Replace replication_wait_timeout with certmonger_wait_timeout

The variable is intended to control the timeout for replication events. If someone had significantly reduced it via configuration then it could have caused certmogner requests to fail due to timeouts. Add replication_wait_timeout, certmonger_wait_timeout and http_timeout to the default.conf man page. Related: https://pagure.io/freeipa/issue/7971 Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
2025-02-25 18:55:28 -06:00 · 2019-07-05 13:31:32 -04:00
parent 0d7eb0a972
commit faf34fcdfd
9 changed files with 27 additions and 8 deletions
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -874,7 +874,7 @@ class CAInstance(DogtagInstance):
                pre_command='renew_ra_cert_pre',
                post_command='renew_ra_cert',
                storage="FILE",
-                resubmit_timeout=api.env.replication_wait_timeout
+                resubmit_timeout=api.env.certmonger_wait_timeout
            )
            self.__set_ra_cert_perms()

--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -663,7 +663,7 @@ class CertDB:
    def request_service_cert(self, nickname, principal, host,
                             resubmit_timeout=None):
        if resubmit_timeout is None:
-            resubmit_timeout = api.env.replication_wait_timeout
+            resubmit_timeout = api.env.certmonger_wait_timeout
        return certmonger.request_and_wait_for_cert(
            certpath=self.secdir,
            storage='NSSDB',
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -872,7 +872,7 @@ class DsInstance(service.Service):
                    profile=dogtag.DEFAULT_PROFILE,
                    dns=[self.fqdn],
                    post_command=cmd,
-                    resubmit_timeout=api.env.replication_wait_timeout
+                    resubmit_timeout=api.env.certmonger_wait_timeout
                )
            finally:
                if prev_helper is not None:
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -385,7 +385,7 @@ class HTTPInstance(service.Service):
                    post_command='restart_httpd',
                    storage='FILE',
                    passwd_fname=key_passwd_file,
-                    resubmit_timeout=api.env.replication_wait_timeout
+                    resubmit_timeout=api.env.certmonger_wait_timeout
                )
            finally:
                if prev_helper is not None:
--- a/ipaserver/install/krbinstance.py
+++ b/ipaserver/install/krbinstance.py
@@ -459,7 +459,7 @@ class KrbInstance(service.Service):
                profile=KDC_PROFILE,
                post_command='renew_kdc_cert',
                perms=(0o644, 0o600),
-                resubmit_timeout=api.env.replication_wait_timeout
+                resubmit_timeout=api.env.certmonger_wait_timeout
            )
        except dbus.DBusException as e:
            # if the certificate is already tracked, ignore the error