Add configurable API Timeout

...to allow configure the timeouts for HAProxy and Apache.

Signed-off-by: Veronika Fisarova <[email protected]>

api/bases/keystone.openstack.org_keystoneapis.yaml

@@ -55,6 +55,11 @@ spec:
                 default: admin
                 description: AdminUser - admin user name
                 type: string
+              apiTimeout:
+                default: 60
+                description: APITimeout for HAProxy, Apache
+                minimum: 10
+                type: integer
               containerImage:
                 description: Keystone Container Image URL (will be set to environmental
                   default if empty)

api/v1beta1/keystoneapi_types.go

@@ -184,6 +184,12 @@ type KeystoneAPISpecCore struct {
 	// +operator-sdk:csv:customresourcedefinitions:type=spec
 	// TLS - Parameters related to the TLS
 	TLS tls.API `json:"tls,omitempty"`
+
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:default=60
+	// +kubebuilder:validation:Minimum=10
+	// APITimeout for HAProxy, Apache
+	APITimeout int `json:"apiTimeout"`
 }
 
 // APIOverrideSpec to override the generated manifest of several child resources.

api/v1beta1/keystoneapi_webhook.go

@@ -167,3 +167,25 @@ func (r *KeystoneAPI) ValidateDelete() (admission.Warnings, error) {
 	// TODO(user): fill in your validation logic upon object deletion.
 	return nil, nil
 }
+
+// SetDefaultRouteAnnotations sets HAProxy timeout values of the route
+func (spec *KeystoneAPISpecCore) SetDefaultRouteAnnotations(annotations map[string]string) {
+	const haProxyAnno = "haproxy.router.openshift.io/timeout"
+	// Use a custom annotation to flag when the operator has set the default HAProxy timeout
+	// With the annotation func determines when to overwrite existing HAProxy timeout with the APITimeout
+	const keystoneAnno = "api.Keystone.openstack.org/timeout"
+	valKeystoneAPI, okKeystoneAPI := annotations[keystoneAnno]
+	valHAProxy, okHAProxy := annotations[haProxyAnno]
+	// Human operator set the HAProxy timeout manually
+	if !okKeystoneAPI && okHAProxy {
+		return
+	}
+	// Human operator modified the HAProxy timeout manually without removing the Keystone flag
+	if okKeystoneAPI && okHAProxy && valKeystoneAPI != valHAProxy {
+		delete(annotations, keystoneAnno)
+		return
+	}
+	timeout := fmt.Sprintf("%ds", spec.APITimeout)
+	annotations[keystoneAnno] = timeout
+	annotations[haProxyAnno] = timeout
+}

config/crd/bases/keystone.openstack.org_keystoneapis.yaml

@@ -55,6 +55,11 @@ spec:
                 default: admin
                 description: AdminUser - admin user name
                 type: string
+              apiTimeout:
+                default: 60
+                description: APITimeout for HAProxy, Apache
+                minimum: 10
+                type: integer
               containerImage:
                 description: Keystone Container Image URL (will be set to environmental
                   default if empty)

controllers/keystoneapi_controller.go

@@ -1214,6 +1214,7 @@ func (r *KeystoneAPIReconciler) generateServiceConfigMaps(
 		httpdVhostConfig[endpt.String()] = endptConfig
 	}
 	templateParameters["VHosts"] = httpdVhostConfig
+	templateParameters["TimeOut"] = instance.Spec.APITimeout
 
 	tmpl := []util.Template{
 		// Scripts

templates/keystoneapi/config/httpd.conf

@@ -26,6 +26,7 @@ CustomLog /dev/stdout proxy env=forwarded
 # {{ $endpt }} vhost {{ $vhost.ServerName }} configuration
 <VirtualHost *:5000>
   ServerName {{ $vhost.ServerName }}
+  TimeOut {{ $.TimeOut }}
 
   ## Vhost docroot
   DocumentRoot "/var/www/cgi-bin/keystone"

tests/functional/keystoneapi_controller_test.go

@@ -415,6 +415,9 @@ var _ = Describe("Keystone controller", func() {
 			configData = string(scrt.Data["my.cnf"])
 			Expect(configData).To(
 				ContainSubstring("[client]\nssl=0"))
+			httpdConfData := string(scrt.Data["httpd.conf"])
+			Expect(httpdConfData).To(
+				ContainSubstring("TimeOut 60"))
 		})
 		It("should create a Secret for fernet keys", func() {
 			th.GetSecret(types.NamespacedName{