Skip to content

Fixes #39093 - add container db connection options#896

Merged
evgeni merged 1 commit intotheforeman:masterfrom
ianballou:39093-container-connections
Feb 25, 2026
Merged

Fixes #39093 - add container db connection options#896
evgeni merged 1 commit intotheforeman:masterfrom
ianballou:39093-container-connections

Conversation

@ianballou
Copy link
Contributor

@ianballou ianballou commented Feb 19, 2026

Adds support for Katello/smart_proxy_container_gateway#63

Allows users to modify DB max connections and the pool timeout for the container gateway.

The default in the gateway is proposed to be set at 30 connections / 30s timeout.

The reason for the entire effort is that the default 4 connections does not allow enough concurrency for concurrent container pulls.

One big question: should this be configurable via the Installer? Or just via Hiera? My hope is that most users will be able to operate with the defaults.

@evgeni
Copy link
Member

evgeni commented Feb 23, 2026

One big question: should this be configurable via the Installer? Or just via Hiera? My hope is that most users will be able to operate with the defaults.

Who can answer that?

@evgeni
Copy link
Member

evgeni commented Feb 23, 2026

The diff is fine, but Katello/smart_proxy_container_gateway#63 is not yet merged, so I am a bit hesitant to merge this before the implementation side hasn't settled.

@ehelms
Copy link
Member

ehelms commented Feb 23, 2026

This current design allows them to be configured by the user, and to remove the installer support and rely only on hiera would require some gymnastics that would I think lead to an uglier design. I think also these parameters are good to expose this way if a user needs to tweak them.

@ianballou
Copy link
Contributor Author

ianballou commented Feb 23, 2026

This current design allows them to be configured by the user, and to remove the installer support and rely only on hiera would require some gymnastics that would I think lead to an uglier design. I think also these parameters are good to expose this way if a user needs to tweak them.

@ehelms I thought the params here were only editable by custom hiera? I applied the changes to my box and am not seeing container gateway options. I think I remember from back when we added installer support, we decided not to expose the container gateway options to the greater installer arguments.

@ianballou
Copy link
Contributor Author

I verified that I can set the values via custom-hiera.yaml:

# custom-hiera.yaml
foreman_proxy::plugin::container_gateway::database_max_connections: 100
foreman_proxy::plugin::container_gateway::database_pool_timeout: 80
# container_gateway.yml
...
:db_max_connections: 100
:db_pool_timeout: 80

@ianballou
Copy link
Contributor Author

No foreman-installer options for max connections or pool timeout though:

[root@ip-10-0-168-216 foreman_proxy]# satellite-installer --full-help | grep connections
    --foreman-proxy-foreman-ssl-ca                                                       SSL CA used to verify connections when accessing the Foreman API.
    --foreman-proxy-puppet-ssl-ca                                                        SSL CA used to verify connections when accessing the Puppet master API (current: "/etc/puppetlabs/puppet/ssl/certs/ca.pem")
    --foreman-proxy-dhcp-failover-address                                                Address for DHCP to listen for connections from its peer (current: "10.0.168.216")
                                                                                         socket connections for unencrypted HTTP traffic. If not provided, the webserver
                                                                                         socket connections for encrypted HTTPS traffic. If not provided, defaults to
[root@ip-10-0-168-216 foreman_proxy]# satellite-installer --full-help | grep pool
                                                                                         additional subnets using `dhcp::pool` and related resource types (provided by the theforeman/puppet-dhcp
    --foreman-proxy-dhcp-gateway                                                         DHCP pool gateway (current: UNDEF)
    --foreman-proxy-dhcp-ping-free-ip                                                    Perform ICMP and TCP ping when searching free IPs from the pool. This makes
    --foreman-proxy-dhcp-range                                                           Space-separated DHCP pool range (current: UNDEF)
    --foreman-proxy-plugin-openscap-spooldir                                             Directory where OpenSCAP audits are stored
                                                                                         before they are forwarded to Foreman (current: "/var/spool/foreman-proxy/openscap")
    --reset-foreman-proxy-plugin-openscap-spooldir                                       Reset spooldir to the default value ("/var/spool/foreman-proxy/openscap")
                                                                                         JRuby from the pool.

@ehelms
Copy link
Member

ehelms commented Feb 23, 2026

Oh right right, it's contained inside https://github.com/theforeman/puppet-foreman_proxy_content/blob/master/manifests/init.pp#L261

If users may need to tweak this based on their environment and workflows, then I feel like we should expose it directly in puppet-foreman_proxy_content.

@ianballou
Copy link
Contributor Author

If users may need to tweak this based on their environment and workflows, then I feel like we should expose it directly in puppet-foreman_proxy_content.

That sounds good to me then, we can open a foreman_proxy_content PR.

@ianballou
Copy link
Contributor Author

Here is the FPC PR: theforeman/puppet-foreman_proxy_content#532

@evgeni evgeni merged commit db6b5b2 into theforeman:master Feb 25, 2026
14 checks passed
@ianballou ianballou deleted the 39093-container-connections branch February 25, 2026 21:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants