From 509f862494dfbd5f617f03927a6c044c8d96a9c6 Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Tue, 11 Apr 2023 09:36:10 -0400 Subject: [PATCH] Log, don't err, on unified delta WAL write failure (#20057) * Log, don't err, on unified delta WAL write failure When the PBPWF fails on the Active node of a PR Secondary cluster with a read-only failure, there is no value in forwarding this request up to the Active node of the PR Primary cluster: it does not have the local revocation context necessary to write a Delta WAL entry for this request, and would likely end up writing a cross-cluster revocation entry (if it is enabled) or else erring completely. Instead, log this error like we do when failing to write unified CRL entries. Switch both to using Error instead of Debug for this type of failure. Signed-off-by: Alexander Scheel * Add changelog entry Signed-off-by: Alexander Scheel --------- Signed-off-by: Alexander Scheel --- builtin/logical/pki/crl_util.go | 10 +++++++--- changelog/20057.txt | 3 +++ 2 files changed, 10 insertions(+), 3 deletions(-) create mode 100644 changelog/20057.txt diff --git a/builtin/logical/pki/crl_util.go b/builtin/logical/pki/crl_util.go index 4454dce3e..42b3e6843 100644 --- a/builtin/logical/pki/crl_util.go +++ b/builtin/logical/pki/crl_util.go @@ -996,7 +996,7 @@ func revokeCert(sc *storageContext, config *crlConfig, cert *x509.Certificate) ( if ignoreErr != nil { // Just log the error if we fail to write across clusters, a separate background // thread will reattempt it later on as we have the local write done. - sc.Backend.Logger().Debug("Failed to write unified revocation entry, will re-attempt later", + sc.Backend.Logger().Error("Failed to write unified revocation entry, will re-attempt later", "serial_number", colonSerial, "error", ignoreErr) sc.Backend.unifiedTransferStatus.forceRun() } @@ -1046,8 +1046,12 @@ func writeRevocationDeltaWALs(sc *storageContext, config *crlConfig, hyphenSeria // listing for the unified CRL rebuild, this revocation will not // appear on either the main or the next delta CRL, but will need to // wait for a subsequent complete CRL rebuild). - if err := writeSpecificRevocationDeltaWALs(sc, hyphenSerial, colonSerial, unifiedDeltaWALPath); err != nil { - return fmt.Errorf("failed to write cross-cluster delta WAL entry: %w", err) + if ignoredErr := writeSpecificRevocationDeltaWALs(sc, hyphenSerial, colonSerial, unifiedDeltaWALPath); ignoredErr != nil { + // Just log the error if we fail to write across clusters, a separate background + // thread will reattempt it later on as we have the local write done. + sc.Backend.Logger().Error("Failed to write cross-cluster delta WAL entry, will re-attempt later", + "serial_number", colonSerial, "error", ignoredErr) + sc.Backend.unifiedTransferStatus.forceRun() } } diff --git a/changelog/20057.txt b/changelog/20057.txt new file mode 100644 index 000000000..585a07d91 --- /dev/null +++ b/changelog/20057.txt @@ -0,0 +1,3 @@ +```release-note: bug +secrets/pki: Ensure cross-cluster delta WAL write failure only logs to avoid unattended forwarding. +```