Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Acme_* modules should have configurable timeouts #447

Closed
JonasVerhofste opened this issue Apr 29, 2022 · 2 comments · Fixed by #448
Closed

Acme_* modules should have configurable timeouts #447

JonasVerhofste opened this issue Apr 29, 2022 · 2 comments · Fixed by #448
Labels
enhancement New feature or request

Comments

@JonasVerhofste
Copy link
Contributor

SUMMARY

As far as I can tell, all acme_-modules use the standard fetch_url timeout, which is 10 seconds. (They all call the acme-util)
This timeout should be configurable in case of a slow responding ACME server.

ISSUE TYPE
  • Feature Idea
COMPONENT NAME

acme_account
acme_account_info
acme_certificate
acme_certificate_revoke
acme_challenge_cert_helper
acme_inspect

ADDITIONAL INFORMATION

I'm not entirely sure if this should be a global variable somehow or should be set at the module level on a per task-basis?
I've hacked our local ansible instance and have confirmed that changing the default to something higher makes 95% of our requests succeed again. (many were failing because our cert provider is having issues..)

Would gladly whip up a PR, but I'm unsure what the best location would be to set the timeout.
@felixfontein felixfontein added the enhancement New feature or request label Apr 29, 2022
@felixfontein
Copy link
Contributor

I'm not entirely sure if this should be a global variable somehow or should be set at the module level on a per task-basis?

The best thing would be to add it to the acme docs fragment (https:/ansible-collections/community.crypto/blob/main/plugins/doc_fragments/acme.py#L13) and the module_utils (https:/ansible-collections/community.crypto/blob/main/plugins/module_utils/acme/acme.py#L332) so that it can be specified for every ACME module task. The Ansible equivalent to global variable would then be using module defaults (there is a community.crypto.acme module defaults group for all ACME modules, except acme_challenge_cert_helper, but that doesn't do any HTTP requests anyway and also doesn't use the acme doc fragment / shared argspec).

If you'd like to create a PR, that would be great!

@JonasVerhofste
Copy link
Contributor Author

Ah, you just provided me with the link I was missing. PR incoming!

@JonasVerhofste JonasVerhofste mentioned this issue Apr 29, 2022
Merged
felixfontein pushed a commit that referenced this issue May 3, 2022
@JonasVerhofste
Make request timeout configurable for all acme modules (#448)
c16d9f7 
* Make request timeout configurable for all acme modules

Fixes #447.

* Log change made in #448
This was referenced May 9, 2022
Merged
Merged
@renovate renovate bot mentioned this issue Sep 29, 2022
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Make request timeout configurable for all acme modules
2 participants
@felixfontein @JonasVerhofste