status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #4038 from pierresouchay/ACL_additional_info 

Track calls blocked by ACLs using metrics
This commit is contained in:
Paul Banks 2018-07-09 20:21:21 +01:00 committed by GitHub
parent fbc5017d5d a937c7fa70
commit 41c3a4ac8e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
agent/local/state.go
View File

@ -11,7 +11,7 @@ import (
"sync/atomic" "sync/atomic"
"time" "time"
"github.com/hashicorp/go-uuid" "github.com/armon/go-metrics"
"github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/acl"
"github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/structs"
@ -19,6 +19,7 @@ import (
"github.com/hashicorp/consul/api" "github.com/hashicorp/consul/api"
"github.com/hashicorp/consul/lib" "github.com/hashicorp/consul/lib"
"github.com/hashicorp/consul/types" "github.com/hashicorp/consul/types"
"github.com/hashicorp/go-uuid"
) )
// Config is the configuration for the State. // Config is the configuration for the State.
@ -1087,6 +1088,7 @@ func (l *State) deleteService(id string) error {
// todo(fs): some backoff strategy might be a better solution // todo(fs): some backoff strategy might be a better solution
l.services[id].InSync = true l.services[id].InSync = true
l.logger.Printf("[WARN] agent: Service %q deregistration blocked by ACLs", id) l.logger.Printf("[WARN] agent: Service %q deregistration blocked by ACLs", id)
metrics.IncrCounter([]string{"acl", "blocked", "service", "deregistration"}, 1)
return nil return nil
default: default:
@ -1124,6 +1126,7 @@ func (l *State) deleteCheck(id types.CheckID) error {
// todo(fs): some backoff strategy might be a better solution // todo(fs): some backoff strategy might be a better solution
l.checks[id].InSync = true l.checks[id].InSync = true
l.logger.Printf("[WARN] agent: Check %q deregistration blocked by ACLs", id) l.logger.Printf("[WARN] agent: Check %q deregistration blocked by ACLs", id)
metrics.IncrCounter([]string{"acl", "blocked", "check", "deregistration"}, 1)
return nil return nil
default: default:
@ -1194,6 +1197,7 @@ func (l *State) syncService(id string) error {
l.checks[check.CheckID].InSync = true l.checks[check.CheckID].InSync = true
} }
l.logger.Printf("[WARN] agent: Service %q registration blocked by ACLs", id) l.logger.Printf("[WARN] agent: Service %q registration blocked by ACLs", id)
metrics.IncrCounter([]string{"acl", "blocked", "service", "registration"}, 1)
return nil return nil
default: default:
@ -1239,6 +1243,7 @@ func (l *State) syncCheck(id types.CheckID) error {
// todo(fs): some backoff strategy might be a better solution // todo(fs): some backoff strategy might be a better solution
l.checks[id].InSync = true l.checks[id].InSync = true
l.logger.Printf("[WARN] agent: Check %q registration blocked by ACLs", id) l.logger.Printf("[WARN] agent: Check %q registration blocked by ACLs", id)
metrics.IncrCounter([]string{"acl", "blocked", "check", "registration"}, 1)
return nil return nil
default: default:
@ -1270,6 +1275,7 @@ func (l *State) syncNodeInfo() error {
// todo(fs): some backoff strategy might be a better solution // todo(fs): some backoff strategy might be a better solution
l.nodeInfoInSync = true l.nodeInfoInSync = true
l.logger.Printf("[WARN] agent: Node info update blocked by ACLs") l.logger.Printf("[WARN] agent: Node info update blocked by ACLs")
metrics.IncrCounter([]string{"acl", "blocked", "node", "registration"}, 1)
return nil return nil
default: default:

12
website/source/docs/agent/telemetry.html.md
View File

@ -138,6 +138,18 @@ This is a full list of metrics emitted by Consul.
<th>Unit</th> <th>Unit</th>
<th>Type</th> <th>Type</th>
</tr> </tr>
<tr>
<td>`consul.acl.blocked.service.registration`</td>
<td>This increments whenever a deregistration fails for a service (blocked by an ACL)</td>
<td>requests</td>
<td>counter</td>
</tr>
<tr>
<td>`consul.acl.blocked.&lt;check|node|service&gt;.registration`</td>
<td>This increments whenever a registration fails for an entity (check, node or service) is blocked by an ACL</td>
<td>requests</td>
<td>counter</td>
</tr>
<tr> <tr>
<td>`consul.client.rpc`</td> <td>`consul.client.rpc`</td>
<td>This increments whenever a Consul agent in client mode makes an RPC request to a Consul server. This gives a measure of how much a given agent is loading the Consul servers. Currently, this is only generated by agents in client mode, not Consul servers.</td> <td>This increments whenever a Consul agent in client mode makes an RPC request to a Consul server. This gives a measure of how much a given agent is loading the Consul servers. Currently, this is only generated by agents in client mode, not Consul servers.</td>