Added a parameter 'apiTimeout' to allow customization

Added a parameter 'apiTimeout' to allow customization
to the Apache timeout.
The default is set to 60s which we do set for
HAProxy timeouts currently.

To be able to change the HAProxy value based on the apiTimeout with
any update (and not just the first time) the code adds a custom
annotation "api.nova.openstack.org/timeout" with the value that was
initially set, this way flags it as being set by the nova-operator.

Timeout is global for both api and metadata and they are set from nova lvl

There will be follow up patch in openstack-operator
to utilize the method 'SetDefaultRouteAnnotations' to set
these default route annotations in openstack-operator

api/bases/nova.openstack.org_nova.yaml

@@ -355,6 +355,11 @@ spec:
                         type: string
                     type: object
                 type: object
+              apiTimeout:
+                default: 60
+                description: APITimeout for Route and Apache
+                minimum: 10
+                type: integer
               cellTemplates:
                 additionalProperties:
                   description: NovaCellTemplate defines the input parameters specified

api/bases/nova.openstack.org_novaapis.yaml

@@ -57,6 +57,11 @@ spec:
                 description: APIDatabaseHostname - hostname to use when accessing
                   the API DB
                 type: string
+              apiTimeout:
+                default: 60
+                description: APITimeout for Route and Apache
+                minimum: 10
+                type: integer
               cell0DatabaseAccount:
                 default: nova-cell0
                 description: APIDatabaseAccount - MariaDBAccount to use when accessing

api/bases/nova.openstack.org_novacells.yaml

@@ -46,6 +46,11 @@ spec:
                   filed is Required for cell0. TODO(gibi): Add a webhook to validate
                   cell0 constraint'
                 type: string
+              apiTimeout:
+                default: 60
+                description: APITimeout for Route and Apache
+                minimum: 10
+                type: integer
               cellDatabaseAccount:
                 default: nova
                 description: CellDatabaseAccount - MariaDBAccount to use when accessing

api/bases/nova.openstack.org_novametadata.yaml

@@ -58,6 +58,11 @@ spec:
                   the API DB. This filed is Required if the CellName is not provided
                   TODO(gibi): Add a webhook to validate the CellName constraint'
                 type: string
+              apiTimeout:
+                default: 60
+                description: APITimeout for Route and Apache
+                minimum: 10
+                type: integer
               cellDatabaseAccount:
                 default: nova
                 description: CellDatabaseAccount - MariaDBAccount to use when accessing

api/v1beta1/nova_types.go

@@ -66,6 +66,12 @@ type NovaSpecCore struct {
 	// APIDatabaseAccount - MariaDBAccount to use when accessing the API DB
 	APIDatabaseAccount string `json:"apiDatabaseAccount"`
 
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:default=60
+	// +kubebuilder:validation:Minimum=10
+	// APITimeout for Route and Apache
+	APITimeout int `json:"apiTimeout"`
+
 	// +kubebuilder:validation:Required
 	// Secret is the name of the Secret instance containing password
 	// information for nova like the keystone service password and DB passwords

api/v1beta1/nova_webhook.go

@@ -307,6 +307,33 @@ func (r *Nova) ValidateDelete() (admission.Warnings, error) {
 	return nil, nil
 }
 
+// SetDefaultRouteAnnotations sets HAProxy timeout values of the route
+// NOTE: it is used by ctlplane webhook on openstack-operator
+func (r *NovaSpec) SetDefaultRouteAnnotations(annotations map[string]string) {
+	const haProxyAnno = "haproxy.router.openshift.io/timeout"
+	// Use a custom annotation to flag when the operator has set the default HAProxy timeout
+	// With the annotation func determines when to overwrite existing HAProxy timeout with the APITimeout
+	const novaAnno = "api.nova.openstack.org/timeout"
+
+	valNova, okNova := annotations[novaAnno]
+	valHAProxy, okHAProxy := annotations[haProxyAnno]
+
+	// Human operator set the HAProxy timeout manually
+	if !okNova && okHAProxy {
+		return
+	}
+
+	// Human operator modified the HAProxy timeout manually without removing the Nova flag
+	if okNova && okHAProxy && valNova != valHAProxy {
+		delete(annotations, novaAnno)
+		return
+	}
+
+	timeout := fmt.Sprintf("%ds", r.APITimeout)
+	annotations[novaAnno] = timeout
+	annotations[haProxyAnno] = timeout
+}
+
 // Validate the field values
 func (r *NovaCellDBPurge) Validate(basePath *field.Path) field.ErrorList {
 	var errors field.ErrorList

api/v1beta1/novaapi_types.go

@@ -87,6 +87,12 @@ type NovaAPISpec struct {
 	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
 	// Important: Run "make" to regenerate code after modifying this file
 
