Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

install: configure dogtag status request timeout #1711

Closed
wants to merge 1 commit into from
Closed

install: configure dogtag status request timeout #1711

wants to merge 1 commit into from

Conversation

frasertweedale
Copy link
Contributor

@frasertweedale frasertweedale commented Mar 20, 2018
edited by tiran

Configure the status request timeout, i.e. the connect/data timeout
on the HTTP request to get the status of Dogtag.

This configuration is needed in "multiple IP address" scenarios
where this server's hostname has multiple IP addresses but the HTTP
server is only listening on one of them. Without a timeout, if a
"wrong" IP address is tried first, it will take a long time to
timeout, exceeding the overall timeout hence the request will not be
re-tried. Setting a shorter timeout allows the request to be
re-tried.

Note that HSMs cause different behaviour so this value might not be
suitable for when we implement HSM support. It is known that a
value of 5s is too short in HSM environment.

This fix requires pki-core >= 10.6.0, which is already required by
the spec file.

Fixes: https://pagure.io/freeipa/issue/7425

@frasertweedale
install: configure dogtag status request timeout
7d60500 
Configure the status request timeout, i.e. the connect/data timeout
on the HTTP request to get the status of Dogtag.

This configuration is needed in "multiple IP address" scenarios
where this server's hostname has multiple IP addresses but the HTTP
server is only listening on one of them.  Without a timeout, if a
"wrong" IP address is tried first, it will take a long time to
timeout, exceeding the overall timeout hence the request will not be
re-tried.  Setting a shorter timeout allows the request to be
re-tried.

Note that HSMs cause different behaviour so this value might not be
suitable for when we implement HSM support.  It is known that a
value of 5s is too short in HSM environment.

This fix requires pki-core >= 10.6.0, which is already required by
the spec file.

Fixes: https://pagure.io/freeipa/issue/7425
@flo-renaud flo-renaud self-assigned this Mar 20, 2018
@flo-renaud
Copy link
Contributor

Hi @frasertweedale
thank you for the patch, works fine for me. I tested the server installation with a non-existing IP address, no issue during CA installation and configuration.

@flo-renaud flo-renaud added the ack Pull Request approved, can be merged label Mar 20, 2018
@tiran
Copy link
Member

tiran commented Mar 20, 2018

master:

  • 83c173c install: configure dogtag status request timeout

@tiran tiran added the pushed Pull Request has already been pushed label Mar 20, 2018
@tiran tiran closed this Mar 20, 2018
@frasertweedale frasertweedale deleted the fix/7425-install-dns-new-ip branch March 20, 2018 12:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@flo-renaud flo-renaud

Labels
ack Pull Request approved, can be merged pushed Pull Request has already been pushed
Projects
None yet
Milestone
No milestone
3 participants
@frasertweedale @flo-renaud @tiran