Fixes #39093 - add container db connection options

[ianballou]

Adds support for Katello/smart_proxy_container_gateway#63

Allows users to modify DB max connections and the pool timeout for the container gateway.

The default in the gateway is proposed to be set at 30 connections / 30s timeout.

The reason for the entire effort is that the default 4 connections does not allow enough concurrency for concurrent container pulls.

One big question: should this be configurable via the Installer? Or just via Hiera? My hope is that most users will be able to operate with the defaults.

[evgeni]

One big question: should this be configurable via the Installer? Or just via Hiera? My hope is that most users will be able to operate with the defaults.

Who can answer that?

[evgeni]

The diff is fine, but Katello/smart_proxy_container_gateway#63 is not yet merged, so I am a bit hesitant to merge this before the implementation side hasn't settled.

[ehelms]

This current design allows them to be configured by the user, and to remove the installer support and rely only on hiera would require some gymnastics that would I think lead to an uglier design. I think also these parameters are good to expose this way if a user needs to tweak them.

[ianballou]

This current design allows them to be configured by the user, and to remove the installer support and rely only on hiera would require some gymnastics that would I think lead to an uglier design. I think also these parameters are good to expose this way if a user needs to tweak them.

@ehelms I thought the params here were only editable by custom hiera? I applied the changes to my box and am not seeing container gateway options. I think I remember from back when we added installer support, we decided not to expose the container gateway options to the greater installer arguments.

[ianballou]

I verified that I can set the values via custom-hiera.yaml:

# custom-hiera.yaml
foreman_proxy::plugin::container_gateway::database_max_connections: 100
foreman_proxy::plugin::container_gateway::database_pool_timeout: 80

# container_gateway.yml
...
:db_max_connections: 100
:db_pool_timeout: 80

[ianballou]

No foreman-installer options for max connections or pool timeout though:

[root@ip-10-0-168-216 foreman_proxy]# satellite-installer --full-help | grep connections
    --foreman-proxy-foreman-ssl-ca                                                       SSL CA used to verify connections when accessing the Foreman API.
    --foreman-proxy-puppet-ssl-ca                                                        SSL CA used to verify connections when accessing the Puppet master API (current: "/etc/puppetlabs/puppet/ssl/certs/ca.pem")
    --foreman-proxy-dhcp-failover-address                                                Address for DHCP to listen for connections from its peer (current: "10.0.168.216")
                                                                                         socket connections for unencrypted HTTP traffic. If not provided, the webserver
                                                                                         socket connections for encrypted HTTPS traffic. If not provided, defaults to
[root@ip-10-0-168-216 foreman_proxy]# satellite-installer --full-help | grep pool
                                                                                         additional subnets using `dhcp::pool` and related resource types (provided by the theforeman/puppet-dhcp
    --foreman-proxy-dhcp-gateway                                                         DHCP pool gateway (current: UNDEF)
    --foreman-proxy-dhcp-ping-free-ip                                                    Perform ICMP and TCP ping when searching free IPs from the pool. This makes
    --foreman-proxy-dhcp-range                                                           Space-separated DHCP pool range (current: UNDEF)
    --foreman-proxy-plugin-openscap-spooldir                                             Directory where OpenSCAP audits are stored
                                                                                         before they are forwarded to Foreman (current: "/var/spool/foreman-proxy/openscap")
    --reset-foreman-proxy-plugin-openscap-spooldir                                       Reset spooldir to the default value ("/var/spool/foreman-proxy/openscap")
                                                                                         JRuby from the pool.

[ehelms]

Oh right right, it's contained inside https://github.com/theforeman/puppet-foreman_proxy_content/blob/master/manifests/init.pp#L261

If users may need to tweak this based on their environment and workflows, then I feel like we should expose it directly in puppet-foreman_proxy_content.

[ianballou]

If users may need to tweak this based on their environment and workflows, then I feel like we should expose it directly in puppet-foreman_proxy_content.

That sounds good to me then, we can open a foreman_proxy_content PR.

[ianballou]

Here is the FPC PR: theforeman/puppet-foreman_proxy_content#532