search

istio / old_mixer_repo

Deprecated home of Istio's Mixer and its adapters, now in istio/istio's mixer dir
https://github.com/istio/istio/tree/master/mixer
Apache License 2.0
67 stars 93 forks source link

cant add quotas with istioctl #1287

Open kyessenov opened 7 years ago

kyessenov commented 7 years ago

@karmab commented on Wed Sep 13 2017

when running on top of openshift and trying to create a quota with

istioctl -v 10 mixer rule create global ratings.myproject.svc.cluster.local -f ratelimit.yaml -n myproject

i get the following ERROR:

Error: failed to PUT api/v1/scopes/global/subjects/ratings.myproject.svc.cluster.local/rules with status 500: mkdir /etc/opt/mixer/configroot/scopes/global/subjects/ratings.myproject.svc.cluster.local: permission denied

@kyessenov commented on Wed Sep 13 2017

moving to the appropriate channel

karmab commented 7 years ago

full client trace ( running with -v 10 ) 

I0913 16:42:43.856366   14490 loader.go:357] Config loaded from file /root/.kube/config
I0913 16:42:43.858506   14490 request.go:811] Request Body: rules:
- aspects:
  - kind: quotas
    params:
      quotas:
      - descriptorName: RequestCount
        maxAmount: 1
        expiration: 1s
I0913 16:42:43.858560   14490 round_trippers.go:386] curl -k -v -XPUT  -H "Accept: application/json, */*" -H "Content-Type: application/json" https://127.0.0.1:8443/api/v1/namespaces/myproject/services/istio-mixer:9094/proxy/api/v1/scopes/global/subjects/ratings.myproject.svc.cluster.local/rules
I0913 16:42:43.884802   14490 round_trippers.go:405] PUT https://127.0.0.1:8443/api/v1/namespaces/myproject/services/istio-mixer:9094/proxy/api/v1/scopes/global/subjects/ratings.myproject.svc.cluster.local/rules 500 Internal Server Error in 26 milliseconds
I0913 16:42:43.884820   14490 round_trippers.go:411] Response Headers:
I0913 16:42:43.884825   14490 round_trippers.go:414]     Cache-Control: no-store
I0913 16:42:43.884829   14490 round_trippers.go:414]     Content-Type: application/json
I0913 16:42:43.884832   14490 round_trippers.go:414]     Date: Wed, 13 Sep 2017 16:42:43 GMT
I0913 16:42:43.884836   14490 round_trippers.go:414]     Content-Length: 162
I0913 16:42:43.884860   14490 request.go:811] Response Body: {
  "status": {
   "code": 2,
   "message": "mkdir /etc/opt/mixer/configroot/scopes/global/subjects/ratings.myproject.svc.cluster.local: permission denied"
  }
 }
Error: failed to PUT api/v1/scopes/global/subjects/ratings.myproject.svc.cluster.local/rules with status 500: mkdir /etc/opt/mixer/configroot/scopes/global/subjects/ratings.myproject.svc.cluster.local: permission denied
[root@origin2 quotas]# istioctl -v mixer rule create global ratings.myproject.svc.cluster.local -f ratelimit.yaml -n myproject
Error: unknown command "rule" for "istioctl"
Run 'istioctl --help' for usage.
[root@origin2 quotas]# istioctl mixer rule create global ratings.myproject.svc.cluster.local -f ratelimit.yaml -n myproject
Error: failed to PUT api/v1/scopes/global/subjects/ratings.myproject.svc.cluster.local/rules with status 500: mkdir /etc/opt/mixer/configroot/scopes/global/subjects/ratings.myproject.svc.cluster.local: permission denied

server trace

I0913 16:56:45.614898       1 adapterInfoRegistry.go:36] Registering [0] (adapter.InfoFn)(0x5d1ec0)
I0913 16:56:45.614936       1 adapterInfoRegistry.go:36] Registering [1] (adapter.InfoFn)(0x7ccef0)
I0913 16:56:45.614941       1 adapterInfoRegistry.go:36] Registering [2] (adapter.InfoFn)(0x7d3f60)
I0913 16:56:45.614959       1 adapterInfoRegistry.go:36] Registering [3] (adapter.InfoFn)(0x7e97e0)
I0913 16:56:45.614965       1 adapterInfoRegistry.go:36] Registering [4] (adapter.InfoFn)(0x8421d0)
I0913 16:56:45.614971       1 adapterInfoRegistry.go:36] