Implement retry logic

This commit is contained in:
Lauri Võsandi 2021-05-13 21:31:14 +03:00
parent f80321c8a1
commit 3a4aff27bc
3 changed files with 19 additions and 6 deletions

View File

@ -1,6 +1,5 @@
#!/bin/sh #!/bin/sh
set -e set -e
set -x
sleep 10 sleep 10
$@ $@
AUTHORITY=$3 AUTHORITY=$3

View File

@ -1,6 +1,5 @@
#!/bin/sh #!/bin/sh
set -e set -e
set -x
sleep 10 sleep 10
$@ $@
AUTHORITY=$3 AUTHORITY=$3

View File

@ -23,7 +23,22 @@ from datetime import datetime, timedelta
from email.utils import formatdate from email.utils import formatdate
from oscrypto import asymmetric from oscrypto import asymmetric
from pinecrypt.client import const from pinecrypt.client import const
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.util.retry import Retry
MAX_RETRIES = 30
session = requests.Session()
retry = Retry(
total=MAX_RETRIES,
read=MAX_RETRIES,
connect=MAX_RETRIES,
backoff_factor=0.3,
status_forcelist=(500, 502, 504),
)
adapter = HTTPAdapter(max_retries=retry)
session.mount('http://', adapter)
session.mount('https://', adapter)
def selinux_fixup(path): def selinux_fixup(path):
""" """
@ -157,7 +172,7 @@ def certidude_enroll(fork, no_wait, kerberos):
authority_url = "http://%s/api/certificate/" % authority_name authority_url = "http://%s/api/certificate/" % authority_name
click.echo("Attempting to fetch authority certificate from %s" % authority_url) click.echo("Attempting to fetch authority certificate from %s" % authority_url)
try: try:
r = requests.get(authority_url, r = session.get(authority_url,
headers={"Accept": "application/x-x509-ca-cert,application/x-pem-file"}) headers={"Accept": "application/x-x509-ca-cert,application/x-pem-file"})
header, _, certificate_der_bytes = pem.unarmor(r.content) header, _, certificate_der_bytes = pem.unarmor(r.content)
authority_certificate = x509.Certificate.load(certificate_der_bytes) authority_certificate = x509.Certificate.load(certificate_der_bytes)
@ -187,7 +202,7 @@ def certidude_enroll(fork, no_wait, kerberos):
bootstrap_url = "http://%s/api/bootstrap/" % authority_name bootstrap_url = "http://%s/api/bootstrap/" % authority_name
click.echo("Attempting to bootstrap connection from %s" % bootstrap_url) click.echo("Attempting to bootstrap connection from %s" % bootstrap_url)
try: try:
r = requests.get(bootstrap_url) r = session.get(bootstrap_url)
except requests.exceptions.ConnectionError: except requests.exceptions.ConnectionError:
click.echo("Connection error while attempting to fetch %s" % bootstrap_url) click.echo("Connection error while attempting to fetch %s" % bootstrap_url)
continue continue
@ -321,7 +336,7 @@ def certidude_enroll(fork, no_wait, kerberos):
request_url = request_url + "?" + "&".join(request_params) request_url = request_url + "?" + "&".join(request_params)
try: try:
submission = requests.post(request_url, **kwargs) submission = session.post(request_url, **kwargs)
except requests.exceptions.ConnectionError: except requests.exceptions.ConnectionError:
click.echo("Connection error while attempting to submit request to %s" % request_url) click.echo("Connection error while attempting to submit request to %s" % request_url)
continue continue
@ -337,7 +352,7 @@ def certidude_enroll(fork, no_wait, kerberos):
os.unlink(pid_path) os.unlink(pid_path)
continue continue
if submission.status_code == requests.codes.conflict: if submission.status_code == requests.codes.conflict:
raise errors.DuplicateCommonNameError("Different signing request with same CN is already present on server, server refuses to overwrite") raise ValueError("Different signing request with same CN is already present on server, server refuses to overwrite")
elif submission.status_code == requests.codes.gone: elif submission.status_code == requests.codes.gone:
# Should the client retry or disable request submission? # Should the client retry or disable request submission?
raise ValueError("Server refused to sign the request") # TODO: Raise proper exception raise ValueError("Server refused to sign the request") # TODO: Raise proper exception