68 lines
2.5 KiB
Diff
68 lines
2.5 KiB
Diff
From cc42d19e35ee54b9fcf82e70b7897a6d386d08b9 Mon Sep 17 00:00:00 2001
|
|
From: Alexander Bokovoy <abokovoy@redhat.com>
|
|
Date: Tue, 24 Jul 2012 12:07:23 +0300
|
|
Subject: [PATCH 44/79] Rework task naming in LDAP updates to avoid
|
|
conflicting names in certain cases
|
|
|
|
There are two problems in task naming in LDAP updates:
|
|
|
|
1. Randomness may be scarce in virtual machines
|
|
2. Random number is added to the time value rounded to a second
|
|
|
|
The second issue leads to values that may repeat themselves as time
|
|
only grows and random number is non-negative as well, so
|
|
t2+r2 can be equal to t1+t2 generated earlier.
|
|
|
|
Since task name is a DN, there is no strict requirement to use an integer value.
|
|
Instead, we generate an UUID and use its 60-bit time, 14-bit sequential number,
|
|
and attribute name.
|
|
|
|
https://fedorahosted.org/freeipa/ticket/2942
|
|
---
|
|
ipaserver/install/ldapupdate.py | 18 +++++++++---------
|
|
1 file changed, 9 insertions(+), 9 deletions(-)
|
|
|
|
diff --git a/ipaserver/install/ldapupdate.py b/ipaserver/install/ldapupdate.py
|
|
index c64139889d9f84866ac0cd358ed3a3a7d95af7dc..949b86ad99bce97fe3d09baef7fa42dbbc55ac26 100644
|
|
--- a/ipaserver/install/ldapupdate.py
|
|
+++ b/ipaserver/install/ldapupdate.py
|
|
@@ -29,9 +29,11 @@ from ipaserver.install import installutils
|
|
from ipaserver.install import service
|
|
from ipaserver import ipaldap
|
|
from ipapython import entity, ipautil
|
|
+import uuid
|
|
from ipalib import util
|
|
from ipalib import errors
|
|
from ipalib import api
|
|
+from ipalib.dn import DN
|
|
import ldap
|
|
from ldap.dn import escape_dn_chars
|
|
from ipapython.ipa_log_manager import *
|
|
@@ -328,16 +330,14 @@ class LDAPUpdate:
|
|
if self.live_run:
|
|
time.sleep(5)
|
|
|
|
- r = random.SystemRandom()
|
|
+ cn_uuid = uuid.uuid1()
|
|
+ # cn_uuid.time is in nanoseconds, but other users of LDAPUpdate expect
|
|
+ # seconds in 'TIME' so scale the value down
|
|
+ self.sub_dict['TIME'] = int(cn_uuid.time/1e9)
|
|
+ cn = "indextask_%s_%s_%s" % (attribute, cn_uuid.time, cn_uuid.clock_seq)
|
|
+ dn = DN(('cn', cn), ('cn', 'index'), ('cn', 'tasks'), ('cn', 'config'))
|
|
|
|
- # Refresh the time to make uniqueness more probable. Add on some
|
|
- # randomness for good measure.
|
|
- self.sub_dict['TIME'] = int(time.time()) + r.randint(0,10000)
|
|
-
|
|
- cn = self._template_str("indextask_$TIME")
|
|
- dn = "cn=%s, cn=index, cn=tasks, cn=config" % cn
|
|
-
|
|
- e = ipaldap.Entry(dn)
|
|
+ e = ipaldap.Entry(str(dn))
|
|
|
|
e.setValues('objectClass', ['top', 'extensibleObject'])
|
|
e.setValue('cn', cn)
|
|
--
|
|
1.7.11.2
|
|
|