Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make failover work over IP families #7658

Closed
wants to merge 2 commits into from
Closed

Make failover work over IP families #7658

wants to merge 2 commits into from

Conversation

thalman
Copy link
Contributor

@thalman thalman commented Oct 18, 2024

Originally the option ipv4_first and ipv6_first was taken into account
when resolving IP address.

When both families are resolvable but the primary is blocked on
firewall, the SSSD must switch to the socondary family.

@andreboscatto andreboscatto requested a review from danlavu January 21, 2025 13:38
@andreboscatto andreboscatto requested a review from aplopez January 21, 2025 13:39
@alexey-tikhonov
Copy link
Member

@thalman, could you please add a release note (or convert commit message to a release note)?

@thalman thalman marked this pull request as ready for review January 21, 2025 14:30
@thalman
Copy link
Contributor Author

thalman commented Jan 23, 2025

@thalman, could you please add a release note (or convert commit message to a release note)?

done

@alexey-tikhonov
Copy link
Member

All system tests fail.

Number of steps and results do not match in idm-sssd-tc::tests/test_failover.py::test_failover__connect_second_family

danlavu
danlavu requested changes Jan 27, 2025
View reviewed changes
Copy link

@danlavu danlavu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor changes, other than that, it looks good.

src/tests/system/tests/test_failover.py Show resolved Hide resolved
src/tests/system/tests/test_failover.py Outdated Show resolved Hide resolved
src/tests/system/tests/test_failover.py Outdated Show resolved Hide resolved
src/tests/system/tests/test_failover.py Outdated Show resolved Hide resolved
src/tests/system/tests/test_failover.py Outdated Show resolved Hide resolved
src/tests/system/tests/test_failover.py Outdated Show resolved Hide resolved
aplopez
aplopez reviewed Jan 31, 2025
View reviewed changes
src/providers/fail_over.c Outdated Show resolved Hide resolved
aplopez
aplopez approved these changes Feb 6, 2025
View reviewed changes
Copy link
Contributor

@aplopez aplopez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thank you.

@alexey-tikhonov alexey-tikhonov added the no-backport This should go to target branch only. label Feb 11, 2025
danlavu
danlavu previously approved these changes Feb 13, 2025
View reviewed changes
Copy link

@danlavu danlavu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thank you!

@danlavu
Copy link

danlavu commented Feb 13, 2025

I spoke too soon, its failing CI.

tests/test_failover.py:86: error: "type[KnownTopology]" has no attribute "AnyProvider"  [attr-defined]

Changing the topology marker to, should fix the problem.

@pytest.mark.topology(KnownTopologyGroup.AnyProvider)

@danlavu danlavu dismissed their stale review February 13, 2025 01:15

Failing CI, will re-approve when it's green.

@thalman
Copy link
Contributor Author

thalman commented Feb 13, 2025

I spoke too soon, its failing CI.

tests/test_failover.py:86: error: "type[KnownTopology]" has no attribute "AnyProvider"  [attr-defined]

Changing the topology marker to, should fix the problem.

@pytest.mark.topology(KnownTopologyGroup.AnyProvider)

mea culpa, it should be fixed now, lets wait for green

@thalman thalman force-pushed the fo_family branch 2 times, most recently from 39bfd95 to 2371e23 Compare February 13, 2025 10:13
danlavu
danlavu approved these changes Feb 13, 2025
View reviewed changes
Copy link

@danlavu danlavu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test failure is not related to the patch, approving.

@alexey-tikhonov alexey-tikhonov added Accepted coverity Trigger a coverity scan and removed Waiting for review labels Feb 13, 2025
@thalman
failover: Make failover work over IP families
dbc28a7 
Originally the option ipv4_first and ipv6_first was taken into account
when resolving IP address.

When both families are resolvable but the primary is blocked on
firewall, the SSSD should try the secondary family before giving up.

:relnote:SSSD now attempts to connect to the server using a secondary
protocol if the server is not reachable using the primary one.
See the lookup_family_order option.
@thalman
tests: Check failover to secondary IP family
3aadba4 
Test that IPA server is still reachable when primary
address family is blocked but secondary is working.
@alexey-tikhonov alexey-tikhonov added coverity Trigger a coverity scan Ready to push Ready to push and removed coverity Trigger a coverity scan labels Feb 14, 2025
@alexey-tikhonov
Copy link
Member

Pushed PR: #7658

  • master
    • 894971b - tests: Check failover to secondary IP family
    • 537e586 - failover: Make failover work over IP families

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@danlavu danlavu danlavu approved these changes

@aplopez aplopez aplopez approved these changes

Assignees

@danlavu danlavu

@aplopez aplopez

Labels
coverity Trigger a coverity scan no-backport This should go to target branch only. Pushed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@thalman @alexey-tikhonov @danlavu @aplopez