adding CLI for MaxConnectionIdleTime #607
Conversation
pkg/netceptor/netceptor.go
Outdated
| return fmt.Errorf("user defined maxIdleConnectionTimeout [%d] is less than the default default timeout [%d]", duration, defaultMaxConnectionIdleTime) | ||
| } | ||
| // we also need to ensure that if defined, a user defined connection timeout is at least 2x longer than the defaultRouteUpdateTime value | ||
| if duration < (2*defaultRouteUpdateTime + 1*time.Second) { |
There was a problem hiding this comment.
I think this check is unnecessary, given that defaultMaxConnectionIdleTime is defined as 2x defaultRouteUpdateTime + 1 second, and we ensure that duration < defaultMaxConnectionIdleTime in the previous check.
cmd/receptor-cl/receptor.go
Outdated
| ID string `description:"Node ID. Defaults to local hostname." barevalue:"yes"` | ||
| DataDir string `description:"Directory in which to store node data"` | ||
| FirewallRules []netceptor.FirewallRuleData `description:"Firewall Rules (see documentation for syntax)"` | ||
| MaxIdleConnectionTimeout string `description:"User defined maximum time a backend connection can go without data before we consider it failed." default:"21s"` |
There was a problem hiding this comment.
I'd prefer if we don't set a default here. if not defined in the config it will just be an empty string. That way we still only have one place where we define the default, the constant at the top of the netceptor.go file
There was a problem hiding this comment.
if we remove this default, SetMaxConnectionIdleTime should return without error if given an empty string
There was a problem hiding this comment.
@fosterseth - ok good suggestion. not including a default here will resolve the previous code comment you made :)
sarabrajsingh
force-pushed
the
feature/configurable-tcp-timeouts
branch
4 times, most recently
from
07c044b
to
0179a59
Compare
cmd/receptor-cl/receptor.go
Outdated
| ID string `description:"Node ID. Defaults to local hostname." barevalue:"yes"` | ||
| DataDir string `description:"Directory in which to store node data"` | ||
| FirewallRules []netceptor.FirewallRuleData `description:"Firewall Rules (see documentation for syntax)"` | ||
| MaxIdleConnectionTimeout string `description:"User defined maximum time a backend connection can go without data before we consider it failed."` |
There was a problem hiding this comment.
We may change this to,
"Max duration with no traffic before a backend connection is timed out and refreshed."
To emphasize that the backend will timeout, but then refresh automatically.
sarabrajsingh
changed the title
| "github.com/ansible/receptor/tests/functional/lib/mesh" | ||
| ) | ||
|
|
||
| func TestSetMaxConnectionIdleTimeFromPseudoConfigFile(t *testing.T) { |
There was a problem hiding this comment.
are these tests ensuring that the mesh fails to start because of a bad maxidleconnectiontimeout setting?
I'd be content with just having the 3 single node tests that you have above, since they basically test the same thing but are less involved.
There was a problem hiding this comment.
yes, thats exactly what they're doing (bad config file). we didn't have any functional tests around passing bad config files, so i thought i'd create some. we can remove these, i understand that there are already failsafes for bad configuration keys in the config file within receptor (config file checks done at bootstrap-time).
|
pulled down and tested
Something to keep in mind, this setting is per-node, so if nodeA has a timeout set to 40s, and nodeB has the default 21s, then a backend connection between them will timeout in 21s (whichever is less). @sarabrajsingh this would be a good candidate setting to have a blurb in the docs. I think a dedicated page for it would be fine, like we did for firewalls.rst |
|
@fosterseth i added documentation around the |
docs/source/edge_networks.rst
Outdated
|
|
||
| Receptor encapsulates the concepts of `below-the-mesh` and `above-the-mesh` connections. Please refer to :doc:`tls` for a better understanding of these networking layers. | ||
|
|
||
| If a particular node in a network has higher than normal latency, we allow the users to define a finely-grained idle connection timeout value for any given Receptor node. This will help Receptor keep `below-the-mesh` tcp connections alive. Receptor will attempt to reconnect to a timed-out node, to a maximum retry limit and if this retry limit is surpassed, Receptor will drop the connection from the routing table. |
There was a problem hiding this comment.
"to a maximum retry limit and if this retry limit is surpassed"
it's not so much retry logic and limits, rather just monitoring traffic that flows over a backend connection.
If the last statement in this paragraph should be something like,
Receptor will monitor backend connections for traffic and will timeout any connection that hasn't seen traffic for a period of time. Once the connection is dropped, a new connection is formed automatically.
There was a problem hiding this comment.
verbatim copy/paste :) thanks for the suggesstion
|
|
||
| Consider the following environment: | ||
|
|
||
| .. image:: edge.png |
There was a problem hiding this comment.
awesome diagram and docs around this!
Restrict TLS 1.2 cipher suite to strong ciphers
…s for SetMaxConnectionIdleTime
sarabrajsingh
force-pushed
the
feature/configurable-tcp-timeouts
branch
from
f9468eb
to
907da06
Compare
upstream issue - https://github.com/ansible/tower/issues/5777
adding ability to provide a
MaxIdleConnectionTimeoutparameter in a configuration file to keep backendbelow-the-meshTCP connections alive.to-do: