-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
roachtest: prefix all logs with worker tags #124027
roachtest: prefix all logs with worker tags #124027
Conversation
This LGTM, and I'm fine as-is, but now that I've taken a closer look, I'm starting to wonder whether we should change our approach. For instance, looking at the test runner logs from a recent run [1], I see a couple of other entries that don't have the worker tag and would continue to not have that tag even after this PR:
The main difficulty is that the That said, I'm wondering if we should make this easier for ourselves by not relying on log tags to add the worker annotation. Specifically, we could use the
With this approach, [2] cockroach/pkg/cmd/roachtest/roachtestutil/mixedversion/mixedversion.go Lines 782 to 789 in 2f739e8
|
b627984
to
336d8c3
Compare
Tested out the changes. The worker log files are being created parallel to the Also, the entries you mentioned now do have a tag.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice! I played around with it locally and everything works for me. One tiny question but otherwise LGTM.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice! I think we should not return
on the worker and fallback to the parent logger as already mentioned, but otherwise LGTM.
63583c5
to
cba5427
Compare
Previously, many of the runner logs didn't have the worker tags. This was inadequate because we couldn't break up the logs by wX tags to see what each worker is doing. This PR prefixes the worker tags to logs that were missing them. Epic: none Fixes: cockroachdb#114045 Release note: None
cba5427
to
0a2f34e
Compare
bors r+ |
123697: ccl,sql,util: Fix jwt auth and add sensitive error logs r=souravcrl a=souravcrl ccl,sql,util: Fix jwt auth and add sensitive error logs We are running into issues with jwt authentication and currently unable to provide support as we are not logging the error from the http client used in the authenticator. The PR looks to propagate this obtained error from `ValidateJWTLogin` http client. The http client now also respects the system http proxy if set. Validated the error details when presenting an expired token ``` ERROR: JWT authentication: invalid token SQLSTATE: 28000 DETAIL: unable to parse token: exp not satisfied Failed running "sql" ``` Validated error on setting wrong proxy params ``` ERROR: JWT authentication: unable to validate token SQLSTATE: 28000 Failed running "sql" ``` and logged error: ``` I240510 08:31:28.604141 1473 4@util/log/event_log.go:32 ⋮ [T1,Vsystem,n1,client=127.0.0.1:56289,hostssl,user=‹sourav.sarangi›] 3 ={"Timestamp":1715329888604122000,"EventType":"client_authentication_failed","InstanceID":1,"Network":"tcp","RemoteAddress":"‹127.0.0.1:56289›","SessionID":"17ce136f2a8ecd480000000000000001","Transport":"hostssl","User":"‹sourav.sarangi›","SystemIdentity":"‹sourav.sarangi›","Reason":"CREDENTIALS_INVALID","Detail":"JWT authentication: unable to validate token\nunable to fetch jwks: Get \"https://accounts.google.com/.well-known/openid-configuration\": proxyconnect tcp: dial tcp [::1]:3129: connect: connection refused","Method":"jwt_token"} ``` Verified access logs after setting up squid proxy and passing env HTTP_PROXY and HTTPS_PROXY params ``` 1715103871.761 144 ::1 TCP_TUNNEL/200 5708 CONNECT accounts.google.com:443 - HIER_DIRECT/74.125.200.84 - 1715103871.836 73 ::1 TCP_TUNNEL/200 5964 CONNECT www.googleapis.com:443 - HIER_DIRECT/142.250.182.10 - ``` fixes #123575, CRDB-38386, CRDB-38408 Epic None Release note: Noneccl,sql,util: Fix jwt auth and add sensitive error logs We are running into issues with jwt authentication and currently unable to provide support as we are not logging the error from the http client used in the authenticator. The PR looks to propagate this obtained error from `ValidateJWTLogin` http client. The http client now also respects the system http proxy if set. Validated the error details when presenting an expired token ``` ERROR: JWT authentication: invalid token SQLSTATE: 28000 DETAIL: unable to parse token: exp not satisfied Failed running "sql" ``` Validated error on setting wrong proxy params ``` ERROR: JWT authentication: unable to validate token SQLSTATE: 28000 Failed running "sql" ``` and logged error: ``` I240510 08:31:28.604141 1473 4@util/log/event_log.go:32 ⋮ [T1,Vsystem,n1,client=127.0.0.1:56289,hostssl,user=‹sourav.sarangi›] 3 ={"Timestamp":1715329888604122000,"EventType":"client_authentication_failed","InstanceID":1,"Network":"tcp","RemoteAddress":"‹127.0.0.1:56289›","SessionID":"17ce136f2a8ecd480000000000000001","Transport":"hostssl","User":"‹sourav.sarangi›","SystemIdentity":"‹sourav.sarangi›","Reason":"CREDENTIALS_INVALID","Detail":"JWT authentication: unable to validate token\nunable to fetch jwks: Get \"https://accounts.google.com/.well-known/openid-configuration\": proxyconnect tcp: dial tcp [::1]:3129: connect: connection refused","Method":"jwt_token"} ``` Verified access logs after setting up squid proxy and passing env HTTP_PROXY and HTTPS_PROXY params ``` 1715103871.761 144 ::1 TCP_TUNNEL/200 5708 CONNECT accounts.google.com:443 - HIER_DIRECT/74.125.200.84 - 1715103871.836 73 ::1 TCP_TUNNEL/200 5964 CONNECT www.googleapis.com:443 - HIER_DIRECT/142.250.182.10 - ``` fixes #123575, CRDB-38386, CRDB-38408 Epic None Release note: None 124027: roachtest: prefix all logs with worker tags r=vidit-bhat a=vidit-bhat Previously, many of the runner logs didn't have the worker tags. This was inadequate because we couldn't break up the logs by `wX` tags to see what each worker was doing. This PR prefixes worker tags to the logs that were missing them. Epic: none Fixes: #114045 Release note: None Co-authored-by: Sourav Sarangi <sourav.sarangi@cockroachlabs.com> Co-authored-by: Vidit Bhat <vidit.bhat@cockroachlabs.com>
This PR was included in a batch that was canceled, it will be automatically retried |
blathers backport 24.1 23.2 |
Encountered an error creating backports. Some common things that can go wrong:
You might need to create your backport manually using the backport tool. error creating merge commit from 0a2f34e to blathers/backport-release-24.1-124027: POST https://api.github.com/repos/cockroachdb/cockroach/merges: 409 Merge conflict [] you may need to manually resolve merge conflicts with the backport tool. Backport to branch 24.1 failed. See errors above. error creating merge commit from 0a2f34e to blathers/backport-release-23.2-124027: POST https://api.github.com/repos/cockroachdb/cockroach/merges: 409 Merge conflict [] you may need to manually resolve merge conflicts with the backport tool. Backport to branch 23.2 failed. See errors above. 🦉 Hoot! I am a Blathers, a bot for CockroachDB. My owner is dev-inf. |
Previously, many of the runner logs didn't have the worker tags. This was inadequate because we couldn't break up the logs by
wX
tags to see what each worker was doing.This PR prefixes worker tags to the logs that were missing them.
Epic: none
Fixes: #114045
Release note: None