Try multiple times to untrack certificates in certmonger

certmonger would occassionally fail attempting to connect to dbus to stop tracking certmonger certificates. This was almost, if not entirely, exclusive to PR-CI. During debugging it was seen that the certmonger dbus API was available after a failure. This suggests that the dbus socket needed time to wake up, so try multiple times. In testing it appears to only require one additional attempt with no intervening sleep. https://pagure.io/freeipa/issue/8533 Signed-off-by: Rob Crittenden <rcritten@redhat.com>
freeipa · Feb 10, 2021 · 5fb33d3 · 5fb33d3
1 parent 3813208
commit 5fb33d3
Showing 1 changed file with 24 additions and 1 deletion.
diff --git a/ipalib/install/certmonger.py b/ipalib/install/certmonger.py
@@ -599,21 +599,44 @@ def stop_tracking(secdir=None, request_id=None, nickname=None, certfile=None):
         raise RuntimeError("Can't specify both secdir and certfile.")
 
     criteria = dict()
+    msg = None
     if secdir:
         criteria['cert-database'] = secdir
     if request_id:
         criteria['nickname'] = request_id
+        msg = request_id
     if nickname:
         criteria['cert-nickname'] = nickname
+        msg = f'{nickname}:{secdir}'
     if certfile:
         criteria['cert-file'] = certfile
+        msg = certfile
     try:
         request = _get_request(criteria)
     except RuntimeError as e:
         logger.error('Failed to get request: %s', e)
         raise
     if request:
-        request.parent.obj_if.remove_request(request.path)
+        done = False
+        exc = None
+        for i in range(5):
+            logger.debug('Attempt %d to stop tracking for %s', i + 1, msg)
+            try:
+                request.parent.obj_if.remove_request(request.path)
+                logger.debug('stop tracking successful')
+                done = True
+                break
+            except dbus.exceptions.DBusException as e:
+                if 'no_such_entry' in e.get_dbus_name():
+                    # We asked certmonger for an entry and it returned
+                    # a path that it now says doesn't exist. Stop
+                    # trying.
+                    done = True
+                    break
+                logger.debug(e)
+                exc = e
+        if not done:
+            raise exc
 
 
 def modify(request_id, ca=None, profile=None, template_v2=None):