Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[libbeat] add_cloud_metadata - startup blocked by AWS IMSDv2 token fetch #33058

Closed
andrewkroh opened this issue Sep 12, 2022 · 1 comment
Closed

[libbeat] add_cloud_metadata - startup blocked by AWS IMSDv2 token fetch #33058

andrewkroh opened this issue Sep 12, 2022 · 1 comment
Labels
bug libbeat :Processors Team:Cloud-Monitoring Label for the Cloud Monitoring team

Comments

@andrewkroh
Copy link
Member

andrewkroh commented Sep 12, 2022
edited
Loading

The AWS provider in the add_cloud_metadata processor was modified to support IMSDv2 in #28285. There are two issues affecting the implementation.

  1. Fetching of the IMSDv2 token blocks the startup of the processor. The processor was designed to try fetching metadata from all enabled providers (e.g. aws, gcp, openstack) in parallel and asynchronously from the main thread. This allows the Beat to startup without being blocked on Cloud provider detection logic.

    The implementation fetches the IMSDv2 token in a non-async manner such that it blocks startup and does not happen in parallel with all other provider implementations. In non-AWS environments the Beat blocks until a HTTP timeout is reached (default is 3s).

    The processor needs to be modified to fetch the IMSDv2 token asynchronously. Some changes might be needed to allow chaining the request to fetch the token and use the token in the AWS metadata service requests.

  2. (update: this should be fixed by [add_cloud_metadata] Remove logger for AWS/EC2 #36829) It logs warnings for something that is expected to fail when the Beat runs outside of AWS. This should not be logged as a warning. It should be handled in the same manner as a non-response is handled by all other provider implementations. If the error is returned in the result from the provider then the processor will log the disposition at the debug level.

{"log.level":"warn","@timestamp":"2022-09-12T17:09:41.120-0400","log.logger":"add_cloud_metadata","log.origin":{"file.name":"add_cloud_metadata/provider_aws_ec2.go","file.line":81},"message":"read token request for getting IMDSv2 token returns empty: Put "http://169.254.169.254/latest/api/token\": context deadline exceeded (Client.Timeout exceeded while awaiting headers). No token in the metadata request will be used.","service.name":"filebeat","ecs.version":"1.6.0"}
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Sep 12, 2022
@endorama endorama added the Team:Cloud-Monitoring Label for the Cloud Monitoring team label Sep 19, 2022
@botelastic botelastic bot removed the needs_team Indicates that the issue/PR needs a Team:* label label Sep 19, 2022
@gsantoro gsantoro mentioned this issue Jan 17, 2023
Merged
6 tasks
@andrewkroh andrewkroh mentioned this issue Mar 22, 2023
Closed
@cmacknz cmacknz mentioned this issue Apr 3, 2023
Closed
@andrewkroh
Copy link
Member Author

These two issues appear related to bullet (2) above.

Related:

This was referenced Jul 11, 2023
Closed
Closed
@aspacca aspacca closed this as completed Mar 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug libbeat :Processors Team:Cloud-Monitoring Label for the Cloud Monitoring team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@aspacca @endorama @andrewkroh