>>>>>>> Hello,
>>>>>>>>>>>
>>>>>>>>>>> Add wait_for_dns option to default.conf.
>>>>>>>>>>>
>>>>>>>>>>> This option makes record changes in DNS tree synchronous.
>>>>>>>>>>> IPA calls will wait until new data are visible over DNS protocol.
>>>>>>>>>>>
>>>>>>>>>>> It is intended only for testing - it should prevent tests from
>>>>>>>>>>> failing if there is bigger delay between change in LDAP and DNS.
>>>>>>>>>>>
>>>>>>>>>>> I would recommend value like 10 seconds.
>>>>>>>>>>
>>>>>>>>>> Here are a few Python nitpicks you requested.
>>>>>>>>
>>>>>>>> Thank you very much. This new version solves problems you found +
>>>>>>>> adds proper
>>>>>>>> handling for real DNS timeouts.
>>>>>>>>
>>>>>>>>> It seems to me like a more general TimeoutError would be useful
>>>>>>>>> in a
>>>>>>>>> broader context. DNSTimeout seems overly narrow to me, unless I'm
>>>>>>>>> missing something.
>>>>>>>>
>>>>>>>> I would like to keep them separate. DNSTimeout shouldn't be
>>>>>>>> handled at all
>>>>>>>> because it means that your DNS server or database is dead or
>>>>>>>> broken in some
>>>>>>>> interesting way.
>>>>>>>>
>>>>>>>> I assume that generic TimeoutError could be interpreted as 'try it
>>>>>>>> again'/'failover' or something like that.
>>>>>>>>
>>>>>>>> Maybe the DNSTimeout is not the best name, I'm open to suggestions.
>>>>>>>
>>>>>>> I have sent the old version with new name, gggrrr.
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Freeipa-devel mailing list
>>>>>>> Freeipa-devel at redhat.com
>>>>>>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>>>>>
>>>>>> Tests failed:
>>>>>> test_dns[92]: dnsrecord_add: Add A record to u'ns2' in zone
>>>>>> u'zone3.test' ... ok
>>>>>>     File "/usr/lib/python2.7/site-packages/nose/case.py", line 197, in
>>>>>> runTest
>>>>>>       self.test(*self.arg)
>>>>>>     File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line
>>>>>> 291, in
>>>>>> <lambda>
>>>>>>       func = lambda: self.check(nice, **test)
>>>>>>     File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line
>>>>>> 309, in
>>>>>> check
>>>>>>       self.check_output(nice, cmd, args, options, expected,
>>>>>> extra_check)
>>>>>>     File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line
>>>>>> 348, in
>>>>>> check_output
>>>>>>       got = api.Command[cmd](*args, **options)
>>>>>>     File "/root/freeipa/ipalib/frontend.py", line 436, in __call__
>>>>>>       ret = self.run(*args, **options)
>>>>>>     File "/root/freeipa/ipalib/frontend.py", line 761, in run
>>>>>>       return self.forward(*args, **options)
>>>>>>     File "/root/freeipa/ipalib/frontend.py", line 782, in forward
>>>>>>       return self.Backend.rpcclient.forward(self.name, *args, **kw)
>>>>>>     File "/root/freeipa/ipalib/rpc.py", line 836, in forward
>>>>>>       return self._call_command(command, params)
>>>>>>     File "/root/freeipa/ipalib/rpc.py", line 813, in _call_command
>>>>>>       return command(*params)
>>>>>>     File "/root/freeipa/ipalib/rpc.py", line 951, in _call
>>>>>>       return self.__request(name, args)
>>>>>>     File "/root/freeipa/ipalib/rpc.py", line 945, in __request
>>>>>>       raise error_class(message=error['message'])
>>>>>> DNSTimeout: DNS query timeout: Expected {_kerberos.zone2.test.
>>>>>> 86400 IN
>>>>>> TXT "IDM.LAB.ENG.BRQ.REDHAT.COM"} got {SERVFAIL}
>>>>>>
