Add monitor http endpoint #2511
Conversation
kyhavlov
force-pushed
the
f-monitor-api
branch
from
b99e5d6
to
db3ff8b
Compare
| default: | ||
| // We can't log synchronously, since we are already being invoked | ||
| // from the logWriter, and a log will need to invoke Write() which | ||
| // already holds the lock. We must therefor do the log async, so |
| @@ -471,6 +471,7 @@ func (c *Command) setupAgent(config *Config, logOutput io.Writer, logWriter *log | |||
| c.Ui.Error(fmt.Sprintf("Error starting agent: %s", err)) | |||
| return err | |||
| } | |||
| agent.logWriter = logWriter | |||
There was a problem hiding this comment.
I'd plumb this into Create() - seems weird to set it here.
| // from the logWriter, and a log will need to invoke Write() which | ||
| // already holds the lock. We must therefor do the log async, so | ||
| // as to not deadlock | ||
| go h.logger.Printf("[WARN] Dropping logs to monitor http endpoint") |
There was a problem hiding this comment.
I kind of worry this could make a ton of goroutines if things got into a weird state. I'd just count dropped lines in here, and then kick out a warning up in the agent handler when you are closing out if this count > 0. That way the operator can see that this is going on, but it's super cheap and ok if we are essentially dropping all of the logs.
| defer srv.agent.Shutdown() | ||
|
|
||
| // Begin streaming logs from the monitor endpoint | ||
| req, _ := http.NewRequest("GET", "/v1/agent/monitor?loglevel=debug", nil) |
There was a problem hiding this comment.
Would be good to do a little deeper test of the level filter. You could just make sure you get an error for an invalid level which proves it gets plumbed down.
| resp.WriteHeader(405) | ||
| return nil, nil | ||
| } | ||
|
|
There was a problem hiding this comment.
We are going to add an ACL here, but I feel like this is a bit of a security vuln until we do that. Just so we don't expose anything weird while that work is going on in master, lets take a token here and call the Raft endpoint:
https://github.com/hashicorp/consul/blob/master/command/agent/operator_endpoint.go#L23-L26
This'll vet that they have operator read privs if it doesn't return an error (just throw away the response), which protects this with something while we develop ACLs.
|
LGTM |
Add the monitor api as part of #2502