From 99e2a107f01c625cb59cb88589db87294176d6c6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Tue, 11 Jun 2019 13:37:23 +0200
Subject: [PATCH 10/12] failover: add dns_resolver_server_timeout option
Resolves:
https://pagure.io/SSSD/sssd/issue/3217
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
---
src/config/SSSDConfig/__init__.py.in | 1 +
src/config/SSSDConfigTest.py | 2 ++
src/config/cfg_rules.ini | 1 +
src/config/etc/sssd.api.conf | 1 +
src/man/include/failover.xml | 17 ++++++++++++++++-
src/providers/data_provider.h | 1 +
src/providers/data_provider_fo.c | 3 +++
src/resolv/async_resolv.c | 10 ++++++----
src/resolv/async_resolv.h | 2 +-
src/tests/cmocka/test_fo_srv.c | 4 ++--
src/tests/cmocka/test_resolv_fake.c | 2 +-
src/tests/fail_over-tests.c | 2 +-
src/tests/resolv-tests.c | 2 +-
13 files changed, 37 insertions(+), 11 deletions(-)
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index 9642fe6ba..2d1214e16 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -171,6 +171,7 @@ option_strings = {
'entry_cache_timeout' : _('Entry cache timeout length (seconds)'),
'lookup_family_order' : _('Restrict or prefer a specific address family when performing DNS lookups'),
'account_cache_expiration' : _('How long to keep cached entries after last successful login (days)'),
+ 'dns_resolver_server_timeout' : _('How long should SSSD talk to single DNS server before trying next server (miliseconds)'),
'dns_resolver_timeout' : _('How long to wait for replies from DNS when resolving servers (seconds)'),
'dns_discovery_domain' : _('The domain part of service discovery DNS query'),
'override_gid' : _('Override GID value from the identity provider with this value'),
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index 727df71ab..82b1a9700 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -606,6 +606,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
'refresh_expired_interval',
'lookup_family_order',
'account_cache_expiration',
+ 'dns_resolver_server_timeout',
'dns_resolver_timeout',
'dns_discovery_domain',
'dyndns_update',
@@ -976,6 +977,7 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
'refresh_expired_interval',
'account_cache_expiration',
'lookup_family_order',
+ 'dns_resolver_server_timeout',
'dns_resolver_timeout',
'dns_discovery_domain',
'dyndns_update',
diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
index 929e6149a..a2efb3a67 100644
--- a/src/config/cfg_rules.ini
+++ b/src/config/cfg_rules.ini
@@ -367,6 +367,7 @@ option = account_cache_expiration
option = pwd_expiration_warning
option = filter_users
option = filter_groups
+option = dns_resolver_server_timeout
option = dns_resolver_timeout
option = dns_discovery_domain
option = override_gid
diff --git a/src/config/etc/sssd.api.conf b/src/config/etc/sssd.api.conf
index c6d6690fb..288b1cfe7 100644
--- a/src/config/etc/sssd.api.conf
+++ b/src/config/etc/sssd.api.conf
@@ -170,6 +170,7 @@ account_cache_expiration = int, None, false
pwd_expiration_warning = int, None, false
filter_users = list, str, false
filter_groups = list, str, false
+dns_resolver_server_timeout = int, None, false
dns_resolver_timeout = int, None, false
dns_discovery_domain = str, None, false
override_gid = int, None, false
diff --git a/src/man/include/failover.xml b/src/man/include/failover.xml
index 7b451d831..f2a01b933 100644
--- a/src/man/include/failover.xml
+++ b/src/man/include/failover.xml
@@ -71,6 +71,20 @@
</citerefentry>,
manual page.
<variablelist>
+ <varlistentry>
+ <term>
+ dns_resolver_server_timeout
+ </term>
+ <listitem>
+ <para>
+ Time in milliseconds that sets how long would SSSD
+ talk to a single DNS server before trying next one.
