-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
api configurations not getting updated when changes are made (local cache not getting invalidated) #1063
Comments
More info: kong version: 0.7.0 running from deb install |
@ThorArakis in your setup:
Also, can you try to manually set |
Permissions are currently 777 on |
Thanks. This is very weird, because there is a test that specifically checks the invalidations and it works. Also, are the two nodes reachable on port |
We ran tcpdump and looks like both are reachable. |
The lua This causes our configuration management system (chef) composes the YAML for kong.yml from chef attributes. IIRC, the YAML spec prefers unquoted strings unless there is something (like trailing spaces) which forces quoting. (I think you see where this is going) we were unable to find a way to change the YAML dialect, and force this behavior. So, our workaround was to intentionally leave a trailing space on the chef attributes, which would result in the admin API listen address being This workaround did great, except for this, which resulted in this from the serf_event |
To force the YAML library to load the value properly, try to enclose the value in quotes, like: cluster_listen: "0.0.0.0:7946" |
We managed to throw some custom wrapper code to make sure that we add the double quotes during provisioning, so we're good to go for now. Thanks! |
Right now we have 2 kong app instance running, lets call them kong-a and kong-b. When I make a change to an api, the change appears successful in the admin api but doesn't actually apply. More details below:
I am currently using the key-auth plugin configuration to test configuration changes by enabling/disabling the key auth and seeing if I can curl the associated api endpoint. I have gotten the key-auth enabled endpoint to successfully block requests without an apikey and successfully allow requests with the key so I'm confident that it's not a plugin thing. Also I reproduced the issue by changing the raw api configurations (chaning the paths) to rule out if the sticky configuration problems were isolated to plugins.
Repro Steps:
curl -X GET http://kong-a/api_path
is correctly blocked from accessing the api since no apikey is presentkong-a:8001/api_path_id/plugins/<key_auth_plugin_id>
withenabled = false
. Patch succeeds with no errors.--
{"type":"ENTITY_UPDATED","collection":"plugins","entity":{"api_id":"blah","id":"stuff","name":"key-auth","enabled":true,"created_at":1457565476000,"config":{}}}
kong-a:8001/api_path_id/plugins/<key_auth_plugin_id>
to verify that the enabled is actually set to false.curl -X GET http://kong-a/api_path
is still blocked (incorrectly) from accessing due to lack of apikey.curl -X GET http://kong-b/api_path
also blocked (incorrectly)curl -X GET http://kong-a/api_path
is now successful without the keycurl -X GET http://kong-b/api_path
is still blocked because no key is provided.During this whole time I was tailing the access, error and serf logs. I saw nothing other then the restarts registered in the error or the serf logs. Normal stuff in the access logs.
The text was updated successfully, but these errors were encountered: