freeipa

Clone
Source Code
GIT

#5273 DNSSEC daemons may deadlock when processing more than 1 zone
Closed: Fixed None Opened 8 years ago by pspacek.

Closed: Fixed
Reopen Issue

ods-enforcerd is holding kasp.db.our_lock when processing all zones and the lock is unlocked only after all calls to ods-signer are finished, i.e. when ods-enforcerd receives reply from each ods-signer calls.

Consequently, ipa-ods-exporter (ods-signerd implementation) must not request kasp.db.our_lock to prevent deadlocks. SQLite transaction isolation should suffice. I hope.

reproduced by Upstream CI tests

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1258944

master:

  • b6435f2 DNSSEC: backup and restore opendnssec zone list file
  • e7a876d DNSSEC: remove ccache and keytab of ipa-ods-exporter
  • f1436c4 DNSSEC: prevent ipa-ods-exporter from looping after service auto-restart
  • d24db5d DNSSEC: Fix deadlock in ipa-ods-exporter <-> ods-enforcerd interaction
  • 025a9b1 DNSSEC: Fix HSM synchronization in ipa-dnskeysyncd when running on DNSSEC key master
  • e840061 DNSSEC: Fix key metadata export
  • ecf796e DNSSEC: Wrap master key using RSA OAEP instead of old PKCS v1.5.

ipa-4-2:

  • a007a15 DNSSEC: backup and restore opendnssec zone list file
  • 8767fff DNSSEC: remove ccache and keytab of ipa-ods-exporter
  • f8c637d DNSSEC: prevent ipa-ods-exporter from looping after service auto-restart
  • 87c4945 DNSSEC: Fix deadlock in ipa-ods-exporter <-> ods-enforcerd interaction
  • e1101c2 DNSSEC: Fix HSM synchronization in ipa-dnskeysyncd when running on DNSSEC key master
  • 73058ca DNSSEC: Fix key metadata export
  • 5ad806e DNSSEC: Wrap master key using RSA OAEP instead of old PKCS v1.5.

Metadata Update from @pspacek:
- Issue assigned to pspacek
- Issue set to the milestone: FreeIPA 4.2.1
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
important
None
None
None
None
defect
None
None
DNS
None
1
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=1258944
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.