[Freeipa-devel] [PATCH] 0017 configure DNA shared config entry to allow connection with GSSAPI
thierry bordaz
tbordaz at redhat.com
Thu Jan 21 17:23:02 UTC 2016
On 01/21/2016 05:38 PM, Martin Babinsky wrote:
> On 01/21/2016 05:22 PM, Rob Crittenden wrote:
>> Martin Babinsky wrote:
>>> On 01/21/2016 01:37 PM, thierry bordaz wrote:
>>
>>> 6.)
>>>
>>> + while attempt != MAX_WAIT:
>>> + try:
>>> + entries = conn.get_entries(sharedcfgdn,
>>> scope=ldap.SCOPE_ONELEVEL, filter='dnaHostname=%s' % self.fqdn)
>>> + break
>>> + except errors.NotFound:
>>> + root_logger.debug("So far enable not find DNA shared
>>> config entry for dnaHostname=%s under %s. Retry in 2sec" % (self.fqdn,
>>> sharedcfgdn))
>>> + attempt = attempt + 1
>>> + time.sleep(2)
>>> + continue
>>> +
>>> + # safety checking
>>> + # there is no return, if there are several entries, as a
>>> workaround of #5510
>>> + if len(entries) != 1:
>>>
>>> I am quite afraid what would happen if the server does not return any
>>> entries until 30 s timeout. The code will then continue to the
>>> condition
>>> which can potentially test an uninitialized variable and blow up with
>>> 'NameError'. This should be handled more robustly, e. g. raise an
>>> exception when a timeout is reached and no entries were returned.
>>
>> I agree, but note that it is a 60s timeout (30 tries x 2 second sleeps).
>>
> Right, looks like I forgot how to math.
>
> I was thinking that this loop could be rewritten in a safer way like
> this:
> """
> for i in range(0, max_wait + 1):
> try:
> entries = conn.get_entries(sharedcfgdn,
> scope=ldap.SCOPE_ONELEVEL, filter='dnaHostname=%s' % self.fqdn)
> break
> except errors.NotFound:
> root_logger.debug("So far enable not find DNA shared
> config entry for dnaHostname=%s under %s. Retry in 2sec" % (self.fqdn,
> sharedcfgdn))
> time.sleep(2)
> else:
> raise RuntimeError("Could not get dnaHostname entries in
> {} seconds".format(max_wait * 2))
> """
>
> the else: branch will be executed only after the iterator (range in
> this case because Py3 compatibility) is exhausted thus handling the
> timeout.
Hello Martin,
Thanks for this very nice code !
I was a bit afraid of aborting a full install if it was not able to
update the localhost shared config, this is why it just logged a
message. Finally, raising an exception is the thing to do.
>
>> This will blow up if something other than NotFound is returned (e.g.
>> connection error), and maybe that's ok.
>>
> Other exceptions do not worry me, only repeated NotFound due to some
> bad magic preventing the entries to appear which can lead to unhandled
> timeout.
>
>> The continue is not needed.
>>
>> rob
>>
>
>
More information about the Freeipa-devel
mailing list