Add configurable API Timeout

api/bases/keystone.openstack.org_keystoneapis.yaml

@@ -55,6 +55,11 @@ spec:
                 default: admin
                 description: AdminUser - admin user name
                 type: string
+              apiTimeout:
+                default: 60
+                description: APITimeout for HAProxy, Apache
+                minimum: 10
+                type: integer
               containerImage:
                 description: Keystone Container Image URL (will be set to environmental
                   default if empty)

api/v1beta1/keystoneapi_types.go

@@ -45,6 +45,9 @@ const (
 
 	// KeystoneAPIContainerImage is the fall-back container image for KeystoneAPI
 	KeystoneAPIContainerImage = "quay.io/podified-antelope-centos9/openstack-keystone:current-podified"
+
+	// APIDefaultTimeout default timeout for HAProxy, Apache
+	APIDefaultTimeout = 60
 )
 
 type KeystoneAPISpec struct {
@@ -184,6 +187,12 @@ type KeystoneAPISpecCore struct {
 	// +operator-sdk:csv:customresourcedefinitions:type=spec
 	// TLS - Parameters related to the TLS
 	TLS tls.API `json:"tls,omitempty"`
+
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:default=60
+	// +kubebuilder:validation:Minimum=10
+	// APITimeout for HAProxy, Apache
+	APITimeout int `json:"apiTimeout"`
 }
 
 // APIOverrideSpec to override the generated manifest of several child resources.
@@ -298,6 +307,7 @@ func SetupDefaults() {
 	// Acquire environmental defaults and initialize Keystone defaults with them
 	keystoneDefaults := KeystoneAPIDefaults{
 		ContainerImageURL: util.GetEnvVar("RELATED_IMAGE_KEYSTONE_API_IMAGE_URL_DEFAULT", KeystoneAPIContainerImage),
+		APITimeout:        APIDefaultTimeout,
 	}
 
 	SetupKeystoneAPIDefaults(keystoneDefaults)

api/v1beta1/keystoneapi_webhook.go

@@ -38,6 +38,7 @@ import (
 // KeystoneAPIDefaults -
 type KeystoneAPIDefaults struct {
 	ContainerImageURL string
+	APITimeout        int
 }
 
 var keystoneAPIDefaults KeystoneAPIDefaults
@@ -48,6 +49,7 @@ var keystoneapilog = logf.Log.WithName("keystoneapi-resource")
 // SetupKeystoneAPIDefaults - initialize KeystoneAPI spec defaults for use with either internal or external webhooks
 func SetupKeystoneAPIDefaults(defaults KeystoneAPIDefaults) {
 	keystoneAPIDefaults = defaults
+
 	keystoneapilog.Info("KeystoneAPI defaults initialized", "defaults", defaults)
 }
 
@@ -81,7 +83,9 @@ func (spec *KeystoneAPISpec) Default() {
 // Default - set defaults for this KeystoneAPI core spec
 // NOTE: only this version is used by OpenStackOperators webhook
 func (spec *KeystoneAPISpecCore) Default() {
-	// no defaults to set yet
+	if spec.APITimeout == 0 {
+		spec.APITimeout = keystoneAPIDefaults.APITimeout
+	}
 }
 
 // TODO(user): change verbs to "verbs=create;update;delete" if you want to enable deletion validation.
@@ -167,3 +171,25 @@ func (r *KeystoneAPI) ValidateDelete() (admission.Warnings, error) {
 	// TODO(user): fill in your validation logic upon object deletion.
 	return nil, nil
 }
+
+// SetDefaultRouteAnnotations sets HAProxy timeout values of the route
+func (spec *KeystoneAPISpecCore) SetDefaultRouteAnnotations(annotations map[string]string) {
+	const haProxyAnno = "haproxy.router.openshift.io/timeout"
+	// Use a custom annotation to flag when the operator has set the default HAProxy timeout
+	// With the annotation func determines when to overwrite existing HAProxy timeout with the APITimeout
+	const keystoneAnno = "api.keystone.openstack.org/timeout"
+	valKeystoneAPI, okKeystoneAPI := annotations[keystoneAnno]
+	valHAProxy, okHAProxy := annotations[haProxyAnno]
+	// Human operator set the HAProxy timeout manually
+	if !okKeystoneAPI && okHAProxy {
+		return
+	}
+	// Human operator modified the HAProxy timeout manually without removing the Keystone flag
+	if okKeystoneAPI && okHAProxy && valKeystoneAPI != valHAProxy {
+		delete(annotations, keystoneAnno)
+		return
+	}
+	timeout := fmt.Sprintf("%ds", spec.APITimeout)
+	annotations[keystoneAnno] = timeout
+	annotations[haProxyAnno] = timeout
+}

config/crd/bases/keystone.openstack.org_keystoneapis.yaml

@@ -55,6 +55,11 @@ spec:
                 default: admin
                 description: AdminUser - admin user name
                 type: string
+              apiTimeout:
+                default: 60
+                description: APITimeout for HAProxy, Apache
+                minimum: 10
+                type: integer
               containerImage:
                 description: Keystone Container Image URL (will be set to environmental
                   default if empty)

controllers/keystoneapi_controller.go

@@ -1214,6 +1214,7 @@ func (r *KeystoneAPIReconciler) generateServiceConfigMaps(
 		httpdVhostConfig[endpt.String()] = endptConfig
 	}
 	templateParameters["VHosts"] = httpdVhostConfig
+	templateParameters["TimeOut"] = instance.Spec.APITimeout
 
 	tmpl := []util.Template{
 		// Scripts

templates/keystoneapi/config/httpd.conf

@@ -26,6 +26,7 @@ CustomLog /dev/stdout proxy env=forwarded
 # {{ $endpt }} vhost {{ $vhost.ServerName }} configuration
 <VirtualHost *:5000>
   ServerName {{ $vhost.ServerName }}
+  TimeOut {{ $.TimeOut }}
 
   ## Vhost docroot
   DocumentRoot "/var/www/cgi-bin/keystone"

tests/functional/keystoneapi_controller_test.go

@@ -415,6 +415,9 @@ var _ = Describe("Keystone controller", func() {
 			configData = string(scrt.Data["my.cnf"])
 			Expect(configData).To(
 				ContainSubstring("[client]\nssl=0"))
+			httpdConfData := string(scrt.Data["httpd.conf"])
+			Expect(httpdConfData).To(
+				ContainSubstring("TimeOut 60"))
 		})
 		It("should create a Secret for fernet keys", func() {
 			th.GetSecret(types.NamespacedName{