Browse Source

Implement retry logic

master
Lauri Võsandi 1 year ago
parent
commit
3a4aff27bc
  1. 1
      entrypoint-openvpn.sh
  2. 1
      entrypoint-strongswan.sh
  3. 25
      pinecrypt/client/cli.py

1
entrypoint-openvpn.sh

@ -1,6 +1,5 @@ @@ -1,6 +1,5 @@
#!/bin/sh
set -e
set -x
sleep 10
$@
AUTHORITY=$3

1
entrypoint-strongswan.sh

@ -1,6 +1,5 @@ @@ -1,6 +1,5 @@
#!/bin/sh
set -e
set -x
sleep 10
$@
AUTHORITY=$3

25
pinecrypt/client/cli.py

@ -23,7 +23,22 @@ from datetime import datetime, timedelta @@ -23,7 +23,22 @@ from datetime import datetime, timedelta
from email.utils import formatdate
from oscrypto import asymmetric
from pinecrypt.client import const
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.util.retry import Retry
MAX_RETRIES = 30
session = requests.Session()
retry = Retry(
total=MAX_RETRIES,
read=MAX_RETRIES,
connect=MAX_RETRIES,
backoff_factor=0.3,
status_forcelist=(500, 502, 504),
)
adapter = HTTPAdapter(max_retries=retry)
session.mount('http://', adapter)
session.mount('https://', adapter)
def selinux_fixup(path):
"""
@ -157,7 +172,7 @@ def certidude_enroll(fork, no_wait, kerberos): @@ -157,7 +172,7 @@ def certidude_enroll(fork, no_wait, kerberos):
authority_url = "http://%s/api/certificate/" % authority_name
click.echo("Attempting to fetch authority certificate from %s" % authority_url)
try:
r = requests.get(authority_url,
r = session.get(authority_url,
headers={"Accept": "application/x-x509-ca-cert,application/x-pem-file"})
header, _, certificate_der_bytes = pem.unarmor(r.content)
authority_certificate = x509.Certificate.load(certificate_der_bytes)
@ -187,7 +202,7 @@ def certidude_enroll(fork, no_wait, kerberos): @@ -187,7 +202,7 @@ def certidude_enroll(fork, no_wait, kerberos):
bootstrap_url = "http://%s/api/bootstrap/" % authority_name
click.echo("Attempting to bootstrap connection from %s" % bootstrap_url)
try:
r = requests.get(bootstrap_url)
r = session.get(bootstrap_url)
except requests.exceptions.ConnectionError:
click.echo("Connection error while attempting to fetch %s" % bootstrap_url)
continue
@ -321,7 +336,7 @@ def certidude_enroll(fork, no_wait, kerberos): @@ -321,7 +336,7 @@ def certidude_enroll(fork, no_wait, kerberos):
request_url = request_url + "?" + "&".join(request_params)
try:
submission = requests.post(request_url, **kwargs)
submission = session.post(request_url, **kwargs)
except requests.exceptions.ConnectionError:
click.echo("Connection error while attempting to submit request to %s" % request_url)
continue
@ -337,7 +352,7 @@ def certidude_enroll(fork, no_wait, kerberos): @@ -337,7 +352,7 @@ def certidude_enroll(fork, no_wait, kerberos):
os.unlink(pid_path)
continue
if submission.status_code == requests.codes.conflict:
raise errors.DuplicateCommonNameError("Different signing request with same CN is already present on server, server refuses to overwrite")
raise ValueError("Different signing request with same CN is already present on server, server refuses to overwrite")
elif submission.status_code == requests.codes.gone:
# Should the client retry or disable request submission?
raise ValueError("Server refused to sign the request") # TODO: Raise proper exception

Loading…
Cancel
Save