+ </para>
+ <para>
+ Default: 2000
+ </para>
+ </listitem>
+ </varlistentry>
<varlistentry>
<term>
dns_resolver_op_timeout
@@ -111,7 +125,8 @@
<quote>ldap_opt_timeout></quote> timeout should be set to
a larger value than <quote>dns_resolver_timeout</quote>
which in turn should be set to a larger value than
- <quote>dns_resolver_op_timeout</quote>.
+ <quote>dns_resolver_op_timeout</quote> which should be larger
+ than <quote>dns_resolver_server_timeout</quote>.
</para>
</refsect2>
</refsect1>
diff --git a/src/providers/data_provider.h b/src/providers/data_provider.h
index a0a21cc12..2d10dbb5b 100644
--- a/src/providers/data_provider.h
+++ b/src/providers/data_provider.h
@@ -265,6 +265,7 @@ enum dp_res_opts {
DP_RES_OPT_FAMILY_ORDER,
DP_RES_OPT_RESOLVER_TIMEOUT,
DP_RES_OPT_RESOLVER_OP_TIMEOUT,
+ DP_RES_OPT_RESOLVER_SERVER_TIMEOUT,
DP_RES_OPT_DNS_DOMAIN,
DP_RES_OPTS /* attrs counter */
diff --git a/src/providers/data_provider_fo.c b/src/providers/data_provider_fo.c
index 473b667e5..a7af3e2a5 100644
--- a/src/providers/data_provider_fo.c
+++ b/src/providers/data_provider_fo.c
@@ -833,6 +833,7 @@ static struct dp_option dp_res_default_opts[] = {
{ "lookup_family_order", DP_OPT_STRING, { "ipv4_first" }, NULL_STRING },
{ "dns_resolver_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
{ "dns_resolver_op_timeout", DP_OPT_NUMBER, { .number = 6 }, NULL_NUMBER },
+ { "dns_resolver_server_timeout", DP_OPT_NUMBER, { .number = 2000 }, NULL_NUMBER },
{ "dns_discovery_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING },
DP_OPTION_TERMINATOR
};
@@ -894,6 +895,8 @@ errno_t be_res_init(struct be_ctx *ctx)
ret = resolv_init(ctx, ctx->ev,
dp_opt_get_int(ctx->be_res->opts,
DP_RES_OPT_RESOLVER_OP_TIMEOUT),
+ dp_opt_get_int(ctx->be_res->opts,
+ DP_RES_OPT_RESOLVER_SERVER_TIMEOUT),
&ctx->be_res->resolv);
if (ret != EOK) {
talloc_zfree(ctx->be_res);
diff --git a/src/resolv/async_resolv.c b/src/resolv/async_resolv.c
index 01d835ec9..00b9531d4 100644
--- a/src/resolv/async_resolv.c
+++ b/src/resolv/async_resolv.c
@@ -60,8 +60,6 @@
#define DNS_RR_LEN(r) DNS__16BIT((r) + 8)
#define DNS_RR_TTL(r) DNS__32BIT((r) + 4)
-#define RESOLV_TIMEOUTMS 2000
-
enum host_database default_host_dbs[] = { DB_FILES, DB_DNS, DB_SENTINEL };
struct fd_watch {
@@ -83,6 +81,9 @@ struct resolv_ctx {
/* Time in milliseconds before canceling a DNS request */
int timeout;
+ /* Time in milliseconds for communication with single DNS server. */
+ int ares_timeout;
+
/* The timeout watcher periodically calls ares_process_fd() to check
* if our pending requests didn't timeout. */
int pending_requests;
@@ -423,7 +424,7 @@ recreate_ares_channel(struct resolv_ctx *ctx)
*/
options.sock_state_cb = fd_event;
options.sock_state_cb_data = ctx;
- options.timeout = RESOLV_TIMEOUTMS;
+ options.timeout = ctx->ares_timeout;
/* Only affects ares_gethostbyname */
options.lookups = discard_const("f");
options.tries = 1;
@@ -450,7 +451,7 @@ recreate_ares_channel(struct resolv_ctx *ctx)
int
resolv_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx,
