Add configurable connect timeout for downloads

[sshedi]

Introduce connect_timeout config option and apply it via CURLOPT_CONNECTTIMEOUT in remote downloads to avoid long hangs when DNS resolution succeeds but TCP connection does not establish.

[sshedi]

@oliverkurth if you have any idea on how this can be tested in a container, please let me know. I tried this manually.

Here are the steps:

1. ./bin/tdnf makecache -----> works
2. iptables -I OUTPUT -p tcp --dport 80 -j DROP (or 443 port)
3. ./bin/tdnf makecache -----> fails after 10 retries with 10 sec interval, can be modified through tdnf.conf
4. iptables -D OUTPUT -p tcp --dport 80 -j DROP
5. ./bin/tdnf makecache -----> works

In the existing code, step 3 hangs indefinitely (nearly an hour) to finish 10 retries

[oliverkurth]

For testing, I think you can use iptables also in the container. You may need to install it.

[oliverkurth]

If read this correctly: https://curl.se/libcurl/c/CURLOPT_CONNECTTIMEOUT.html :

"The connection phase includes the name resolve (DNS) and all protocol handshakes and negotiations until there is an established connection with the remote side."

It includes the DNS resolution. DNS can, under circumstances, require some time.

Also, the default is 300 seconds, it's not indefinitely: "Set this option to zero to switch to the default built-in connection timeout - 300 seconds."

[sshedi]

For testing, I think you can use iptables also in the container. You may need to install it.

It's not that simple, I think the container should be started in a different way to achieve it but I will add this to my backlog and will try to do it when I have bandwidth. Hope that's okay?

[sshedi]

If read this correctly: https://curl.se/libcurl/c/CURLOPT_CONNECTTIMEOUT.html :

"The connection phase includes the name resolve (DNS) and all protocol handshakes and negotiations until there is an established connection with the remote side."

It includes the DNS resolution. DNS can, under circumstances, require some time.

Also, the default is 300 seconds, it's not indefinitely: "Set this option to zero to switch to the default built-in connection timeout - 300 seconds."

IMO, if DNS + Handshake doesn't finish under 10 seconds, the consumer has bigger things to worry about than installing packages :)

[oliverkurth]

IMO, if DNS + Handshake doesn't finish under 10 seconds, the consumer has bigger things to worry about than installing packages :)

I am not convinced. DNS can sometimes take some time, especially in our fragile infra structure (gobuild, artifactory gerrit or whatever), and I already had to do workaround a do retries in some cases because it just happens, and I have no control over it.

How about a compromise - we leave the default at 0 so there is no change in behavior by default, but set it to 10 seconds in the config file. This way, it's easily reverted or changed.

[sshedi]

I already had to do workaround a do retries in some cases because it just happens, and I have no control over it.

Can you please give more info on this? I'm curious to know where this happened.

How about a compromise - we leave the default at 0 so there is no change in behavior by default, but set it to 10 seconds in the config file. This way, it's easily reverted or changed.

I'm ok with this, will update the PR.