ipa: retry restore if it fails to bind to LDAP

ipa-restore sometimes returns 0 but does not restore IPA correctly. ``` + ipa-restore --unattended --password Secret123 --data --online /tmp/tmp.aBMkEEeqbD/ipa Preparing restore from /tmp/tmp.aBMkEEeqbD/ipa on master.ipa.test Performing DATA restore from DATA backup Temporary setting umask to 022 Each master will individually need to be re-initialized or re-created from this one. The replication agreements on masters running IPA 3.1 or earlier will need to be manually re-enabled. See the man page for details. Disabling all replication. Starting Directory Server Restoring from userRoot in IPA-TEST Unable to bind to LDAP server: Operations error: Restoring from ipaca in IPA-TEST Waiting for LDIF to finish Restoring umask to 18 The ipa-restore command was successful ```
SSSD · Sep 23, 2024 · 9d51c0a · 9d51c0a
1 parent 032ebc6
commit 9d51c0a
Showing 1 changed file with 27 additions and 23 deletions.
diff --git a/sssd_test_framework/hosts/ipa.py b/sssd_test_framework/hosts/ipa.py
@@ -171,29 +171,33 @@ def restore(self, backup_data: Any | None) -> None:
         if not isinstance(backup_data, PurePosixPath):
             raise TypeError(f"Expected PurePosixPath, got {type(backup_data)}")
 
-        backup_path = str(backup_data)
-        self.logger.info(f"Restoring IPA server from {backup_path}")
+        # Bind sometimes fails: https://pagure.io/freeipa/issue/9669
+        @retry_command(delay=0, match_stderr="Unable to bind to LDAP server", check_rc=False)
+        def _restore():
+            return self.conn.run(
+                f"""
+                set -ex
 
-        self.conn.run(
-            f"""
-            set -ex
+                function restore {{
+                    rm --force --recursive "$2"
+                    if [ -d "$1" ] || [ -f "$1" ]; then
+                        cp --force --archive "$1" "$2"
+                    fi
+                }}
 
-            function restore {{
-                rm --force --recursive "$2"
-                if [ -d "$1" ] || [ -f "$1" ]; then
-                    cp --force --archive "$1" "$2"
-                fi
-            }}
-
-            ipa-restore --unattended --password "{self.adminpw}" --data --online "{backup_path}/ipa"
-
-            rm --force --recursive /etc/sssd /var/lib/sss /var/log/sssd
-            restore "{backup_path}/krb5.conf" /etc/krb5.conf
-            restore "{backup_path}/krb5.keytab" /etc/krb5.keytab
-            restore "{backup_path}/config" /etc/sssd
-            restore "{backup_path}/logs" /var/log/sssd
-            restore "{backup_path}/lib" /var/lib/sss
-            """,
-            log_level=ProcessLogLevel.Error,
-        )
+                ipa-restore --unattended --password "{self.adminpw}" --data --online "{backup_path}/ipa"
+
+                rm --force --recursive /etc/sssd /var/lib/sss /var/log/sssd
+                restore "{backup_path}/krb5.conf" /etc/krb5.conf
+                restore "{backup_path}/krb5.keytab" /etc/krb5.keytab
+                restore "{backup_path}/config" /etc/sssd
+                restore "{backup_path}/logs" /var/log/sssd
+                restore "{backup_path}/lib" /var/lib/sss
+                """,
+                log_level=ProcessLogLevel.Error,
+            )
+
+        backup_path = str(backup_data)
+        self.logger.info(f"Restoring IPA server from {backup_path}")
+        _restore()
         self.svc.restart("sssd.service")