diff --git a/.changelog/10612.txt b/.changelog/10612.txt new file mode 100644 index 0000000000..e9a54002da --- /dev/null +++ b/.changelog/10612.txt @@ -0,0 +1,3 @@ +```release-note:improvement +acl: replication routine to report the last error message. +``` diff --git a/agent/consul/acl_replication.go b/agent/consul/acl_replication.go index 6c5d07f311..2fa89f0f50 100644 --- a/agent/consul/acl_replication.go +++ b/agent/consul/acl_replication.go @@ -484,12 +484,12 @@ func (s *Server) IsACLReplicationEnabled() bool { s.config.ACLTokenReplication } -func (s *Server) updateACLReplicationStatusError(errorMsg error) { +func (s *Server) updateACLReplicationStatusError(errorMsg string) { s.aclReplicationStatusLock.Lock() defer s.aclReplicationStatusLock.Unlock() s.aclReplicationStatus.LastError = time.Now().Round(time.Second).UTC() - s.aclReplicationStatus.LastErrorMessage = errorMsg.Error() + s.aclReplicationStatus.LastErrorMessage = errorMsg } func (s *Server) updateACLReplicationStatusIndex(replicationType structs.ACLReplicationType, index uint64) { diff --git a/agent/consul/leader.go b/agent/consul/leader.go index c5c35b7905..230b9f5a78 100644 --- a/agent/consul/leader.go +++ b/agent/consul/leader.go @@ -810,7 +810,7 @@ func (s *Server) runLegacyACLReplication(ctx context.Context) error { 0, ) lastRemoteIndex = 0 - s.updateACLReplicationStatusError(err) + s.updateACLReplicationStatusError(err.Error()) legacyACLLogger.Warn("Legacy ACL replication error (will retry if still leader)", "error", err) } else { metrics.SetGauge([]string{"leader", "replication", "acl-legacy", "status"}, @@ -927,7 +927,7 @@ func (s *Server) runACLReplicator( 0, ) lastRemoteIndex = 0 - s.updateACLReplicationStatusError(err) + s.updateACLReplicationStatusError(err.Error()) logger.Warn("ACL replication error (will retry if still leader)", "error", err, ) diff --git a/api/acl.go b/api/acl.go index d94c2807a7..e0072e9b0c 100644 --- a/api/acl.go +++ b/api/acl.go @@ -97,6 +97,7 @@ type ACLReplicationStatus struct { ReplicatedTokenIndex uint64 LastSuccess time.Time LastError time.Time + LastErrorMessage string } // ACLServiceIdentity represents a high-level grant of all necessary privileges