Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Standby servers should not forward /sys/metrics calls #6802

Closed
tstoermer opened this issue May 30, 2019 · 3 comments
Closed

Standby servers should not forward /sys/metrics calls #6802

tstoermer opened this issue May 30, 2019 · 3 comments
Assignees
@michelvocks
Labels
bug Used to indicate a potential bug core/metric core/replication

Comments

@tstoermer
Copy link

Describe the bug
Standby servers in a vault cluster are forwarding the "/sys/metrics" call to the active server.

To Reproduce
Steps to reproduce the behavior:

  1. Setup vault in a cluster with one active and standby servers.
  2. Enable prometheus metrics endpoint.
  3. Scrape in Prometheus all vault servers.
  4. Standby servers are forwarding the "/sys/metrics" calls to active server.
  5. Metrics in Prometheus for standby servers are showing the same values as the active server.

Expected behavior
Standby servers should provide their own metrics instead of forwarding the metrics call to active server. This would make more sense from monitoring perspective.

Environment:

  • Vault Server Version: 1.1.2 (Docker)

Vault server configuration:

  • Vault Cluster with 1 active and 1 standby server
  • Consul Cluster as Backend
  • Enabled Prometheus endpoint

Additional context
Vault code looks like standby servers will always forward metrics requests to active server. There was also related discussion in vault group (I wasn't sure, if it was caused by a configuration error).
@mtse-aurora
Copy link

I've encountered the same issue, and just assumed that telemetry metrics are only emitted from the active node. Looking at the linked discussion, it seems that is not the case.

@briankassouf briankassouf added this to the 1.2 milestone Jun 14, 2019
@jefferai jefferai modified the milestones: 1.2, not-scheduled Jul 1, 2019
@michelvocks michelvocks added bug Used to indicate a potential bug core/metric core/replication labels Nov 7, 2019
@michelvocks michelvocks self-assigned this Jan 21, 2020
@michelvocks michelvocks mentioned this issue Feb 3, 2020
Merged
@michelvocks
Copy link
Contributor

Hi @tstoermer!

Thanks for opening this issue. This is indeed a bug and we came up with #8280 which not necessarily fixes the bug but at least returns the correct error message back to the client.

By default, standby nodes don't have an active token store which is required to validate the provided token from the client. This makes it currently impossible for us to allow sys/metrics requests on standby nodes. However, this only applies to authenticated metrics access and is not the case for unauthenticated metrics access. That means, sys/metrics requests on standby nodes where unauthenticated metrics access has been enabled should work as expected.

Cheers,
Michel

@michelvocks
Copy link
Contributor

Hi @tstoermer!

I'm going to close this since we haven't heard from you for a while.
Feel free to open a new issue if there is anything else you would like to discuss regarding this topic.

Cheers,
Michel

@pbernal pbernal removed this from the not-scheduled milestone May 26, 2020
@ptimofee ptimofee mentioned this issue Dec 6, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@michelvocks michelvocks

Labels
bug Used to indicate a potential bug core/metric core/replication
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@jefferai @catsby @pbernal @briankassouf @michelvocks @tstoermer @mtse-aurora @heatherezell