'secret-changed' event not emitted/processed (occurs on pipelines ONLY)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
In Progress
|
High
|
Yang Kelvin Liu |
Bug Description
I'm coming across this most peculiar syndrome.
The `secret-changed` event is being emitted when running the folowing pipeline on AWS. However there is NO `secret-changed` event (despite VERY long waiting delays) on the pipeline.
Environment: Juju 3.1, LXD (AWS: c5a.8xlarge)
In order to support debugging, I've added a separate branch with the impacted code, and debug messages to indicate secret changes and secret-changed event handlers being triggered (or not).
Essentially when the same code is executed on AWS, `secret-changed` events are triggered as expected (allowing for the charm to reconcile and change status accordingly).
Running the code on a pipeline, the `secret-changed` events are skipped. (Thus the charm is stuck in an outdated configuration state.)
C
What you find on the pipeline is this:
unit-opensearch
unit-opensearch
The same on AWS looks like this:
unit-opensearch
unit-opensearch
unit-opensearch
unit-opensearch
unit-opensearch
unit-opensearch
unit-opensearch
unit-opensearch
unit-opensearch
There are NO log entries for `secret-changed` events in the pipeline logs.
There's a number of them in the AWS logs (attached).
NOTE the ***2 minutes*** sleep ensuring that it's not a matter of timing
Regarding the demonstrative PR:
- in case you are worried for complexity: I'm glad to offer a sync to highlight on the essentials for debugging
- despite the name of the pipeline, NO HA TESTS are invoked for this debugging
- the syndrome happens on a simple relate/integrate
- the pipeline failure is exactly due to the missing `secret-changed` event
- TLS-related changes never make it to the config
- the "failing" 'Check libs' pipeline is to signify that I've added a LOT of custom logging to data-platform-libs to facilitate debugging
- we aplogize for the high complexity in data-platform-libs (we hope to simplify that soon)
- NOTE that if you sufficienty incrase the time delay, the `update-status` hook will trigger a reconcile() -- thus the missing information will be populated.
Demonstrative code: https:/
Example pipeline: https:/
- it's the ha/test_
- note the "Upload logs" step at the bottom -- you can retrieve the full `debug-log` here
summary: |
- 'secret-changed' event emitted/processed + 'secret-changed' event not emitted/processed |
Changed in juju: | |
milestone: | none → 3.3.5 |
status: | New → Triaged |
importance: | Undecided → High |
tags: | added: canonical-data-platform-eng |
summary: |
- 'secret-changed' event not emitted/processed + 'secret-changed' event not emitted/processed (occurs on pipelines ONLY) |
Changed in juju: | |
status: | Triaged → In Progress |
assignee: | nobody → Yang Kelvin Liu (kelvin.liu) |
Changed in juju: | |
milestone: | 3.3.5 → 3.3.6 |
Hi Judit
Do we have a reproducing step or steps to deploy locally for me to investigate?