diff options
| author | Petr Spacek <pspacek@redhat.com> | 2016-06-20 18:23:51 +0200 |
|---|---|---|
| committer | Martin Basti <mbasti@redhat.com> | 2016-06-20 20:03:47 +0200 |
| commit | b6bab8d4e0d6f4715ef353b6944c85c5e88d44ab (patch) | |
| tree | 2d22279d9ee68a3d473f2c56d173d4d57a3c3bb3 /ipaserver/dns_data_management.py | |
| parent | 0ba9e72057bd372a7cf8ee51d1521ec5d11069d5 (diff) | |
| download | freeipa-b6bab8d4e0d6f4715ef353b6944c85c5e88d44ab.tar.gz freeipa-b6bab8d4e0d6f4715ef353b6944c85c5e88d44ab.tar.xz freeipa-b6bab8d4e0d6f4715ef353b6944c85c5e88d44ab.zip | |
DNS Locations: make ipa-ca record generation more robust
__add_ca_records_from_hostname() now skips over DNS exceptions and
retries resolution until timeout of 120 seconds is reached.
Luckily current logic fails safe: In cases where resolution failed for
all the CA servers, the resulting zone object will not contain ipa-ca
record at all and the update logic will skip update for this name.
I.e. the original values in ipa-ca record set will be left in place.
https://fedorahosted.org/freeipa/ticket/2008
Reviewed-By: Martin Basti <mbasti@redhat.com>
Diffstat (limited to 'ipaserver/dns_data_management.py')
| -rw-r--r-- | ipaserver/dns_data_management.py | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/ipaserver/dns_data_management.py b/ipaserver/dns_data_management.py index 3ca40c785..a9e9c0a38 100644 --- a/ipaserver/dns_data_management.py +++ b/ipaserver/dns_data_management.py @@ -12,12 +12,16 @@ from dns import ( rdatatype, zone, ) +from dns.exception import DNSException from dns.rdtypes.IN.SRV import SRV from dns.rdtypes.ANY.TXT import TXT +from time import sleep, time + from ipalib import errors from ipalib.dns import record_name_format from ipapython.dnsutil import DNSName, resolve_rrsets +from ipapython.ipa_log_manager import root_logger if six.PY3: unicode=str @@ -134,7 +138,22 @@ class IPASystemRecords(object): def __add_ca_records_from_hostname(self, zone_obj, hostname): assert isinstance(hostname, DNSName) and hostname.is_absolute() r_name = DNSName('ipa-ca') + self.domain_abs - rrsets = resolve_rrsets(hostname, (rdatatype.A, rdatatype.AAAA)) + rrsets = [] + end_time = time() + 120 # timeout in seconds + while time() < end_time: + try: + rrsets = resolve_rrsets(hostname, (rdatatype.A, rdatatype.AAAA)) + except DNSException: # logging is done inside resolve_rrsets + pass + if rrsets: + break + sleep(5) + + if not rrsets: + root_logger.error('unable to resolve host name %s to IP address, ' + 'ipa-ca DNS record will be incomplete', hostname) + return + for rrset in rrsets: for rd in rrset: rdataset = zone_obj.get_rdataset( |