Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vault: fix renewal time #5479

Merged
merged 3 commits into from
Apr 16, 2019
Merged

vault: fix renewal time #5479

merged 3 commits into from
Apr 16, 2019

Conversation

schmichael
Copy link
Member

@schmichael schmichael commented Mar 27, 2019
edited
Loading

Renewal time was being calculated as 10s+Intn(lease-10s), so the renewal
time could be very rapid or within 1s of the deadline: [10s, lease)

This commit fixes the renewal time by calculating it as:

(lease/2) +/- 10s

For a lease of 60s this means the renewal will occur in [20s, 40s).

Fixes #5471

@schmichael schmichael requested a review from vishalnayak March 27, 2019 16:54
@vishalnayak
Copy link
Member

LGTM!

@schmichael schmichael marked this pull request as ready for review April 11, 2019 15:01
schmichael added a commit that referenced this pull request Apr 11, 2019
@schmichael
changelog: add #5479
821e0a4
@schmichael
vault: fix renewal time
0e6da17 
Renewal time was being calculated as 10s+Intn(lease-10s), so the renewal
time could be very rapid or within 1s of the deadline: [10s, lease)

This commit fixes the renewal time by calculating it as:

	(lease/2) +/- 10s

For a lease of 60s this means the renewal will occur in [20s, 40s).
@schmichael
vault: fix data races
b135d28
@schmichael
changelog: add #5479
888304b
@schmichael schmichael merged commit 009b750 into master Apr 16, 2019
@schmichael schmichael deleted the b-vault-renewal branch April 16, 2019 19:20
@jippi
Copy link
Contributor

jippi commented Apr 18, 2019

@schmichael is this also a bug in the 0.8.x line?

@schmichael
Copy link
Member Author

@jippi Yes, unfortunately this bug goes wwwwwway back.

@jippi
Copy link
Contributor

jippi commented Apr 20, 2019
edited
Loading

@schmichael any chance to backport to 0.8? we've been suffering quite a lot from Nomad<>Vault nomad-servers & allocs losing their credentials to DBs and similar, and this seem like a pretty good bet on that issue. I would estimate our issues has caused 4-7h of total downtime in prod last 2 years

@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 12, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@preetapan preetapan preetapan approved these changes

@vishalnayak vishalnayak Awaiting requested review from vishalnayak

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Window for per-task Vault token renewal time extremely wide by design?
4 participants
@schmichael @vishalnayak @jippi @preetapan