8 files changed, 147 insertions, 39 deletions

diff --git a/data/templates/load-balancing/haproxy.cfg.j2 b/data/templates/load-balancing/haproxy.cfg.j2
index c98b739e2..70ea5d2b0 100644
--- a/data/templates/load-balancing/haproxy.cfg.j2
+++ b/data/templates/load-balancing/haproxy.cfg.j2
@@ -38,9 +38,10 @@ defaults
     log     global
     mode    http
     option  dontlognull
-    timeout connect 10s
-    timeout client  50s
-    timeout server  50s
+    timeout check {{ timeout.check }}s
+    timeout connect {{ timeout.connect }}s
+    timeout client {{ timeout.client }}s
+    timeout server {{ timeout.server }}s
     errorfile 400 /etc/haproxy/errors/400.http
     errorfile 403 /etc/haproxy/errors/403.http
     errorfile 408 /etc/haproxy/errors/408.http
@@ -134,6 +135,11 @@ frontend {{ front }}
     default_backend {{ backend }}
 {%             endfor %}
 {%         endif %}
+{%         if front_config.timeout is vyos_defined %}
+{%             if front_config.timeout.client is vyos_defined %}
+    timeout client {{ front_config.timeout.client }}s
+{%             endif %}
+{%         endif %}
 
 {%     endfor %}
 {% endif %}
diff --git a/interface-definitions/include/haproxy/timeout-check.xml.i b/interface-definitions/include/haproxy/timeout-check.xml.i
new file mode 100644
index 000000000..d1217fac3
--- /dev/null
+++ b/interface-definitions/include/haproxy/timeout-check.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from haproxy/timeout-check.xml.i -->
+<leafNode name="check">
+  <properties>
+    <help>Timeout in seconds for established connections</help>
+    <valueHelp>
+      <format>u32:1-3600</format>
+      <description>Check timeout in seconds</description>
+    </valueHelp>
+    <constraint>
+      <validator name="numeric" argument="--range 1-3600"/>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/haproxy/timeout-client.xml.i b/interface-definitions/include/haproxy/timeout-client.xml.i
new file mode 100644
index 000000000..2250ccdef
--- /dev/null
+++ b/interface-definitions/include/haproxy/timeout-client.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from haproxy/timeout-client.xml.i -->
+<leafNode name="client">
+  <properties>
+    <help>Maximum inactivity time on the client side</help>
+    <valueHelp>
+      <format>u32:1-3600</format>
+      <description>Timeout in seconds</description>
+    </valueHelp>
+    <constraint>
+      <validator name="numeric" argument="--range 1-3600"/>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/haproxy/timeout-connect.xml.i b/interface-definitions/include/haproxy/timeout-connect.xml.i
new file mode 100644
index 000000000..da4f983af
--- /dev/null
+++ b/interface-definitions/include/haproxy/timeout-connect.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from haproxy/timeout-connect.xml.i -->
+<leafNode name="connect">
+  <properties>
+    <help>Set the maximum time to wait for a connection attempt to a server to succeed</help>
+    <valueHelp>
+      <format>u32:1-3600</format>
+      <description>Connect timeout in seconds</description>
+    </valueHelp>
+    <constraint>
+      <validator name="numeric" argument="--range 1-3600"/>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/haproxy/timeout-server.xml.i b/interface-definitions/include/haproxy/timeout-server.xml.i
new file mode 100644
index 000000000..f27d415c1
--- /dev/null
+++ b/interface-definitions/include/haproxy/timeout-server.xml.i
@@ -0,0 +1,14 @@
+<!-- include start from haproxy/timeout-server.xml.i -->
+<leafNode name="server">
+  <properties>
+    <help>Set the maximum inactivity time on the server side</help>
+    <valueHelp>
+      <format>u32:1-3600</format>
+      <description>Server timeout in seconds</description>
+    </valueHelp>
+    <constraint>
+      <validator name="numeric" argument="--range 1-3600"/>
+    </constraint>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/include/haproxy/timeout.xml.i b/interface-definitions/include/haproxy/timeout.xml.i
index 79e7303b1..a3a5a8a3e 100644
--- a/interface-definitions/include/haproxy/timeout.xml.i
+++ b/interface-definitions/include/haproxy/timeout.xml.i
@@ -4,42 +4,9 @@
     <help>Timeout options</help>
   </properties>
   <children>
-    <leafNode name="check">
-      <properties>
-        <help>Timeout in seconds for established connections</help>
-        <valueHelp>
-          <format>u32:1-3600</format>
-          <description>Check timeout in seconds</description>
-        </valueHelp>
-        <constraint>
-          <validator name="numeric" argument="--range 1-3600"/>
-        </constraint>
-      </properties>
-    </leafNode>
-    <leafNode name="connect">
-      <properties>
-        <help>Set the maximum time to wait for a connection attempt to a server to succeed</help>
-        <valueHelp>
-          <format>u32:1-3600</format>
-          <description>Connect timeout in seconds</description>
-        </valueHelp>
-        <constraint>
-          <validator name="numeric" argument="--range 1-3600"/>
-        </constraint>
-      </properties>
-    </leafNode>
-    <leafNode name="server">
-      <properties>
-        <help>Set the maximum inactivity time on the server side</help>
-        <valueHelp>
-          <format>u32:1-3600</format>
-          <description>Server timeout in seconds</description>
-        </valueHelp>
-        <constraint>
-          <validator name="numeric" argument="--range 1-3600"/>
-        </constraint>
-      </properties>
-    </leafNode>
+    #include <include/haproxy/timeout-check.xml.i>
+    #include <include/haproxy/timeout-connect.xml.i>
+    #include <include/haproxy/timeout-server.xml.i>
   </children>
 </node>
 <!-- include end -->
diff --git a/interface-definitions/load-balancing_haproxy.xml.in b/interface-definitions/load-balancing_haproxy.xml.in
index ca089d3f0..b95e02337 100644
--- a/interface-definitions/load-balancing_haproxy.xml.in
+++ b/interface-definitions/load-balancing_haproxy.xml.in
@@ -48,6 +48,14 @@
                   <valueless/>
                 </properties>
               </leafNode>
+              <node name="timeout">
+                <properties>
+                  <help>Timeout options</help>
+                </properties>
+                <children>
+                  #include <include/haproxy/timeout-client.xml.i>
+                </children>
+              </node>
               <node name="http-compression">
                 <properties>
                   <help>Compress HTTP responses</help>
@@ -368,6 +376,29 @@
               </leafNode>
             </children>
           </node>
+          <node name="timeout">
+            <properties>
+              <help>Timeout options</help>
+            </properties>
+            <children>
+              #include <include/haproxy/timeout-check.xml.i>
+              <leafNode name="check">
+                <defaultValue>5</defaultValue>
+              </leafNode>
+              #include <include/haproxy/timeout-connect.xml.i>
+              <leafNode name="connect">
+                <defaultValue>10</defaultValue>
+              </leafNode>
+              #include <include/haproxy/timeout-client.xml.i>
+              <leafNode name="client">
+                <defaultValue>50</defaultValue>
+              </leafNode>
+              #include <include/haproxy/timeout-server.xml.i>
+              <leafNode name="server">
+                <defaultValue>50</defaultValue>
+              </leafNode>
+            </children>
+          </node>
           #include <include/interface/vrf.xml.i>
         </children>
       </node>
diff --git a/smoketest/scripts/cli/test_load-balancing_haproxy.py b/smoketest/scripts/cli/test_load-balancing_haproxy.py
index 9f412aa95..077f1974f 100755
--- a/smoketest/scripts/cli/test_load-balancing_haproxy.py
+++ b/smoketest/scripts/cli/test_load-balancing_haproxy.py
@@ -521,5 +521,53 @@ class TestLoadBalancingReverseProxy(VyOSUnitTestSHIM.TestCase):
         with self.assertRaises(ConfigSessionError) as e:
             self.cli_commit()
 
