TK-134 will enable client timeouts to be configured for clj-http-client connections. Where the Puppet Server is a client, it should allow for these timeouts to be exposed for external user configuration and impose some reasonable defaults.
Standard puppet.conf configuration covers timeout settings which could be mapped to the underlying clj-http-client settings. The ones currently used by the Puppet agent are http_connect_timeout and http_read_timeout.
Where we eventually expect to be able to separate the master configuration more cleanly from the agent configuration, however, I'm thinking it might be better to add new settings for these to the http-client Trapperkeeper configuration section, which currently only supports the ssl-protocols and cipher-suites settings.
Also, we'll need to decide what default values to use for these settings. For the "connection timeout", we may consider following the Puppet agent lead and use "2 minutes". The "read timeout" that Puppet uses is defined as "infinite". This seems a little dangerous for the Puppet Server master to use in that it could cause the master to lock up completely under high load. Maybe 20 minutes would be a better default, the newly ordained default for the jruby pool's borrow timeout?
UPDATE: These were eventually implemented under the http-client section as idle-timeout-millliseconds and connect-timeout-milliseconds. The default for idle-timeout-milliseconds is 20 minutes. The default for connect-timeout-milliseconds is 2 minutes. Information on the new settings is covered in the "puppetserver.conf" settings documentation, see https://github.com/puppetlabs/puppet-server/blob/86e2b6b79a9ad88c796579945d3d802cdc250359/documentation/configuration.markdown#puppetserverconf.
Risk assessment: High (automated test needed)
Probability: Medium (effects users needing to adjust timeout)
Severity: High (No work around available)