- int timeout, struct resolv_ctx **ctxp)
+ int timeout, int ares_timeout, struct resolv_ctx **ctxp)
{
int ret;
struct resolv_ctx *ctx;
@@ -467,6 +468,7 @@ resolv_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx,
ctx->ev_ctx = ev_ctx;
ctx->timeout = timeout;
+ ctx->ares_timeout = ares_timeout;
ret = recreate_ares_channel(ctx);
if (ret != EOK) {
diff --git a/src/resolv/async_resolv.h b/src/resolv/async_resolv.h
index 90ed03707..d83a7be44 100644
--- a/src/resolv/async_resolv.h
+++ b/src/resolv/async_resolv.h
@@ -52,7 +52,7 @@
struct resolv_ctx;
int resolv_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx,
- int timeout, struct resolv_ctx **ctxp);
+ int timeout, int ares_timeout, struct resolv_ctx **ctxp);
void resolv_reread_configuration(struct resolv_ctx *ctx);
diff --git a/src/tests/cmocka/test_fo_srv.c b/src/tests/cmocka/test_fo_srv.c
index a11ebbb54..c13cf3a69 100644
--- a/src/tests/cmocka/test_fo_srv.c
+++ b/src/tests/cmocka/test_fo_srv.c
@@ -49,7 +49,7 @@ struct resolv_ctx {
/* mock resolver interface. The resolver test is separate */
int resolv_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev_ctx,
- int timeout, struct resolv_ctx **ctxp)
+ int timeout, int ares_timeout, struct resolv_ctx **ctxp)
{
*ctxp = talloc(mem_ctx, struct resolv_ctx);
return EOK;
@@ -230,7 +230,7 @@ static int test_fo_setup(void **state)
assert_non_null(test_ctx->ctx);
ret = resolv_init(test_ctx, test_ctx->ctx->ev,
- TEST_RESOLV_TIMEOUT, &test_ctx->resolv);
+ TEST_RESOLV_TIMEOUT, 2000, &test_ctx->resolv);
assert_non_null(test_ctx->resolv);
memset(&fopts, 0, sizeof(fopts));
diff --git a/src/tests/cmocka/test_resolv_fake.c b/src/tests/cmocka/test_resolv_fake.c
index 4cb3d4027..0f4011a39 100644
--- a/src/tests/cmocka/test_resolv_fake.c
+++ b/src/tests/cmocka/test_resolv_fake.c
@@ -240,7 +240,7 @@ static int test_resolv_fake_setup(void **state)
assert_non_null(test_ctx->ctx);
ret = resolv_init(test_ctx, test_ctx->ctx->ev,
- TEST_DEFAULT_TIMEOUT, &test_ctx->resolv);
+ TEST_DEFAULT_TIMEOUT, 2000, &test_ctx->resolv);
assert_int_equal(ret, EOK);
*state = test_ctx;
diff --git a/src/tests/fail_over-tests.c b/src/tests/fail_over-tests.c
index 5312b2772..b2269ef3b 100644
--- a/src/tests/fail_over-tests.c
+++ b/src/tests/fail_over-tests.c
@@ -73,7 +73,7 @@ setup_test(void)
fail("Could not init tevent context");
}
- ret = resolv_init(ctx, ctx->ev, 5, &ctx->resolv);
+ ret = resolv_init(ctx, ctx->ev, 5, 2000, &ctx->resolv);
if (ret != EOK) {
talloc_free(ctx);
fail("Could not init resolv context");
diff --git a/src/tests/resolv-tests.c b/src/tests/resolv-tests.c
index 4a2b3b904..bc4cd7cc1 100644
--- a/src/tests/resolv-tests.c
+++ b/src/tests/resolv-tests.c
@@ -76,7 +76,7 @@ static int setup_resolv_test(int timeout, struct resolv_test_ctx **ctx)
return EFAULT;
}
- ret = resolv_init(test_ctx, test_ctx->ev, timeout, &test_ctx->resolv);
+ ret = resolv_init(test_ctx, test_ctx->ev, timeout, 2000, &test_ctx->resolv);
if (ret != EOK) {
fail("Could not init resolv context");
talloc_free(test_ctx);
--
2.20.1