Skip to content

OCPBUGS-62295: Shorten HAProxy timeouts#5312

Merged
openshift-merge-bot[bot] merged 2 commits intoopenshift:mainfrom
cybertron:haproxy-shorter-timeouts
Jan 22, 2026
Merged

OCPBUGS-62295: Shorten HAProxy timeouts#5312
openshift-merge-bot[bot] merged 2 commits intoopenshift:mainfrom
cybertron:haproxy-shorter-timeouts

Conversation

@cybertron
Copy link
Member

@cybertron cybertron commented Sep 26, 2025

I'm not sure why we set these to 24 hours in the first place, but
it doesn't match what we document in our sample UPI HAProxy config,
nor can I find any justification for why one would want such long
timeouts. This changes our client and server timeouts to be 1m,
matching the documented values. It also sets the tunnel timeout to
5m, which is not covered at all in the documentation but according
to HAProxy docs should generally be longer than other timeouts since
tunnel connection tend to be longer lived.

- What I did

- How to verify it

- Description for the changelog

@cybertron
OCPBUGS-62232: Set -fin timeouts in HAProxy config
a55feb4 
We have a bug where misbehaved clients are exhausting the connection
limits by starting a connection and abandoning it before it is even
established. Setting the client-fin timeout is a recommended option
to address this sort of situation. This patch also sets server-fin
in the interest of symmetry and avoiding any similar issues on the
server side.
@cybertron
Shorten HAProxy timeouts
9399af9 
I'm not sure why we set these to 24 hours in the first place, but
it doesn't match what we document in our sample UPI HAProxy config,
nor can I find any justification for why one would want such long
timeouts. This changes our client and server timeouts to be 1m,
matching the documented values. It also sets the tunnel timeout to
5m, which is not covered at all in the documentation but according
to HAProxy docs should generally be longer than other timeouts since
tunnel connection tend to be longer lived.
@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Sep 26, 2025
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Sep 26, 2025

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@openshift-ci-robot openshift-ci-robot added jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. labels Sep 26, 2025
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Sep 26, 2025

@cybertron: This pull request references Jira Issue OCPBUGS-62295, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.21.0) matches configured target version for branch (4.21.0)
  • bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @rbbratta

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

I'm not sure why we set these to 24 hours in the first place, but
it doesn't match what we document in our sample UPI HAProxy config,
nor can I find any justification for why one would want such long
timeouts. This changes our client and server timeouts to be 1m,
matching the documented values. It also sets the tunnel timeout to
5m, which is not covered at all in the documentation but according
to HAProxy docs should generally be longer than other timeouts since
tunnel connection tend to be longer lived.

- What I did

- How to verify it

- Description for the changelog

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot requested a review from rbbratta September 26, 2025 20:11
@cybertron
Copy link
Member Author

cybertron commented Sep 26, 2025

This should merge after #5310 to avoid issues with backporting that PR.

@rbbratta
Copy link
Contributor

rbbratta commented Nov 12, 2025

/verified by @rbbratta

@openshift-ci-robot openshift-ci-robot added the verified Signifies that the PR passed pre-merge verification criteria label Nov 12, 2025
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Nov 12, 2025

@rbbratta: This PR has been marked as verified by @rbbratta.

Details

In response to this:

/verified by @rbbratta

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@cybertron
Copy link
Member Author

cybertron commented Dec 2, 2025

#5310 has merged so this is ready to go.

@cybertron cybertron marked this pull request as ready for review December 2, 2025 18:49
@openshift-ci openshift-ci bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Dec 2, 2025
@openshift-ci openshift-ci bot requested review from gryf and mandre December 2, 2025 18:50
@mkowalski
Copy link
Contributor

mkowalski commented Dec 3, 2025

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Dec 3, 2025
@cybertron
Copy link
Member Author

cybertron commented Jan 9, 2026

/test e2e-metal-ipi-ovn-ipv6

OpenStack job has been very unstable lately, let's try metal.

@pablintino
Copy link
Contributor

pablintino commented Jan 21, 2026

/retest-required
/lgtm

@pablintino
Copy link
Contributor

pablintino commented Jan 21, 2026 

/test e2e-openstack

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jan 21, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cybertron, mkowalski, pablintino

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 21, 2026
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Jan 21, 2026

/retest-required

Remaining retests: 0 against base HEAD 6678a5f and 2 for PR HEAD 9399af9 in total

@openshift-merge-bot openshift-merge-bot bot merged commit 6337aff into openshift:main Jan 22, 2026
13 of 17 checks passed
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Jan 22, 2026

@cybertron: Jira Issue Verification Checks: Jira Issue OCPBUGS-62295
✔️ This pull request was pre-merge verified.
✔️ All associated pull requests have merged.
✔️ All associated, merged pull requests were pre-merge verified.

Jira Issue OCPBUGS-62295 has been moved to the MODIFIED state and will move to the VERIFIED state when the change is available in an accepted nightly payload. 🕓

Details

In response to this:

I'm not sure why we set these to 24 hours in the first place, but
it doesn't match what we document in our sample UPI HAProxy config,
nor can I find any justification for why one would want such long
timeouts. This changes our client and server timeouts to be 1m,
matching the documented values. It also sets the tunnel timeout to
5m, which is not covered at all in the documentation but according
to HAProxy docs should generally be longer than other timeouts since
tunnel connection tend to be longer lived.

- What I did

- How to verify it

- Description for the changelog

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jan 22, 2026

@cybertron: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-openstack 9399af9 link false /test e2e-openstack
ci/prow/bootstrap-unit 9399af9 link false /test bootstrap-unit
ci/prow/e2e-gcp-op-ocl 9399af9 link true /test e2e-gcp-op-ocl

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rbbratta rbbratta Awaiting requested review from rbbratta

@gryf gryf Awaiting requested review from gryf

@mandre mandre Awaiting requested review from mandre

Assignees

@mkowalski mkowalski

@pablintino pablintino

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged. verified Signifies that the PR passed pre-merge verification criteria

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@cybertron @openshift-ci-robot @rbbratta @mkowalski @pablintino