Relax TCP timeouts for koji connections

See COMPOSER-1354 and linked tickets
2022-02-09 19:37:32 +01:00 · 2022-02-09 19:37:32 +01:00 · c1ae5b0881
commit c1ae5b0881
parent 631bd21ffe
5 changed files with 47 additions and 45 deletions
--- a/cmd/osbuild-worker/jobimpl-koji-finalize.go
+++ b/cmd/osbuild-worker/jobimpl-koji-finalize.go
@ -1,9 +1,7 @@
 package main

 import (
-	"crypto/tls"
 	"fmt"
-	"net/http"
 	"net/url"
 	"time"

@ -16,7 +14,8 @@ import (
 )

 type KojiFinalizeJobImpl struct {
-	KojiServers map[string]koji.GSSAPICredentials
+	KojiServers        map[string]koji.GSSAPICredentials
+	relaxTimeoutFactor uint
 }

 func (impl *KojiFinalizeJobImpl) kojiImport(
@ -25,13 +24,7 @@ func (impl *KojiFinalizeJobImpl) kojiImport(
 	buildRoots []koji.BuildRoot,
 	images []koji.Image,
 	directory, token string) error {
-	// Koji for some reason needs TLS renegotiation enabled.
-	// Clone the default http transport and enable renegotiation.
-	transport := http.DefaultTransport.(*http.Transport).Clone()
-	transport.TLSClientConfig = &tls.Config{
-		Renegotiation: tls.RenegotiateOnceAsClient,
-		MinVersion:    tls.VersionTLS12,
-	}
+	transport := koji.CreateKojiTransport(impl.relaxTimeoutFactor)

 	serverURL, err := url.Parse(server)
 	if err != nil {
@ -63,13 +56,7 @@ func (impl *KojiFinalizeJobImpl) kojiImport(
 }

 func (impl *KojiFinalizeJobImpl) kojiFail(server string, buildID int, token string) error {
-	// Koji for some reason needs TLS renegotiation enabled.
-	// Clone the default http transport and enable renegotiation.
-	transport := http.DefaultTransport.(*http.Transport).Clone()
-	transport.TLSClientConfig = &tls.Config{
-		Renegotiation: tls.RenegotiateOnceAsClient,
-		MinVersion:    tls.VersionTLS12,
-	}
+	transport := koji.CreateKojiTransport(impl.relaxTimeoutFactor)

 	serverURL, err := url.Parse(server)
 	if err != nil {
--- a/cmd/osbuild-worker/jobimpl-koji-init.go
+++ b/cmd/osbuild-worker/jobimpl-koji-init.go
@ -1,9 +1,7 @@
 package main

 import (
-	"crypto/tls"
 	"fmt"
-	"net/http"
 	"net/url"

 	"github.com/sirupsen/logrus"
@ -14,17 +12,12 @@ import (
 )

 type KojiInitJobImpl struct {
-	KojiServers map[string]koji.GSSAPICredentials
+	KojiServers        map[string]koji.GSSAPICredentials
+	relaxTimeoutFactor uint
 }

 func (impl *KojiInitJobImpl) kojiInit(server, name, version, release string) (string, uint64, error) {
-	// Koji for some reason needs TLS renegotiation enabled.
-	// Clone the default http transport and enable renegotiation.
-	transport := http.DefaultTransport.(*http.Transport).Clone()
-	transport.TLSClientConfig = &tls.Config{
-		Renegotiation: tls.RenegotiateOnceAsClient,
-		MinVersion:    tls.VersionTLS12,
-	}
+	transport := koji.CreateKojiTransport(impl.relaxTimeoutFactor)

 	serverURL, err := url.Parse(server)
 	if err != nil {
--- a/cmd/osbuild-worker/jobimpl-osbuild-koji.go
+++ b/cmd/osbuild-worker/jobimpl-osbuild-koji.go
@ -1,10 +1,8 @@
 package main

 import (
-	"crypto/tls"
 	"fmt"
 	"io/ioutil"
-	"net/http"
 	"net/url"
 	"os"
 	"path"
@ -18,19 +16,14 @@ import (
 )

