Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[PLAT-13910] Improve IAM credentials fetch logging and add retries
Summary: - Improved logging for IAM credentials fetch code. Also added retries to mitigate quick network blip issues. - We'll now do 10 retries with a sleep time of 5 seconds between each. - Updated logs for failure scenario looks like the following: ``` 2024-09-09T16:24:03.636Z [debug] 6b3174ee-3990-4b02-b008-843e7b953793 IAMTemporaryCredentialsProvider.java:124 [application-pekko.actor.default-dispatcher-14] com.yugabyte.yw.common.IAMTemporaryCredentialsProvider Fetching IAM credentials failed, will retry after 5 seconds 2024-09-09T16:24:08.637Z [info] 6b3174ee-3990-4b02-b008-843e7b953793 IAMTemporaryCredentialsProvider.java:113 [application-pekko.actor.default-dispatcher-14] com.yugabyte.yw.common.IAMTemporaryCredentialsProvider Loading credentials from: WebIdentityTokenCredentialsProvider 2024-09-09T16:24:08.638Z [warn] 6b3174ee-3990-4b02-b008-843e7b953793 ApacheConnectionManagerFactory.java:142 [application-pekko.actor.default-dispatcher-14] com.amazonaws.http.AmazonHttpClient SSL Certificate checking for endpoints has been explicitly disabled. 2024-09-09T16:24:08.639Z [info] 6b3174ee-3990-4b02-b008-843e7b953793 IAMTemporaryCredentialsProvider.java:113 [application-pekko.actor.default-dispatcher-14] com.yugabyte.yw.common.IAMTemporaryCredentialsProvider Loading credentials from: ProfileCredentialsProvider 2024-09-09T16:24:08.639Z [warn] 6b3174ee-3990-4b02-b008-843e7b953793 CredentialsLegacyConfigLocationProvider.java:45 [application-pekko.actor.default-dispatcher-14] com.amazonaws.profile.path.cred.CredentialsLegacyConfigLocationProvider Found the legacy config profiles file at [/home/centos/.aws/config]. Please move it to the latest default location [~/.aws/credentials]. 2024-09-09T16:24:08.640Z [info] 6b3174ee-3990-4b02-b008-843e7b953793 IAMTemporaryCredentialsProvider.java:113 [application-pekko.actor.default-dispatcher-14] com.yugabyte.yw.common.IAMTemporaryCredentialsProvider Loading credentials from: AssumeInstanceRole 2024-09-09T16:24:08.641Z [warn] 6b3174ee-3990-4b02-b008-843e7b953793 ApacheConnectionManagerFactory.java:142 [application-pekko.actor.default-dispatcher-14] com.amazonaws.http.AmazonHttpClient SSL Certificate checking for endpoints has been explicitly disabled. 2024-09-09T16:24:08.644Z [debug] 6b3174ee-3990-4b02-b008-843e7b953793 IAMTemporaryCredentialsProvider.java:174 [application-pekko.actor.default-dispatcher-14] com.yugabyte.yw.common.IAMTemporaryCredentialsProvider Could not get maximum duration for role arn: null. Using default 1 hour instead. 2024-09-09T16:24:08.645Z [info] 6b3174ee-3990-4b02-b008-843e7b953793 IAMTemporaryCredentialsProvider.java:113 [application-pekko.actor.default-dispatcher-14] com.yugabyte.yw.common.IAMTemporaryCredentialsProvider Loading credentials from: EC2ContainerCredentialsProvider 2024-09-09T16:24:08.647Z [error] 6b3174ee-3990-4b02-b008-843e7b953793 AWSUtil.java:310 [application-pekko.actor.default-dispatcher-14] com.yugabyte.yw.common.AWSUtil Fetching IAM credentials failed: Unable to load AWS credentials: [Source 'WebIdentityTokenCredentialsProvider': AWS_ROLE_ARN: blank variable value., Source 'ProfileCredentialsProvider': Unable to load credentials into profile [default]: AWS Access Key ID is not specified., Source 'AssumeInstanceRole': Forbidden (Service: null; Status Code: 403; Error Code: null; Request ID: null; Proxy: null), Source 'EC2ContainerCredentialsProvider': Forbidden (Service: null; Status Code: 403; Error Code: null; Request ID: null; Proxy: null)] ``` Test Plan: Tested manually on my IAM enabled dev-server by disabling EC2 metadata service. Reviewers: sneelakantan Reviewed By: sneelakantan Subscribers: yugaware Differential Revision: https://phorge.dev.yugabyte.com/D37908
- Loading branch information