>>>>>> ======================================================================
>>>>>> ERROR: test_dns[51]: dnsrecord_add: Add NS+DNAME record to
>>>>>> u'zone2.test'
>>>>>> zone record using dnsrecord_add
>>>>>> ----------------------------------------------------------------------
>>>>>> Traceback (most recent call last):
>>>>>>     File "/usr/lib/python2.7/site-packages/nose/case.py", line 197, in
>>>>>> runTest
>>>>>>       self.test(*self.arg)
>>>>>>     File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line
>>>>>> 291, in
>>>>>> <lambda>
>>>>>>       func = lambda: self.check(nice, **test)
>>>>>>     File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line
>>>>>> 309, in
>>>>>> check
>>>>>>       self.check_output(nice, cmd, args, options, expected,
>>>>>> extra_check)
>>>>>>     File "/root/freeipa/ipatests/test_xmlrpc/xmlrpc_test.py", line
>>>>>> 348, in
>>>>>> check_output
>>>>>>       got = api.Command[cmd](*args, **options)
>>>>>>     File "/root/freeipa/ipalib/frontend.py", line 436, in __call__
>>>>>>       ret = self.run(*args, **options)
>>>>>>     File "/root/freeipa/ipalib/frontend.py", line 761, in run
>>>>>>       return self.forward(*args, **options)
>>>>>>     File "/root/freeipa/ipalib/frontend.py", line 782, in forward
>>>>>>       return self.Backend.rpcclient.forward(self.name, *args, **kw)
>>>>>>     File "/root/freeipa/ipalib/rpc.py", line 836, in forward
>>>>>>       return self._call_command(command, params)
>>>>>>     File "/root/freeipa/ipalib/rpc.py", line 813, in _call_command
>>>>>>       return command(*params)
>>>>>>     File "/root/freeipa/ipalib/rpc.py", line 951, in _call
>>>>>>       return self.__request(name, args)
>>>>>>     File "/root/freeipa/ipalib/rpc.py", line 945, in __request
>>>>>>       raise error_class(message=error['message'])
>>>>>> DNSTimeout: DNS query timeout: Expected {zone2.test. 86400 IN NS
>>>>>> ns1.dnszone.test.
>>>>>> zone2.test. 86400 IN NS ns1.zone2.test.} got {SERVFAIL}
>>>>>>
>>>>>> configuration was: wait_for_dns=10
>>>>>>
>>>>>> All tests passed without wait_for_dns option.
>>>>>>
>>>>>> Sometimes at first run, I get only error and testing is interrupted.
>>>>>
>>>>> I hope I covered all corner cases in this version.
>>>>>
>>>>> I renamed DNSTimeout exception to DNSDataMismatch in hope that it
>>>>> will be less
>>>>> confusing.
>>>>>
>>>>
>>>> A change in patch was required to pass doctest.
>>>> With this change ACK.
>>>> Updated patch attached.
>>>
>>> This patch seems to be in limbo for more than one month now. Do I get
>>> it right
>>> that it is now clear to be pushed?
>>>
>>> Is wait_for_dns enabled in our DNS test suite so that it is stable? Do
>>> we want
>>> it to be enabled?
>>
>> Ah, good point. In meantime I have released bind-dyndb-ldap 4.x and
>> nobody complained
> 
> Let me do that then!
> 
>>  about race conditions and mysterious errors in test
>> suite.
> 
> Sometimes (very rarely) there are some mysterious failures in the DNS tests.
> They just don't get noticed too much because the ones from automember rebuild
> are far more frequent.

Yes, I suspect they may be caused by the issue you tried to fix. I would really
like having our tests stable and not dependent on the right timing. Therefore,
if your patch makes that happen and is OK, I would prefer to merge it + enable
it for our test suite.

Martin

More information about the Freeipa-devel mailing list