-
Notifications
You must be signed in to change notification settings - Fork 781
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vault KV Secrets since 0.21.1 causes endless rendering of template #1276
Comments
I have a more minimal example to reproduce this. Start Vault and Consul locally in
Consider the following template {{- with secret "secret/foo" }}
{{- .Data.data.bar }}
{{- end }} and configuration consul {
}
vault {
address = "http://127.0.0.1:8200"
token = "12345"
renew_token = false
}
template {
source = "template.txt"
destination = "out.txt"
}
log_level = "trace" If we run
With debug logging, we get
If we revert back to 0.21.0:
Is this to be expected? If so, we would probably have to turn off logging of any log level below |
If it helps, I was seeing identical behavior trying to read in pki info from vault. Based on an old issue, I reverted all the way to 0.19.5, which fixed my issue. I had tried 0.21.2 and 0.20.0, both were broken in the way mentioned above. consul-template kept generating a new pki cert in vault every 5s. 0.19.5 and 0.21.0 seem fine. |
fwiw, we were hit by this on upgrade from 0.21.0 to 0.21.2. I'll try to collect more info about our specific environment, if it would be helpful. |
Hey @lawliet89, @teeuwes, @dconry .. My apologies for the issue. Test suite didn't cover the retry timing due to the way delays were implemented and I missed this regression. This has already been filed as #1272 and I have a PR under review right now that fixes the issue. I should be getting 0.21.3 out today with the fix. |
Oh, I wanted to mention that the reworking to fix the bug changed how it worked so it could be tested (and it is in the PR). The PR is #1277. |
Consul Template version
0.21.2
Configuration
Template is a bunch of reads from Consul KV and Vault KV V2
Debug output
The log is an endless sequence of re-rendering.
Reverting back to
0.21.0
seems to fix the issue. I guess this has something to do with the Vault KV V2 changes introduced since 0.21.1.The metrics also show a constant usage of CPU cycles by Consul Template.
The text was updated successfully, but these errors were encountered: