-
Notifications
You must be signed in to change notification settings - Fork 1.3k
HAProxy Configuration: network.loadbalancer.haproxy.idle.timeout#12586
HAProxy Configuration: network.loadbalancer.haproxy.idle.timeout #12586bradh352 wants to merge 2 commits intoapache:main from
Conversation
3f6018f to
bc72961
Compare
bc72961 to
f5216af
Compare
DaanHoogland
commented
Feb 5, 2026
@blueorangutan package
blueorangutan
commented
Feb 5, 2026
@DaanHoogland a [SL] Jenkins job has been kicked to build packages. It will be bundled with no SystemVM templates. I'll keep you posted as I make progress.
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@ ## main #12586 +/- ## ========================================= Coverage 17.89% 17.90% - Complexity 16092 16094 +2 ========================================= Files 5936 5936 Lines 532734 532747 +13 Branches 65165 65167 +2 ========================================= + Hits 95347 95363 +16 + Misses 426711 426707 -4 - Partials 10676 10677 +1
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pull request overview
This PR adds a new global configuration parameter network.loadbalancer.haproxy.idle.timeout to control HAProxy's timeout client and timeout server directives in the defaults section. The default value is 50000 milliseconds (matching the current hardcoded value), and setting it to 0 removes the timeout directives entirely for infinite timeout. This addresses issue #12574 where the aggressive 50-second timeout was problematic for long-running database connections through load balancers.
Changes:
- Added
NETWORK_LB_HAPROXY_IDLE_TIMEOUTconfiguration key with default value of 50000ms - Updated
LoadBalancerConfigCommandto includeidleTimeoutparameter - Modified HAProxyConfigurator to generate timeout directives based on the configuration value
- Added health check validation for the idle timeout configuration
- Updated all LoadBalancerConfigCommand instantiations across VR, internal LB, and elastic LB implementations
- Added comprehensive unit tests for timeout configuration generation
Reviewed changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| engine/api/src/main/java/org/apache/cloudstack/engine/orchestration/service/NetworkOrchestrationService.java | Defines the new configuration key for HAProxy idle timeout |
| engine/orchestration/src/main/java/org/apache/cloudstack/engine/orchestration/NetworkOrchestrator.java | Registers the new configuration key in the configurable keys array |
| core/src/main/java/com/cloud/agent/api/routing/LoadBalancerConfigCommand.java | Adds idleTimeout field and updates constructor signature |
| core/src/main/java/com/cloud/network/HAProxyConfigurator.java | Implements logic to set or remove timeout directives based on idleTimeout value |
| server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java | Passes idle timeout value to load balancing data for virtual routers |
| server/src/main/java/com/cloud/network/router/CommandSetupHelper.java | Updates LoadBalancerConfigCommand instantiation with idle timeout value |
| plugins/network-elements/internal-loadbalancer/src/main/java/org/apache/cloudstack/network/lb/InternalLoadBalancerVMManagerImpl.java | Updates LoadBalancerConfigCommand instantiation for internal load balancers |
| plugins/network-elements/elastic-loadbalancer/src/main/java/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java | Updates LoadBalancerConfigCommand instantiation for elastic load balancers |
| systemvm/debian/root/health_checks/haproxy_check.py | Adds health check validation for idle timeout configuration (contains bugs) |
| core/src/test/java/com/cloud/network/HAProxyConfiguratorTest.java | Adds tests for timeout configuration with 0 and non-zero values |
| core/src/test/java/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java | Updates test fixtures with idle timeout parameter |
| core/src/test/java/com/cloud/agent/resource/virtualnetwork/ConfigHelperTest.java | Updates test fixtures with idle timeout parameter |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Copilot
AI
Feb 5, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The health check function has multiple critical bugs:
-
The config file parser splits lines by space with maxsplit=1 (line 126), so "timeout client 1234" becomes key="timeout" with value="client 1234". However, this function tries to access keys "timeout client" and "timeout server" which don't exist in the parsed configuration.
-
When the timeout fields are missing (line 33-34), the function prints an error but doesn't return False, allowing execution to continue to line 36 where it will crash trying to access non-existent keys.
-
The check at line 36 cannot handle the idletimeout=0 case. When idletimeout is 0, HAProxyConfigurator sets these lines to empty strings (HAProxyConfigurator.java lines 644-645), which means they won't be present in the parsed config.
The correct approach would be to:
- Check for the "timeout" key, not "timeout client"/"timeout server"
- Extract and parse the timeout values from haCfgSections["defaults"]["timeout"] list
- Handle the case where idletimeout is 0 or "0" by verifying the timeout entries are missing or empty
- Return False immediately when timeout fields are missing (if idletimeout != 0)
Copilot
AI
Feb 5, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The code doesn't handle negative values for idleTimeout. If a user somehow configures a negative value, it would fall through the if-else logic and retain the default timeout values from defaultsSection (50000). Consider adding validation to ensure idleTimeout is non-negative, or explicitly handle negative values in the else clause to make the behavior more predictable.
blueorangutan
commented
Feb 5, 2026
Packaging result [SF]: ✔️ el8 ✔️ el9 ✔️ el10 ✔️ debian ✔️ suse15. SL-JID 16705
DaanHoogland
commented
Feb 5, 2026
@blueorangutan test
blueorangutan
commented
Feb 5, 2026
@DaanHoogland a [SL] Trillian-Jenkins test job (ol8 mgmt + kvm-ol8) has been kicked to run smoke tests
Uh oh!
There was an error while loading. Please reload this page.
Description
This PR adds a new configuration parameter of
network.loadbalancer.haproxy.idle.timeoutwhich controls the HAProxytimeout serverandtimeout clientconfiguration parameters under thedefaultssection.Fixes #12574
Types of changes
Feature/Enhancement Scale or Bug Severity
Feature/Enhancement Scale
Bug Severity
Screenshots (if appropriate):
How Has This Been Tested?
How did you try to break this feature and the system with this change?
It has been observed that this will not update dynamically unless some other load balancer configuration is changed (or the VR is restarted). It is not clear if there is any infrastructure to 'trigger' a push to all existing load balancers to regenerate their configuration since this is global.