You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After about 1 week of running smoothly after a new deployment to AWS Fargate we got - the first time ever - an error showing up that during the AWS credentials renewal the refresh timer gets detached. Other deployments have not shown this yet, even after a month or more running.
...
The credentials refresh interval is set to 20m. The component is acting as a logging aggregator, forwarding logs from other Fluentd and Application components to OS.
Expected Behavior or What you need to ask
We assume the unexpected error is actually coming from the aws-sdk (or a STS hickup?) and since this is the first time ever to be observed it is hard to determine the cause. Due to the detachment of the timer there is no recovery possible from this error as after the token expiration all requests against OS are failing. There is no further credentials refresh happening.
If asked for an expected behavior this might be either a later retry attempt for the token refresh (better) or maybe a Fluentd exit so that the AWS Fargate task can be restarted (worse).
...
Using Fluentd and OpenSearch plugin versions
AWS Fargate linux
fluentd-1.16.1, ruby="3.1.4"
gem 'fluent-plugin-opensearch' version '1.1.3'
The text was updated successfully, but these errors were encountered:
For the purpose of testing file buffer fill up and flushes I have blocked (any) outgoing traffic and the error log appears again when the plugin tries to refresh the credentials.
Failing to renew the token is expected behavior with blocked traffic.
Unexpected error raised. Stopping the timer. title=:out_opensearch_expire_credentials error_class=Seahorse::Client::NetworkingError error="Failed to open TCP connection to xxxx (execution expired)"
When re-enabling the out traffic, the OS output plugin is not able to communicate with OpenSearch due to token expiration and not renewing the token.
Consider it as a bug or a request, the credentials refresh should not stop with a detached timer which leaves fluentd sitting there with full buffers not being able to flush them and the need of manual interference.
I understand that blocked traffic is or should never happen and also token renewal service should always (high availability) be responsive.
(check apply)
Problem
After about 1 week of running smoothly after a new deployment to AWS Fargate we got - the first time ever - an error showing up that during the AWS credentials renewal the refresh timer gets detached. Other deployments have not shown this yet, even after a month or more running.
...
Steps to replicate
Error log
Endpoint configuration
The credentials refresh interval is set to 20m. The component is acting as a logging aggregator, forwarding logs from other Fluentd and Application components to OS.
Expected Behavior or What you need to ask
We assume the unexpected error is actually coming from the aws-sdk (or a STS hickup?) and since this is the first time ever to be observed it is hard to determine the cause. Due to the detachment of the timer there is no recovery possible from this error as after the token expiration all requests against OS are failing. There is no further credentials refresh happening.
If asked for an expected behavior this might be either a later retry attempt for the token refresh (better) or maybe a Fluentd exit so that the AWS Fargate task can be restarted (worse).
...
Using Fluentd and OpenSearch plugin versions
The text was updated successfully, but these errors were encountered: