Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Increase the timeout waiting for certificate issuance in installer #292

Closed
wants to merge 1 commit into from

Conversation

flo-renaud
Copy link
Contributor

@flo-renaud flo-renaud commented Nov 30, 2016

During the server installation, the installer requests certificates
through certmonger. The current timeout is 60s and is too low.
Increase this timeout to 120s (the code checks the status each 5s
up to the timeout value).

https://fedorahosted.org/freeipa/ticket/6433

@martbab
Copy link
Contributor

martbab commented Dec 1, 2016

@jcholast would it make sense to move this value into ipalib.constants and make it configurable?

@MartinBasti
Copy link
Contributor

+1

@flo-renaud
Copy link
Contributor Author

@martbab @mbasti-rh: I checked the code and some parts already use api.env.startup_timeout for certmonger requests (in ipa_certupdate.py or ipa_cacert_manage.py for instance). Is it OK for you if I replace my hardcoded value with api.env.startup_timeout?

@martbab
Copy link
Contributor

martbab commented Dec 5, 2016

IMHO anything is better than hardcoded values so you have my blessing.

@@ -309,7 +310,8 @@ def request_and_wait_for_cert(
reqId = request_cert(nssdb, nickname, subject, principal,
passwd_fname, dns, ca, profile,
pre_command, post_command)
state = wait_for_request(reqId, timeout=60)
timeout = api.env.startup_timeout + 60
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I still see hardcoded value (60)

AFAIK startup_timeout is 5 minutes yb default, so there is no need for additional 60 seconds

During the server installation, the installer requests certificates
through certmonger. The current timeout is 60s and is too low.
Increase this timeout to api.env.startup_timeout as done in
ipa_cacert_manage or ipa_certupdate.py
(the code checks the status each 5s up to the timeout value).

https://fedorahosted.org/freeipa/ticket/6433
@MartinBasti MartinBasti added the ack Pull Request approved, can be merged label Dec 7, 2016
@MartinBasti
Copy link
Contributor

@MartinBasti MartinBasti added the pushed Pull Request has already been pushed label Dec 7, 2016
@MartinBasti MartinBasti closed this Dec 7, 2016
@flo-renaud flo-renaud deleted the certlock branch March 14, 2017 07:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
ack Pull Request approved, can be merged pushed Pull Request has already been pushed
Projects
None yet
3 participants