Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add info about aws timeouts to docs #10209

Merged
merged 5 commits into from
Oct 26, 2020
Merged

Add info about aws timeouts to docs #10209

merged 5 commits into from
Oct 26, 2020

Conversation

tvoran
Copy link
Member

@tvoran tvoran commented Oct 22, 2020
edited
Loading

Used one included file in the docs pages. Preview links:

Added a note to the upgrade pages for 1.4.0 and 1.5.0 as well.

Related to #10133

@tvoran
Add info about aws timeouts to docs
63eeac7 
In auth/aws, seal/awskms, and secrets/aws.
@tvoran tvoran requested a review from a team October 22, 2020 06:25
calvn
calvn approved these changes Oct 22, 2020
View reviewed changes
Copy link
Contributor

@calvn calvn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, just a few minor comments.

Might be worth to also add a note about the timeout/delay on the 1.4.0 Upgrade Guide and 1.5.0 Upgrade Guide pages (as a known issue). We can say that this is fixed on 1.5.5 and later.

website/pages/docs/auth/aws.mdx Outdated
service][aws-ec2-mds] on an EC2 instance, there may be a delay. The AWS SDK used
by Vault first attempts to connect to [v2 of the instance metadata service
(IMDSv2)][aws-ec2-imdsv2], and if that times out, it falls back to v1. In Vault
1.4, this timeout could take up to 2 minutes. In Vault 1.5 and later, it can
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if we should explicitly call out the patch version instead, i.e. 1.5.5.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, added in be0e9de

website/pages/docs/auth/aws.mdx Outdated
by Vault first attempts to connect to [v2 of the instance metadata service
(IMDSv2)][aws-ec2-imdsv2], and if that times out, it falls back to v1. In Vault
1.4, this timeout could take up to 2 minutes. In Vault 1.5 and later, it can
take up to 2 seconds. The timeout occurs in situations such as Vault running in
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We tested specifically for the Docker case, but I think this can also happen if the host has a proxy in front of it which requires an extra hop before it can reach IMDSv2.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, I reworded that part a bit to make it more general, and mention docker as a specific case.

tvoran added 3 commits October 23, 2020 19:02
@tvoran
Moved to using partial includes
be0e9de 
One blurb for the docs pages and one for the .0 upgrade pages. Also
added to s3 and dynamodb pages.
@tvoran
Merge remote-tracking branch 'origin/master' into docs/VAULT-564/aws-…
6bdf698 
…timeout
@tvoran
formatting fixes
9ab1dbb
@tvoran tvoran requested review from calvn and a team October 24, 2020 02:38
@tvoran
Copy link
Member Author

tvoran commented Oct 24, 2020

Looks good, just a few minor comments.

Might be worth to also add a note about the timeout/delay on the 1.4.0 Upgrade Guide and 1.5.0 Upgrade Guide pages (as a known issue). We can say that this is fixed on 1.5.5 and later.

Good idea, I added a note to the 1.4.0 and 1.5.0 pages, with links in the PR description.

tomhjp
tomhjp approved these changes Oct 26, 2020
View reviewed changes
Copy link
Contributor

@tomhjp tomhjp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

calvn
calvn approved these changes Oct 26, 2020
View reviewed changes
Copy link
Contributor

@calvn calvn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

@tvoran tvoran merged commit f2b41e1 into master Oct 26, 2020
@tvoran tvoran deleted the docs/VAULT-564/aws-timeout branch October 26, 2020 18:16
github-actions bot pushed a commit that referenced this pull request Oct 26, 2020
@tvoran @actions-user
Add info about aws timeouts to docs (#10209)
bac3989 
In auth/aws, seal/awskms, and secrets/aws, storage/s3, and
storage/dynamodb.

One blurb for the docs pages and one for the .0 upgrade pages.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@calvn calvn calvn approved these changes

@tomhjp tomhjp tomhjp approved these changes

Assignees
No one assigned
Labels
docs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tvoran @calvn @tomhjp