Commit 22f57cd8 authored by Brad Davidson's avatar Brad Davidson Committed by Brad Davidson

Add timeout to clientaccess http client

The default http client does not have an overall request timeout, so connections to misbehaving or unavailable servers can stall for an excessive amount of time. At the moment, just attempting to join an unavailable cluster takes 2 minutes and 40 seconds to timeout. Resolve that by setting a reasonable request timeout. Signed-off-by: 's avatarBrad Davidson <brad.davidson@rancher.com>
parent ad981265
...@@ -10,12 +10,19 @@ import ( ...@@ -10,12 +10,19 @@ import (
"net/http" "net/http"
"net/url" "net/url"
"strings" "strings"
"time"
"github.com/pkg/errors" "github.com/pkg/errors"
) )
var ( var (
defaultClientTimeout = 20 * time.Second
defaultClient = &http.Client{
Timeout: defaultClientTimeout,
}
insecureClient = &http.Client{ insecureClient = &http.Client{
Timeout: defaultClientTimeout,
Transport: &http.Transport{ Transport: &http.Transport{
TLSClientConfig: &tls.Config{ TLSClientConfig: &tls.Config{
InsecureSkipVerify: true, InsecureSkipVerify: true,
...@@ -150,13 +157,14 @@ func parseToken(token string) (*Info, error) { ...@@ -150,13 +157,14 @@ func parseToken(token string) (*Info, error) {
// an empty CA bundle (which will always fail). // an empty CA bundle (which will always fail).
func GetHTTPClient(cacerts []byte) *http.Client { func GetHTTPClient(cacerts []byte) *http.Client {
if len(cacerts) == 0 { if len(cacerts) == 0 {
return http.DefaultClient return defaultClient
} }
pool := x509.NewCertPool() pool := x509.NewCertPool()
pool.AppendCertsFromPEM(cacerts) pool.AppendCertsFromPEM(cacerts)
return &http.Client{ return &http.Client{
Timeout: defaultClientTimeout,
Transport: &http.Transport{ Transport: &http.Transport{
DisableKeepAlives: true, DisableKeepAlives: true,
TLSClientConfig: &tls.Config{ TLSClientConfig: &tls.Config{
...@@ -221,7 +229,7 @@ func getCACerts(u url.URL) ([]byte, error) { ...@@ -221,7 +229,7 @@ func getCACerts(u url.URL) ([]byte, error) {
// This first request is expected to fail. If the server has // This first request is expected to fail. If the server has
// a cert that can be validated using the default CA bundle, return // a cert that can be validated using the default CA bundle, return
// success with no CA certs. // success with no CA certs.
_, err := get(url, http.DefaultClient, "", "") _, err := get(url, defaultClient, "", "")
if err == nil { if err == nil {
return nil, nil return nil, nil
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment