URL: https://github.com/SSSD/sssd/pull/214 Author: celestian Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet Action: opened
PR body: """ We add udp_preference_limit = 0 to krb5 snippet. This option enable TCP connection before UDP, when sending a message to the KDC.
Resolves: https://pagure.io/SSSD/sssd/issue/3254 """
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/214/head:pr214 git checkout pr214
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
frozencemetery commented: """ I read the associated bug as suggesting doing this only when using AD, but this patch does it unconditionally. I would prefer not doing this unconditionally. """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-289825032
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
Label: +Changes requested
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
celestian commented: """ I see ``` Warning: Permanently added '172.19.2.156' (ECDSA) to the list of known hosts. install-deps: success 00:01:07 ci-install-deps.log autoreconf: success 00:00:34 ci-autoreconf.log DEBUG BUILD: ci-build-debug configure: failure 00:00:22 ci-build-debug/ci-configure.log FAILURE ``` is it possible to look at logs?
Respectively I tried to run the tests in our CI, but connection failed: ``` $ git push ci HEAD:master ssh_exchange_identification: Connection closed by remote host fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists. ``` """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-290627840
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
celestian commented: """ I see ``` Warning: Permanently added '172.19.2.156' (ECDSA) to the list of known hosts. install-deps: success 00:01:07 ci-install-deps.log autoreconf: success 00:00:34 ci-autoreconf.log DEBUG BUILD: ci-build-debug configure: failure 00:00:22 ci-build-debug/ci-configure.log FAILURE ``` is it possible to look at logs?
Respectively I tried to run the tests in our CI, but connection failed: ``` $ git push ci HEAD:master ssh_exchange_identification: Connection closed by remote host fatal: Could not read from remote repository.
Please make sure you have the correct access rights and the repository exists. ``` """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-290627840
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
fidencio commented: """ @frozencemetery: is your comment still valid for the latest version of this patch? I'm not sure whether @celestian updated this patch after your comment or not and excuse me in case I'm mistaken, but now seems that those patches are setting `udp_preference_limit = 0` conditionally in the krb5 snippet. """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-318269285
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
fidencio commented: """ retest this, please """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-318278533
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
celestian commented: """ @fidencio I am totally out of scope of this PR. I just assume that I addressed @frozencemetery 's comment from Mar 28. The conditional setting was subject of frozencemetery's comment.
@fidencio, Is this sufficient answer for you? """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-318288827
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
fidencio commented: """ @celestian: basically I'm trying to figure out whether his comments are still valid and I misunderstood the last patch. Because looks like the last patch addresses his comments ... or am I mistaken?
Anyways, someone will take it over, so just trying to get as much context as possible for whoever does that. """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-318290260
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
celestian commented: """ @fidencio Oh, I see -- now I understand what are you looking for. Maybe it is little confusing, there on github, that it is not visible that my patch is already updated/fixed. So there were another one patch before this one but it is not reachable from gtithub (nor from my local repo, I deleted it some times ago.) """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-318318158
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
frozencemetery commented: """ @fidencio it looks like it's been addressed. Thanks for checking! """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-318387652
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
Label: -Changes requested
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
fidencio commented: """ @frozencemetery. thanks for checking it out. I'll take over the review in the next few days (unless I have an ACK from you ;-)). """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-318480125
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
frozencemetery commented: """ @fidencio I don't know the codebase well enough to give ack, sorry (just to complain about krb5 bits 😄). """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-318673769
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
fidencio commented: """ The way I've tested:
- sssd.conf ``` [domain/example.com] ... id_provider = ad ... ```
- before the patch: ``` [root@master x86_64]# cat /var/lib/sss/pubconf/krb5.include.d/krb5_libdefaults cat: /var/lib/sss/pubconf/krb5.include.d/krb5_libdefaults: No such file or directory ``` - after the patch: ``` [root@master x86_64]# cat /var/lib/sss/pubconf/krb5.include.d/krb5_libdefaults udp_preference_limit = 0 ``` I've also ensure that before and after the patch there were no changes when using id_provider = ipa. ``` [root@master x86_64]# cat /var/lib/sss/pubconf/krb5.include.d/krb5_libdefaults canonicalize = true ```
So, ACK! """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-319114562
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
Label: +Accepted
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
Label: -Accepted
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
fidencio commented: """ Let me wait till CI is finished before actually setting the label to "Accepted" """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-319115064
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
Label: +Accepted
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
fidencio commented: """ Whoever pushes those patches, please, add Robbie as a reviewer as well. """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-319280225
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
jhrozek commented: """ I'm sorry, but this patch is incorrect. For the options to work, they must be contained in the `libdefaults` section and with the current patch, they are not, because the subsequent calls overwrite the previous contents (which included the libdefaults section).
I (hopefully) fixed the patch in my udplimit branch: https://github.com/jhrozek/sssd/tree/udplimit
With this patch, an IPA client only contains the canonicalize option (same as it did with master) and an AD client contains a libdefault section with the UDP limit disabled.