 type OSBuildKojiJobImpl struct {
-	Store       string
-	Output      string
-	KojiServers map[string]koji.GSSAPICredentials
+	Store              string
+	Output             string
+	KojiServers        map[string]koji.GSSAPICredentials
+	relaxTimeoutFactor uint
 }

 func (impl *OSBuildKojiJobImpl) kojiUpload(file *os.File, server, directory, filename string) (string, uint64, error) {
-	// Koji for some reason needs TLS renegotiation enabled.
-	// Clone the default http transport and enable renegotiation.
-	transport := http.DefaultTransport.(*http.Transport).Clone()
-	transport.TLSClientConfig = &tls.Config{
-		Renegotiation: tls.RenegotiateOnceAsClient,
-		MinVersion:    tls.VersionTLS12,
-	}
+	transport := koji.CreateKojiTransport(impl.relaxTimeoutFactor)

 	serverURL, err := url.Parse(server)
 	if err != nil {
--- a/cmd/osbuild-worker/main.go
+++ b/cmd/osbuild-worker/main.go
@ -142,7 +142,8 @@ func main() {
 			OAuthURL         string `toml:"oauth_url"`
 			OfflineTokenPath string `toml:"offline_token"`
 		} `toml:"authentication"`
-		BasePath string `toml:"base_path"`
+		RelaxTimeoutFactor uint   `toml:"RelaxTimeoutFactor"`
+		BasePath           string `toml:"base_path"`
 	}
 	var unix bool
 	flag.BoolVar(&unix, "unix", false, "Interpret 'address' as a path to a unix domain socket instead of a network address")
@ -323,15 +324,18 @@ func main() {
 			AWSCreds:    awsCredentials,
 		},
 		"osbuild-koji": &OSBuildKojiJobImpl{
-			Store:       store,
-			Output:      output,
-			KojiServers: kojiServers,
+			Store:              store,
+			Output:             output,
+			KojiServers:        kojiServers,
+			relaxTimeoutFactor: config.RelaxTimeoutFactor,
 		},
 		"koji-init": &KojiInitJobImpl{
-			KojiServers: kojiServers,
+			KojiServers:        kojiServers,
+			relaxTimeoutFactor: config.RelaxTimeoutFactor,
 		},
 		"koji-finalize": &KojiFinalizeJobImpl{
-			KojiServers: kojiServers,
+			KojiServers:        kojiServers,
+			relaxTimeoutFactor: config.RelaxTimeoutFactor,
 		},
 	}

--- a/internal/upload/koji/koji.go
+++ b/internal/upload/koji/koji.go
@ -2,9 +2,13 @@ package koji

 import (
 	"bytes"
+	"net"
+	"time"
+
 	// koji uses MD5 hashes
 	/* #nosec G501 */
 	"crypto/md5"
+	"crypto/tls"
 	"encoding/json"
 	"errors"
 	"fmt"
@ -420,3 +424,24 @@ func GSSAPICredentialsFromEnv() (*GSSAPICredentials, error) {
 		KeyTab:    keyTab,
 	}, nil
 }
+
+func CreateKojiTransport(relaxTimeout uint) *http.Transport {
+	// Koji for some reason needs TLS renegotiation enabled.
+	// Clone the default http transport and enable renegotiation.
+	transport := http.DefaultTransport.(*http.Transport).Clone()
+	transport.TLSClientConfig = &tls.Config{
+		Renegotiation: tls.RenegotiateOnceAsClient,
+		MinVersion:    tls.VersionTLS12,
+	}
+
+	// Relax timeouts a bit
+	if relaxTimeout > 0 {
+		transport.TLSHandshakeTimeout *= time.Duration(relaxTimeout)
+		transport.DialContext = (&net.Dialer{
+			Timeout:   30 * time.Second * time.Duration(relaxTimeout),
+			KeepAlive: 30 * time.Second,
+		}).DialContext
+	}
+
+	return transport
+}