diff --git a/cmd/osbuild-worker/jobimpl-koji-finalize.go b/cmd/osbuild-worker/jobimpl-koji-finalize.go index 2c7d1e16d..8d4780834 100644 --- a/cmd/osbuild-worker/jobimpl-koji-finalize.go +++ b/cmd/osbuild-worker/jobimpl-koji-finalize.go @@ -1,9 +1,7 @@ package main import ( - "crypto/tls" "fmt" - "net/http" "net/url" "time" @@ -16,7 +14,8 @@ import ( ) type KojiFinalizeJobImpl struct { - KojiServers map[string]koji.GSSAPICredentials + KojiServers map[string]koji.GSSAPICredentials + relaxTimeoutFactor uint } func (impl *KojiFinalizeJobImpl) kojiImport( @@ -25,13 +24,7 @@ func (impl *KojiFinalizeJobImpl) kojiImport( buildRoots []koji.BuildRoot, images []koji.Image, directory, token string) error { - // Koji for some reason needs TLS renegotiation enabled. - // Clone the default http transport and enable renegotiation. - transport := http.DefaultTransport.(*http.Transport).Clone() - transport.TLSClientConfig = &tls.Config{ - Renegotiation: tls.RenegotiateOnceAsClient, - MinVersion: tls.VersionTLS12, - } + transport := koji.CreateKojiTransport(impl.relaxTimeoutFactor) serverURL, err := url.Parse(server) if err != nil { @@ -63,13 +56,7 @@ func (impl *KojiFinalizeJobImpl) kojiImport( } func (impl *KojiFinalizeJobImpl) kojiFail(server string, buildID int, token string) error { - // Koji for some reason needs TLS renegotiation enabled. - // Clone the default http transport and enable renegotiation. - transport := http.DefaultTransport.(*http.Transport).Clone() - transport.TLSClientConfig = &tls.Config{ - Renegotiation: tls.RenegotiateOnceAsClient, - MinVersion: tls.VersionTLS12, - } + transport := koji.CreateKojiTransport(impl.relaxTimeoutFactor) serverURL, err := url.Parse(server) if err != nil { diff --git a/cmd/osbuild-worker/jobimpl-koji-init.go b/cmd/osbuild-worker/jobimpl-koji-init.go index ee4b46587..6e5df95d5 100644 --- a/cmd/osbuild-worker/jobimpl-koji-init.go +++ b/cmd/osbuild-worker/jobimpl-koji-init.go @@ -1,9 +1,7 @@ package main import ( - "crypto/tls" "fmt" - "net/http" "net/url" "github.com/sirupsen/logrus" @@ -14,17 +12,12 @@ import ( ) type KojiInitJobImpl struct { - KojiServers map[string]koji.GSSAPICredentials + KojiServers map[string]koji.GSSAPICredentials + relaxTimeoutFactor uint } func (impl *KojiInitJobImpl) kojiInit(server, name, version, release string) (string, uint64, error) { - // Koji for some reason needs TLS renegotiation enabled. - // Clone the default http transport and enable renegotiation. - transport := http.DefaultTransport.(*http.Transport).Clone() - transport.TLSClientConfig = &tls.Config{ - Renegotiation: tls.RenegotiateOnceAsClient, - MinVersion: tls.VersionTLS12, - } + transport := koji.CreateKojiTransport(impl.relaxTimeoutFactor) serverURL, err := url.Parse(server) if err != nil { diff --git a/cmd/osbuild-worker/jobimpl-osbuild-koji.go b/cmd/osbuild-worker/jobimpl-osbuild-koji.go index 24dee508c..3c60384e1 100644 --- a/cmd/osbuild-worker/jobimpl-osbuild-koji.go +++ b/cmd/osbuild-worker/jobimpl-osbuild-koji.go @@ -1,10 +1,8 @@ package main import ( - "crypto/tls" "fmt" "io/ioutil" - "net/http" "net/url" "os" "path" @@ -18,19 +16,14 @@ import ( ) type OSBuildKojiJobImpl struct { - Store string - Output string - KojiServers map[string]koji.GSSAPICredentials + Store string + Output string + KojiServers map[string]koji.GSSAPICredentials + relaxTimeoutFactor uint } func (impl *OSBuildKojiJobImpl) kojiUpload(file *os.File, server, directory, filename string) (string, uint64, error) { - // Koji for some reason needs TLS renegotiation enabled. - // Clone the default http transport and enable renegotiation. - transport := http.DefaultTransport.(*http.Transport).Clone() - transport.TLSClientConfig = &tls.Config{ - Renegotiation: tls.RenegotiateOnceAsClient, - MinVersion: tls.VersionTLS12, - } + transport := koji.CreateKojiTransport(impl.relaxTimeoutFactor) serverURL, err := url.Parse(server) if err != nil { diff --git a/cmd/osbuild-worker/main.go b/cmd/osbuild-worker/main.go index 39de47d13..5105c3fe3 100644 --- a/cmd/osbuild-worker/main.go +++ b/cmd/osbuild-worker/main.go @@ -142,7 +142,8 @@ func main() { OAuthURL string `toml:"oauth_url"` OfflineTokenPath string `toml:"offline_token"` } `toml:"authentication"` - BasePath string `toml:"base_path"` + RelaxTimeoutFactor uint `toml:"RelaxTimeoutFactor"` + BasePath string `toml:"base_path"` } var unix bool flag.BoolVar(&unix, "unix", false, "Interpret 'address' as a path to a unix domain socket instead of a network address") @@ -323,15 +324,18 @@ func main() { AWSCreds: awsCredentials, }, "osbuild-koji": &OSBuildKojiJobImpl{ - Store: store, - Output: output, - KojiServers: kojiServers, + Store: store, + Output: output, + KojiServers: kojiServers, + relaxTimeoutFactor: config.RelaxTimeoutFactor, }, "koji-init": &KojiInitJobImpl{ - KojiServers: kojiServers, + KojiServers: kojiServers, + relaxTimeoutFactor: config.RelaxTimeoutFactor, }, "koji-finalize": &KojiFinalizeJobImpl{ - KojiServers: kojiServers, + KojiServers: kojiServers, + relaxTimeoutFactor: config.RelaxTimeoutFactor, }, } diff --git a/internal/upload/koji/koji.go b/internal/upload/koji/koji.go index 7ff7fca87..b94a7e724 100644 --- a/internal/upload/koji/koji.go +++ b/internal/upload/koji/koji.go @@ -2,9 +2,13 @@ package koji import ( "bytes" + "net" + "time" + // koji uses MD5 hashes /* #nosec G501 */ "crypto/md5" + "crypto/tls" "encoding/json" "errors" "fmt" @@ -420,3 +424,24 @@ func GSSAPICredentialsFromEnv() (*GSSAPICredentials, error) { KeyTab: keyTab, }, nil } + +func CreateKojiTransport(relaxTimeout uint) *http.Transport { + // Koji for some reason needs TLS renegotiation enabled. + // Clone the default http transport and enable renegotiation. + transport := http.DefaultTransport.(*http.Transport).Clone() + transport.TLSClientConfig = &tls.Config{ + Renegotiation: tls.RenegotiateOnceAsClient, + MinVersion: tls.VersionTLS12, + } + + // Relax timeouts a bit + if relaxTimeout > 0 { + transport.TLSHandshakeTimeout *= time.Duration(relaxTimeout) + transport.DialContext = (&net.Dialer{ + Timeout: 30 * time.Second * time.Duration(relaxTimeout), + KeepAlive: 30 * time.Second, + }).DialContext + } + + return transport +}