And I also tested that, on the AD client, calling kinit then doesn't trigger any UDP traffic, but only TCP. """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-319951710
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
Label: +Changes requested
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
Label: -Accepted
URL: https://github.com/SSSD/sssd/pull/214 Author: celestian Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/214/head:pr214 git checkout pr214
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
jhrozek commented: """ OK, I force-pushed my changes. I'll run Coverity and CI now. """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-319983393
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
Label: -Changes requested
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
jhrozek commented: """ Coverity was clean btw """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-319992465
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
fidencio commented: """ @jhrozek, sorry for the mistaken done during the first review.
This version is good :-)
Please, add yourself as reviewer as well. """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-320776197
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
fidencio commented: """ CI has passed without failures. """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-320794202
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
Label: +Accepted
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
Label: -Accepted
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
lslebodn commented: """ Jenkins CI failed and also inter CI http://vm-058-233.$ABC/logs/job/72/81/summary.html
Therefore removing ACCEPTED label """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-320910883
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
fidencio commented: """ @lslebodn, the test which failed in your run is not related to this patch at all.
Also, just a previous run /job/72/80 passed without any failure.
I understand you would like to have the test fixed (and I totally agree with you here). But blocking patches to be pushed because of unrelated failures is something that must be discussed within the core developers before having it in practice.
I'm re-adding the "Accepted" label. """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-320920860
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
Label: +Accepted
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
Label: -Accepted
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
lslebodn commented: """ The only way how can you prove it is not related to PR is to explain why it fails or fix it. BTW it failed for me again: http://vm-058-233.$ABC/logs/job/72/84/debian_testing/ci.log
Therefore removing ACCEPTED label """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-320968727
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
fidencio commented: """ And passed: 72/82. """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-320974207
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
Label: +Accepted
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
fidencio commented: """ @lslebodn, I've sent an email to sssd-devel mailing list about the test failure.
Let's keep this discussion there and, please, stop using this PR as a target of your discontentment ... this is not the right place for that. """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-320981976
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
Label: -Accepted
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
lslebodn commented: """ Do we test the same patch? It failed for me 3rd time in a row. http://vm-058-233.$ABC/logs/job/72/96/summary.txt """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-321215597
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
fidencio commented: """ I'm testing the patch rebased on top of git master. All the times it passed.
Let me actually retest it here, just to be more than sure. """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-321216068
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
fidencio commented: """ ``` [ffidenci@pessoa sssd]$ git checkout t3254_master_krb5_snippet Switched to branch 't3254_master_krb5_snippet' Your branch and 'celestian/t3254_master_krb5_snippet' have diverged, and have 3 and 1 different commits each, respectively. (use "git pull" to merge the remote branch into yours) ``` ``` [ffidenci@pessoa sssd]$ git remote update celestian Fetching celestian ``` ``` [ffidenci@pessoa sssd]$ git reset --hard celestian/t3254_master_krb5_snippet HEAD is now at 69c4c688e UTIL: Set udp_preference_limit=0 in krb5 snippet ``` ``` [ffidenci@pessoa sssd]$ git remote update ghsssd Fetching ghsssd ``` ``` [ffidenci@pessoa sssd]$ git rebase ghsssd/master First, rewinding head to replay your work on top of it... Applying: UTIL: Set udp_preference_limit=0 in krb5 snippet ``` ``` [ffidenci@pessoa sssd]$ git push ci HEAD:master Counting objects: 14, done. Delta compression using up to 4 threads. Compressing objects: 100% (13/13), done. Writing objects: 100% (14/14), 1.66 KiB | 1.66 MiB/s, done. Total 14 (delta 13), reused 1 (delta 1) remote: Queueing for rigorous / rhel7 rhel6 debian_testing fedora23 fedora22 fedora_rawhide fedora25 fedora24 fedora26: remote: master: 5b401e3 UTIL: Set udp_preference_limit=0 in krb5 snippet remote: To ... eec0b39ed..5b401e35c HEAD -> master ``` """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-321217056
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
fidencio commented: """ And it just passed again: http://vm-058-233.$ABC/logs/job/72/97/summary.html """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-321231365
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
lslebodn commented: """
I'm testing the patch rebased on top of git master. All the times it passed.
I do the same and it always fails for me. And I trust myself. """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-321233989
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
fidencio commented: """ Thanks for implying that you do **not** trust myself. """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-321234650
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
lslebodn commented: """
Thanks for implying that you do not trust myself.
I'm sorry but I cannot verify that you really used the same patch :-( (patches welcome for improving it in internal CI). And it is weird that it works for you but does not work for me. """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-321236287
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
lslebodn commented: """
Thanks for implying that you do not trust myself.
I'm sorry but I cannot verify that you really used the same patch :-( (patches welcome for improving it in internal CI). And it is weird that it works for you but does not work for me. """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-321236287
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
lslebodn commented: """ http://vm-058-233.$ABC/logs/job/73/31/summary.html
master: * 6bd6571dfe97fb9c6ce9040c3fcfb4965f95eda1 """
See the full comment at https://github.com/SSSD/sssd/pull/214#issuecomment-322222626
URL: https://github.com/SSSD/sssd/pull/214 Author: celestian Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet Action: closed
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/214/head:pr214 git checkout pr214
URL: https://github.com/SSSD/sssd/pull/214 Title: #214: UTIL: Set udp_preference_limit=0 in krb5 snippet
Label: +Pushed
sssd-devel@lists.fedorahosted.org