local: use agent token to deregister services #9683
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
TODO: add changelog entry |
When de-registering in anti-entropy sync, when there is no service or check token. The agent token will fall back to the default (aka user) token if no agent token is set, so the existing behaviour still works, but it will prefer the agent token over the user token if both are set. ref: https://www.consul.io/docs/agent/options#acl_tokens The agent token seems more approrpiate in this case, since this is an "internal operation", not something initiated by the user.
dnephin
force-pushed
the
dnephin/fix-zombie-service-dereg
branch
from
6621e40
to
8a5163b
Compare
|
🍒 If backport labels were added before merging, cherry-picking will start automatically. To retroactively trigger a backport after merging, add backport labels and re-run https://circleci.com/gh/hashicorp/consul/330029. |
hashicorp-ci
pushed a commit
that referenced
this pull request
Mar 5, 2021
local: use agent token to deregister services
dizzyup
pushed a commit
that referenced
this pull request
Apr 21, 2021
local: use agent token to deregister services
This was referenced May 4, 2021
cmd-ntrf
added a commit
to ComputeCanada/puppet-magic_castle
that referenced
this pull request
May 27, 2021
Fix issue with local: use agent token to deregister services hashicorp/consul#9683
cmd-ntrf
added a commit
to ComputeCanada/puppet-magic_castle
that referenced
this pull request
Jul 22, 2021
Fix issue with local: use agent token to deregister services hashicorp/consul#9683
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hopefully improves the issue from #9577 (#7669, #8078).
If an ACL token used to register a service is removed before the service then anti-entropy sync can fail to deregister the service. In those cases the local agent logs are filled with noise from these failures, and it never resolves itself.
Previously it would attempt to fall back to the "default" token, then to the anonymous token. With this change it will first fall back to the "agent" token, then "default", then finally the anonymous.
ref: https://www.consul.io/docs/agent/options#acl_tokens
The agent token seems more appropriate in this case, since this is an "internal operation", not something initiated by the user.