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:default=60
+	// +kubebuilder:validation:Minimum=10
+	// APITimeout for Route and Apache
+	APITimeout int `json:"apiTimeout"`
+
 	// +kubebuilder:validation:Required
 	// Secret is the name of the Secret instance containing password
 	// information for the nova-api service. This secret is expected to be

api/v1beta1/novacell_types.go

@@ -107,6 +107,12 @@ type NovaCellSpec struct {
 	// the deployment.
 	CellName string `json:"cellName"`
 
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:default=60
+	// +kubebuilder:validation:Minimum=10
+	// APITimeout for Route and Apache
+	APITimeout int `json:"apiTimeout"`
+
 	// +kubebuilder:validation:Required
 	// Secret is the name of the Secret instance containing password
 	// information for the nova cell. This secret is expected to be

api/v1beta1/novametadata_types.go

@@ -103,6 +103,12 @@ type NovaMetadataSpec struct {
 	// If not provided then the metadata serving every cells in the deployment
 	CellName string `json:"cellName,omitempty"`
 
+	// +kubebuilder:validation:Optional
+	// +kubebuilder:default=60
+	// +kubebuilder:validation:Minimum=10
+	// APITimeout for Route and Apache
+	APITimeout int `json:"apiTimeout"`
+
 	// +kubebuilder:validation:Required
 	// Secret is the name of the Secret instance containing password
 	// information for the nova-conductor service. This secret is expected to
@@ -265,6 +271,7 @@ func NewNovaMetadataSpec(
 		TLS:                    novaCell.MetadataServiceTemplate.TLS,
 		DefaultConfigOverwrite: novaCell.MetadataServiceTemplate.DefaultConfigOverwrite,
 		MemcachedInstance:      novaCell.MemcachedInstance,
+		APITimeout:             novaCell.APITimeout,
 	}
 
 	if metadataSpec.NodeSelector == nil {

config/crd/bases/nova.openstack.org_nova.yaml

@@ -355,6 +355,11 @@ spec:
                         type: string
                     type: object
                 type: object
+              apiTimeout:
+                default: 60
+                description: APITimeout for Route and Apache
+                minimum: 10
+                type: integer
               cellTemplates:
                 additionalProperties:
                   description: NovaCellTemplate defines the input parameters specified

config/crd/bases/nova.openstack.org_novaapis.yaml

@@ -57,6 +57,11 @@ spec:
                 description: APIDatabaseHostname - hostname to use when accessing
                   the API DB
                 type: string
+              apiTimeout:
+                default: 60
+                description: APITimeout for Route and Apache
+                minimum: 10
+                type: integer
               cell0DatabaseAccount:
                 default: nova-cell0
                 description: APIDatabaseAccount - MariaDBAccount to use when accessing

config/crd/bases/nova.openstack.org_novacells.yaml

@@ -46,6 +46,11 @@ spec:
                   filed is Required for cell0. TODO(gibi): Add a webhook to validate
                   cell0 constraint'
                 type: string
+              apiTimeout:
+                default: 60
+                description: APITimeout for Route and Apache
+                minimum: 10
+                type: integer
               cellDatabaseAccount:
                 default: nova
                 description: CellDatabaseAccount - MariaDBAccount to use when accessing

config/crd/bases/nova.openstack.org_novametadata.yaml

@@ -58,6 +58,11 @@ spec:
                   the API DB. This filed is Required if the CellName is not provided
                   TODO(gibi): Add a webhook to validate the CellName constraint'
                 type: string
+              apiTimeout:
+                default: 60
+                description: APITimeout for Route and Apache
+                minimum: 10
+                type: integer
               cellDatabaseAccount:
                 default: nova
                 description: CellDatabaseAccount - MariaDBAccount to use when accessing

controllers/nova_controller.go

@@ -1108,6 +1108,7 @@ func (r *NovaReconciler) ensureCell(
 		ServiceUser:     instance.Spec.ServiceUser,
 		KeystoneAuthURL: keystoneAuthURL,
 		ServiceAccount:  instance.RbacResourceName(),
+		APITimeout:      instance.Spec.APITimeout,
 		// The assumption is that the CA bundle for ironic compute in the cell
 		// and the conductor in the cell always the same as the NovaAPI
 		TLS:               instance.Spec.APIServiceTemplate.TLS.Ca,
@@ -1280,6 +1281,7 @@ func (r *NovaReconciler) ensureAPI(
 		TLS:                    instance.Spec.APIServiceTemplate.TLS,
 		DefaultConfigOverwrite: instance.Spec.APIServiceTemplate.DefaultConfigOverwrite,
 		MemcachedInstance:      getMemcachedInstance(instance, cell0Template),
+		APITimeout:             instance.Spec.APITimeout,
 	}
 	api := &novav1.NovaAPI{
 		ObjectMeta: metav1.ObjectMeta{
@@ -1711,6 +1713,7 @@ func (r *NovaReconciler) ensureMetadata(
 		TLS:                    instance.Spec.MetadataServiceTemplate.TLS,
 		DefaultConfigOverwrite: instance.Spec.MetadataServiceTemplate.DefaultConfigOverwrite,
 		MemcachedInstance:      getMemcachedInstance(instance, cell0Template),
+		APITimeout:             instance.Spec.APITimeout,
 	}
 	metadata = &novav1.NovaMetadata{
 		ObjectMeta: metav1.ObjectMeta{

