install: configure dogtag status request timeout #1711
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Configure the status request timeout, i.e. the connect/data timeout
on the HTTP request to get the status of Dogtag.
This configuration is needed in "multiple IP address" scenarios
where this server's hostname has multiple IP addresses but the HTTP
server is only listening on one of them. Without a timeout, if a
"wrong" IP address is tried first, it will take a long time to
timeout, exceeding the overall timeout hence the request will not be
re-tried. Setting a shorter timeout allows the request to be
re-tried.
Note that HSMs cause different behaviour so this value might not be
suitable for when we implement HSM support. It is known that a
value of 5s is too short in HSM environment.
This fix requires pki-core >= 10.6.0, which is already required by
the spec file.
Fixes: https://pagure.io/freeipa/issue/7425