From b5fa9fd16fbaa1ceac95ff3a7f4c8e9f414ee525 Mon Sep 17 00:00:00 2001 From: Dan Engelbrecht Date: Thu, 2 Apr 2026 09:58:42 +0200 Subject: s3 and consul fixes (#916) * fix endpoint for stats/hub in compute/hub.html page * fix api token call failure for imds (using wrong overload for Put) * add "localhost" to healt check url in consul when no address is given * add consul fallback deregister if normal deregister fails * add consul registration unit test --- src/zenutil/cloud/imdscredentials.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/zenutil/cloud/imdscredentials.cpp') diff --git a/src/zenutil/cloud/imdscredentials.cpp b/src/zenutil/cloud/imdscredentials.cpp index dde1dc019..5a6cf45d2 100644 --- a/src/zenutil/cloud/imdscredentials.cpp +++ b/src/zenutil/cloud/imdscredentials.cpp @@ -115,7 +115,7 @@ ImdsCredentialProvider::FetchToken() HttpClient::KeyValueMap Headers; Headers->emplace("X-aws-ec2-metadata-token-ttl-seconds", "21600"); - HttpClient::Response Response = m_HttpClient.Put("/latest/api/token", Headers); + HttpClient::Response Response = m_HttpClient.Put("/latest/api/token", IoBuffer{}, Headers); if (!Response.IsSuccess()) { ZEN_WARN("IMDS token request failed: {}", Response.ErrorMessage("PUT /latest/api/token")); -- cgit v1.2.3 From 3d59b5d7036c35fe484d052ff32dbdc9d0a75cf7 Mon Sep 17 00:00:00 2001 From: Dan Engelbrecht Date: Mon, 13 Apr 2026 19:17:09 +0200 Subject: fix utf characters in source code (#953) --- src/zenutil/cloud/imdscredentials.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/zenutil/cloud/imdscredentials.cpp') diff --git a/src/zenutil/cloud/imdscredentials.cpp b/src/zenutil/cloud/imdscredentials.cpp index 5a6cf45d2..b025eb6da 100644 --- a/src/zenutil/cloud/imdscredentials.cpp +++ b/src/zenutil/cloud/imdscredentials.cpp @@ -213,7 +213,7 @@ ImdsCredentialProvider::FetchCredentials() } else { - // Expiration is in the past or unparseable — force refresh next time + // Expiration is in the past or unparseable - force refresh next time NewExpiresAt = std::chrono::steady_clock::now(); } @@ -369,7 +369,7 @@ TEST_CASE("imdscredentials.fetch_from_mock") TEST_CASE("imdscredentials.unreachable_endpoint") { - // Point at a non-existent server — should return empty credentials, not crash + // Point at a non-existent server - should return empty credentials, not crash ImdsCredentialProviderOptions Opts; Opts.Endpoint = "http://127.0.0.1:1"; // unlikely to have anything listening Opts.ConnectTimeout = std::chrono::milliseconds(100); -- cgit v1.2.3 From 6aa4efa21a09990998a4054e805e595ef38ae785 Mon Sep 17 00:00:00 2001 From: Dan Engelbrecht Date: Mon, 20 Apr 2026 22:13:10 +0200 Subject: hide secrets from log and sentry (#989) * scrub sensitive command line options from log and sentry --- src/zenutil/cloud/imdscredentials.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/zenutil/cloud/imdscredentials.cpp') diff --git a/src/zenutil/cloud/imdscredentials.cpp b/src/zenutil/cloud/imdscredentials.cpp index b025eb6da..433afdc3c 100644 --- a/src/zenutil/cloud/imdscredentials.cpp +++ b/src/zenutil/cloud/imdscredentials.cpp @@ -226,7 +226,7 @@ ImdsCredentialProvider::FetchCredentials() if (KeyChanged) { - ZEN_INFO("IMDS credentials refreshed (AccessKeyId: {}...)", m_CachedCredentials.AccessKeyId.substr(0, 8)); + ZEN_INFO("IMDS credentials refreshed (AccessKeyId: {})", HideSensitiveString(m_CachedCredentials.AccessKeyId)); } else { -- cgit v1.2.3 From 6b59d3d37dcc6320929df2f0074f9a1cb506d1fd Mon Sep 17 00:00:00 2001 From: Dan Engelbrecht Date: Tue, 21 Apr 2026 16:26:57 +0200 Subject: improved s3 hydration (#997) - Improvement: Hub shares a single S3 client and IMDS credential provider across all modules, reducing IMDS load and surviving transient IMDS blips during bulk provisioning - Improvement: Hub validates hydration config at startup; bad `--hub-hydration-target-spec` or `--hub-hydration-target-config` now fails `zen hub` at boot instead of per-module at first hydrate - Improvement: S3 hydration multipart chunk size configurable via `settings.chunk-size` (default 32 MiB) - Improvement: S3 client extracts `` and `` from XML error bodies (previously logged as ``) - Improvement: S3 client fails fast with a "no credentials available" error when AWS credentials are missing, instead of sending an unsigned request that S3 rejects with a generic 400 - Improvement: IMDS credential provider retries transient connection failures (up to 3 attempts with backoff) - Improvement: HTTP clients with `RetryCount > 0` also retry on `CURLE_COULDNT_CONNECT` --- src/zenutil/cloud/imdscredentials.cpp | 1 + 1 file changed, 1 insertion(+) (limited to 'src/zenutil/cloud/imdscredentials.cpp') diff --git a/src/zenutil/cloud/imdscredentials.cpp b/src/zenutil/cloud/imdscredentials.cpp index 433afdc3c..a23cb9c28 100644 --- a/src/zenutil/cloud/imdscredentials.cpp +++ b/src/zenutil/cloud/imdscredentials.cpp @@ -64,6 +64,7 @@ ImdsCredentialProvider::ImdsCredentialProvider(const ImdsCredentialProviderOptio .LogCategory = "imds", .ConnectTimeout = Options.ConnectTimeout, .Timeout = Options.RequestTimeout, + .RetryCount = 3, }) { ZEN_INFO("IMDS credential provider configured (endpoint: {})", m_HttpClient.GetBaseUri()); -- cgit v1.2.3