Commits on Feb 18, 2022

1. connect: write envoy bootstrap debugging info …

   When Consul Connect just works, it's wonderful. When it doesn't work it
   can be exceeding difficult to debug: operators have to check task
   events, Nomad logs, Consul logs, Consul APIs, and even then critical
   information is missing.
   
   Using Consul to generate a bootstrap config for Envoy is notoriously
   difficult. Nomad doesn't even log stderr, so operators are left trying
   to piece together what went wrong.
   
   This patch attempts to provide *maximal* context which unfortunately
   includes secrets. **Secrets are always restricted to the secrets/
   directory.** This makes debugging a little harder, but allows operators
   to know exactly what operation Nomad was trying to perform.
   
   What's added:
   
   - stderr is sent to alloc/logs/envoy_bootstrap.stderr.0
   - the CLI is written to secrets/.envoy_bootstrap.cmd
   - the environment is written to secrets/.envoy_bootstrap.env as JSON
   
   Accessing this information is unfortunately awkward:
   ```
   nomad alloc exec -task connect-proxy-count-countdash b36a cat secrets/.envoy_bootstrap.env
   nomad alloc exec -task connect-proxy-count-countdash b36a cat secrets/.envoy_bootstrap.cmd
   nomad alloc fs b36a alloc/logs/envoy_bootstrap.stderr.0
   ```
   
   The above assumes an alloc id that starts with `b36a` and a Connect
   sidecar proxy for a service named `count-countdash`.
   
   If the alloc is unable to start successfully, the debugging files are
   only accessible from the host filesystem.

   

   schmichael committed Feb 18, 2022
   Configuration menu

   • View commit details
   • Copy full SHA for d476780
   • Browse repository at this point

   Copy the full SHA

   d476780 View commit details

   Browse the repository at this point in the history