+    def test_11_lb_haproxy_timeout(self):
+        t_default_check = '5'
+        t_default_client = '50'
+        t_default_connect = '10'
+        t_default_server ='50'
+        t_check = '4'
+        t_client = '300'
+        t_connect = '12'
+        t_server ='120'
+        t_front_client = '600'
+
+        self.base_config()
+        self.cli_commit()
+        # Check default timeout options
+        config_entries = (
+            f'timeout check {t_default_check}s',
+            f'timeout connect {t_default_connect}s',
+            f'timeout client {t_default_client}s',
+            f'timeout server {t_default_server}s',
+        )
+        # Check default timeout options
+        config = read_file(HAPROXY_CONF)
+        for config_entry in config_entries:
+            self.assertIn(config_entry, config)
+
+        # Set custom timeout options
+        self.cli_set(base_path + ['timeout', 'check', t_check])
+        self.cli_set(base_path + ['timeout', 'client', t_client])
+        self.cli_set(base_path + ['timeout', 'connect', t_connect])
+        self.cli_set(base_path + ['timeout', 'server', t_server])
+        self.cli_set(base_path + ['service', 'https_front', 'timeout', 'client', t_front_client])
+
+        self.cli_commit()
+
+        # Check custom timeout options
+        config_entries = (
+            f'timeout check {t_check}s',
+            f'timeout connect {t_connect}s',
+            f'timeout client {t_client}s',
+            f'timeout server {t_server}s',
+            f'timeout client {t_front_client}s',
+        )
+
+        # Check configured options
+        config = read_file(HAPROXY_CONF)
+        for config_entry in config_entries:
+            self.assertIn(config_entry, config)
+
 if __name__ == '__main__':
     unittest.main(verbosity=2)