controllers/novaapi_controller.go

@@ -487,13 +487,15 @@ func (r *NovaAPIReconciler) generateConfigs(
 		endptConfig := map[string]interface{}{}
 		endptConfig["ServerName"] = fmt.Sprintf("nova-%s.%s.svc", endpt.String(), instance.Namespace)
 		endptConfig["tls"] = false // default TLS to false, and set it bellow to true if enabled
+		endptConfig["TimeOut"] = instance.Spec.APITimeout
 		if instance.Spec.TLS.API.Enabled(endpt) {
 			templateParameters["tls"] = true
 			endptConfig["tls"] = true
 			endptConfig["SSLCertificateFile"] = fmt.Sprintf("/etc/pki/tls/certs/%s.crt", endpt.String())
 			endptConfig["SSLCertificateKeyFile"] = fmt.Sprintf("/etc/pki/tls/private/%s.key", endpt.String())
 		}
 		httpdVhostConfig[endpt.String()] = endptConfig
+
 	}
 	templateParameters["VHosts"] = httpdVhostConfig
 

controllers/novametadata_controller.go

@@ -476,6 +476,7 @@ func (r *NovaMetadataReconciler) generateConfigs(
 		"MemcachedServers":         memcachedInstance.GetMemcachedServerListString(),
 		"MemcachedServersWithInet": memcachedInstance.GetMemcachedServerListWithInetString(),
 		"MemcachedTLS":             memcachedInstance.GetMemcachedTLSSupport(),
+		"TimeOut":                  instance.Spec.APITimeout,
 	}
 
 	var db *mariadbv1.Database

templates/novaapi/config/httpd.conf

@@ -38,6 +38,7 @@ LogLevel info
   SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
 
   ServerName {{ $vhost.ServerName }}
+  TimeOut {{ $vhost.TimeOut }}
 
   ## Vhost docroot
   DocumentRoot "/var/www/cgi-bin"

templates/novametadata/config/httpd.conf

@@ -36,6 +36,7 @@ LogLevel info
   SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
 
   ServerName {{ .ServerName }}
+  TimeOut {{ .TimeOut }}
 
   ErrorLog /dev/stdout
   CustomLog /dev/stdout combined env=!forwarded

test/functional/nova_metadata_controller_test.go

@@ -985,6 +985,8 @@ var _ = Describe("NovaMetadata controller", func() {
 			Expect(configData).Should(ContainSubstring("SSLEngine on"))
 			Expect(configData).Should(ContainSubstring("SSLCertificateFile      \"/etc/pki/tls/certs/nova-metadata.crt\""))
 			Expect(configData).Should(ContainSubstring("SSLCertificateKeyFile   \"/etc/pki/tls/private/nova-metadata.key\""))
+			Expect(configData).Should(
+				ContainSubstring("TimeOut 60"))
 
 			configData = string(configDataMap.Data["01-nova.conf"])
 			Expect(configData).Should(

test/functional/nova_multicell_test.go

@@ -949,6 +949,14 @@ var _ = Describe("Nova multi cell", func() {
 				HaveKeyWithValue(controllers.MetadataSecretSelector, []byte("metadata-secret")))
 			Expect(cell0Secret.Data).NotTo(
 				HaveKeyWithValue(controllers.MetadataSecretSelector, []byte("metadata-secret-cell1")))
+			configDataMap := th.GetSecret(cell1.MetadataConfigDataName)
+			Expect(configDataMap).ShouldNot(BeNil())
+			Expect(configDataMap.Data).Should(HaveKey("httpd.conf"))
+			Expect(configDataMap.Data).Should(HaveKey("ssl.conf"))
+			configData := string(configDataMap.Data["httpd.conf"])
+			Expect(configData).Should(
+				ContainSubstring("TimeOut 60"))
+
 		})
 	})
 })

test/functional/novaapi_controller_test.go

@@ -1037,6 +1037,8 @@ var _ = Describe("NovaAPI controller", func() {
 			Expect(configData).Should(ContainSubstring("SSLCertificateKeyFile   \"/etc/pki/tls/private/internal.key\""))
 			Expect(configData).Should(ContainSubstring("SSLCertificateFile      \"/etc/pki/tls/certs/public.crt\""))
 			Expect(configData).Should(ContainSubstring("SSLCertificateKeyFile   \"/etc/pki/tls/private/public.key\""))
+			Expect(configData).Should(
+				ContainSubstring("TimeOut 60"))
 
 			configData = string(configDataMap.Data["01-nova.conf"])
 			Expect(configData).Should(