diff --git a/api/bases/keystone.openstack.org_keystoneapis.yaml b/api/bases/keystone.openstack.org_keystoneapis.yaml index 8611326c..d5becf78 100644 --- a/api/bases/keystone.openstack.org_keystoneapis.yaml +++ b/api/bases/keystone.openstack.org_keystoneapis.yaml @@ -59,6 +59,11 @@ spec: default: admin description: AdminUser - admin user name type: string + apiTimeout: + default: 60 + description: APITimeout for HAProxy, Apache + minimum: 10 + type: integer containerImage: description: Keystone Container Image URL (will be set to environmental default if empty) diff --git a/api/v1beta1/keystoneapi_types.go b/api/v1beta1/keystoneapi_types.go index a0d86aff..0be3e508 100644 --- a/api/v1beta1/keystoneapi_types.go +++ b/api/v1beta1/keystoneapi_types.go @@ -45,6 +45,9 @@ const ( // KeystoneAPIContainerImage is the fall-back container image for KeystoneAPI KeystoneAPIContainerImage = "quay.io/podified-antelope-centos9/openstack-keystone:current-podified" + + // APIDefaultTimeout default timeout for HAProxy, Apache + APIDefaultTimeout = 60 ) type KeystoneAPISpec struct { @@ -184,6 +187,12 @@ type KeystoneAPISpecCore struct { // +operator-sdk:csv:customresourcedefinitions:type=spec // TLS - Parameters related to the TLS TLS tls.API `json:"tls,omitempty"` + + // +kubebuilder:validation:Optional + // +kubebuilder:default=60 + // +kubebuilder:validation:Minimum=10 + // APITimeout for HAProxy, Apache + APITimeout int `json:"apiTimeout"` } // APIOverrideSpec to override the generated manifest of several child resources. @@ -298,6 +307,7 @@ func SetupDefaults() { // Acquire environmental defaults and initialize Keystone defaults with them keystoneDefaults := KeystoneAPIDefaults{ ContainerImageURL: util.GetEnvVar("RELATED_IMAGE_KEYSTONE_API_IMAGE_URL_DEFAULT", KeystoneAPIContainerImage), + APITimeout: APIDefaultTimeout, } SetupKeystoneAPIDefaults(keystoneDefaults) diff --git a/api/v1beta1/keystoneapi_webhook.go b/api/v1beta1/keystoneapi_webhook.go index 003bbe21..3765561b 100644 --- a/api/v1beta1/keystoneapi_webhook.go +++ b/api/v1beta1/keystoneapi_webhook.go @@ -38,6 +38,7 @@ import ( // KeystoneAPIDefaults - type KeystoneAPIDefaults struct { ContainerImageURL string + APITimeout int } var keystoneAPIDefaults KeystoneAPIDefaults @@ -48,6 +49,7 @@ var keystoneapilog = logf.Log.WithName("keystoneapi-resource") // SetupKeystoneAPIDefaults - initialize KeystoneAPI spec defaults for use with either internal or external webhooks func SetupKeystoneAPIDefaults(defaults KeystoneAPIDefaults) { keystoneAPIDefaults = defaults + keystoneapilog.Info("KeystoneAPI defaults initialized", "defaults", defaults) } @@ -81,7 +83,9 @@ func (spec *KeystoneAPISpec) Default() { // Default - set defaults for this KeystoneAPI core spec // NOTE: only this version is used by OpenStackOperators webhook func (spec *KeystoneAPISpecCore) Default() { - // no defaults to set yet + if spec.APITimeout == 0 { + spec.APITimeout = keystoneAPIDefaults.APITimeout + } } // TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation. @@ -167,3 +171,25 @@ func (r *KeystoneAPI) ValidateDelete() (admission.Warnings, error) { // TODO(user): fill in your validation logic upon object deletion. return nil, nil } + +// SetDefaultRouteAnnotations sets HAProxy timeout values of the route +func (spec *KeystoneAPISpecCore) SetDefaultRouteAnnotations(annotations map[string]string) { + const haProxyAnno = "haproxy.router.openshift.io/timeout" + // Use a custom annotation to flag when the operator has set the default HAProxy timeout + // With the annotation func determines when to overwrite existing HAProxy timeout with the APITimeout + const keystoneAnno = "api.keystone.openstack.org/timeout" + valKeystoneAPI, okKeystoneAPI := annotations[keystoneAnno] + valHAProxy, okHAProxy := annotations[haProxyAnno] + // Human operator set the HAProxy timeout manually + if !okKeystoneAPI && okHAProxy { + return + } + // Human operator modified the HAProxy timeout manually without removing the Keystone flag + if okKeystoneAPI && okHAProxy && valKeystoneAPI != valHAProxy { + delete(annotations, keystoneAnno) + return + } + timeout := fmt.Sprintf("%ds", spec.APITimeout) + annotations[keystoneAnno] = timeout + annotations[haProxyAnno] = timeout +} diff --git a/config/crd/bases/keystone.openstack.org_keystoneapis.yaml b/config/crd/bases/keystone.openstack.org_keystoneapis.yaml index 8611326c..d5becf78 100644 --- a/config/crd/bases/keystone.openstack.org_keystoneapis.yaml +++ b/config/crd/bases/keystone.openstack.org_keystoneapis.yaml @@ -59,6 +59,11 @@ spec: default: admin description: AdminUser - admin user name type: string + apiTimeout: + default: 60 + description: APITimeout for HAProxy, Apache + minimum: 10 + type: integer containerImage: description: Keystone Container Image URL (will be set to environmental default if empty) diff --git a/controllers/keystoneapi_controller.go b/controllers/keystoneapi_controller.go index d788affc..60b2c8b7 100644 --- a/controllers/keystoneapi_controller.go +++ b/controllers/keystoneapi_controller.go @@ -1215,6 +1215,7 @@ func (r *KeystoneAPIReconciler) generateServiceConfigMaps( httpdVhostConfig[endpt.String()] = endptConfig } templateParameters["VHosts"] = httpdVhostConfig + templateParameters["TimeOut"] = instance.Spec.APITimeout tmpl := []util.Template{ // Scripts diff --git a/templates/keystoneapi/config/httpd.conf b/templates/keystoneapi/config/httpd.conf index 641b6ddf..8a023700 100644 --- a/templates/keystoneapi/config/httpd.conf +++ b/templates/keystoneapi/config/httpd.conf @@ -26,6 +26,7 @@ CustomLog /dev/stdout proxy env=forwarded # {{ $endpt }} vhost {{ $vhost.ServerName }} configuration ServerName {{ $vhost.ServerName }} + TimeOut {{ $.TimeOut }} ## Vhost docroot DocumentRoot "/var/www/cgi-bin/keystone" diff --git a/tests/functional/keystoneapi_controller_test.go b/tests/functional/keystoneapi_controller_test.go index c041641d..a9d9f8ca 100644 --- a/tests/functional/keystoneapi_controller_test.go +++ b/tests/functional/keystoneapi_controller_test.go @@ -417,6 +417,9 @@ var _ = Describe("Keystone controller", func() { configData = string(scrt.Data["my.cnf"]) Expect(configData).To( ContainSubstring("[client]\nssl=0")) + httpdConfData := string(scrt.Data["httpd.conf"]) + Expect(httpdConfData).To( + ContainSubstring("TimeOut 60")) }) It("should create a Secret for fernet keys", func() { th.GetSecret(types.NamespacedName{