-
Notifications
You must be signed in to change notification settings - Fork 18.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
awslogs log driver: occasionally attempts to upload batch that is too large #37747
Comments
ping @jahkeup @samuelkarp |
Apologies for the delay; this came in while I was on vacation and then I missed following up when I got back. I'll take a look here, but I don't expect to be able to send a PR until sometime next week at the earliest. |
Hey @burdakovd, just wanted to give you an update: I've been looking at this and have reproduced this with a bit more fidelity, outside of Docker. I believe I understand where the inflated number of bytes is coming from, but I'm still attempting to narrow down where exactly the bug is. |
@burdakovd See #37986 for a fix. The problem here is that I misread the CloudWatch Logs documentation when writing the initial version of the driver, and did not account for UTF-8 encoding changing the length of the bytes that I was sending. The pull request above should fix the counting and stop the driver itself from splitting valid UTF-8 byte sequences into invalid byte sequences, though it appears that there may be another bug in Docker causing splits prior to the driver being invoked. |
The CloudWatch Logs API defines its limits in terms of bytes, but its inputs in terms of UTF-8 encoded strings. Byte-sequences which are not valid UTF-8 encodings are normalized to the Unicode replacement character U+FFFD, which is a 3-byte sequence in UTF-8. This replacement can cause the input to grow, exceeding the API limit and causing failed API calls. This commit adds logic for counting the effective byte length after normalization and splitting input without splitting valid UTF-8 byte-sequences into two invalid byte-sequences. Fixes moby#37747 Signed-off-by: Samuel Karp <skarp@amazon.com>
@burdakovd Now that the fix has been merged, we're planning to get it backported into the Amazon Linux / Amazon Linux 2 Docker package. |
The CloudWatch Logs API defines its limits in terms of bytes, but its inputs in terms of UTF-8 encoded strings. Byte-sequences which are not valid UTF-8 encodings are normalized to the Unicode replacement character U+FFFD, which is a 3-byte sequence in UTF-8. This replacement can cause the input to grow, exceeding the API limit and causing failed API calls. This commit adds logic for counting the effective byte length after normalization and splitting input without splitting valid UTF-8 byte-sequences into two invalid byte-sequences. Fixes moby/moby#37747 Signed-off-by: Samuel Karp <skarp@amazon.com> Upstream-commit: 1e8ef386279e2e28aff199047e798fad660efbdd Component: engine
The CloudWatch Logs API defines its limits in terms of bytes, but its inputs in terms of UTF-8 encoded strings. Byte-sequences which are not valid UTF-8 encodings are normalized to the Unicode replacement character U+FFFD, which is a 3-byte sequence in UTF-8. This replacement can cause the input to grow, exceeding the API limit and causing failed API calls. This commit adds logic for counting the effective byte length after normalization and splitting input without splitting valid UTF-8 byte-sequences into two invalid byte-sequences. Fixes moby#37747 Signed-off-by: Samuel Karp <skarp@amazon.com> (cherry picked from commit 1e8ef38) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The CloudWatch Logs API defines its limits in terms of bytes, but its inputs in terms of UTF-8 encoded strings. Byte-sequences which are not valid UTF-8 encodings are normalized to the Unicode replacement character U+FFFD, which is a 3-byte sequence in UTF-8. This replacement can cause the input to grow, exceeding the API limit and causing failed API calls. This commit adds logic for counting the effective byte length after normalization and splitting input without splitting valid UTF-8 byte-sequences into two invalid byte-sequences. Fixes moby#37747 Signed-off-by: Samuel Karp <skarp@amazon.com> (cherry picked from commit 1e8ef38) Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The CloudWatch Logs API defines its limits in terms of bytes, but its inputs in terms of UTF-8 encoded strings. Byte-sequences which are not valid UTF-8 encodings are normalized to the Unicode replacement character U+FFFD, which is a 3-byte sequence in UTF-8. This replacement can cause the input to grow, exceeding the API limit and causing failed API calls. This commit adds logic for counting the effective byte length after normalization and splitting input without splitting valid UTF-8 byte-sequences into two invalid byte-sequences. Fixes moby/moby#37747 Signed-off-by: Samuel Karp <skarp@amazon.com> (cherry picked from commit 1e8ef386279e2e28aff199047e798fad660efbdd) Signed-off-by: Sebastiaan van Stijn <github@gone.nl> Upstream-commit: 757650e8dcca87f95ba083a80639769a0b6ca1cc Component: engine
Description
With
aws-logs
log driver, Docker occasionally drops logs due to errors like "InvalidParameterException: Upload too large: 1188330 bytes exceeds limit of 1048576".It seems it fails to estimate size of request correctly, and to split request to AWS into smaller requests.
Steps to reproduce the issue:
docker run ubuntu bash -c 'for x in 1 2 3 4 5 6 7 8; do cat /dev/urandom | tr -d "\n" | head -c 131050; echo; done' | gzip | wc -c
Describe the results you received:
Observe logs did not get sent to awslogs, but instead in
/var/log/messages
we haveInvalidParameterException: Upload too large: 1188330 bytes exceeds limit of 1048576
Describe the results you expected:
Logs to get into awslogs without errors.
Additional information you deem important (e.g. issue happens only occasionally):
Furthermore, it appears Docker somehow doubles the payload size. I.e. initially I was planning to do the following as repro:
docker run ubuntu bash -c 'for x in 1 2 3 4; do cat /dev/urandom | tr -d "\n" | head -c 262140; echo; done' | gzip | wc -c
- but it failed with "InvalidParameterException: Log event too large: 476138 bytes exceeds limit of 262144", indicating that Docker is sending log event that is 2x bigger than the original log line.The repro steps of course are just random data, but I observe this issue happening once or twice a day with logs from ipfs daemon (in debug mode, so it is sending quite significant amount of logs).
Apart from seemingly wrong strategy of splitting data to send to AWS, it would also be great if Docker was dumping the failed blobs somewhere. It would help to diagnose this particular issue better, and also would be better from audit perspective, as currently if someone gets in the container that is monitored using awslogs, they can flood it in order to cause logs loss, and therefore hide their activity.
Config that I'm using to send data to awslogs:
This is similar to #35725 - but I decided to open a new issue instead of reopening that one as it is quite old.
Output of
docker version
:Output of
docker info
:Additional environment details (AWS, VirtualBox, physical, etc.):
AWS AMI Linux 2
The text was updated successfully, but these errors were encountered: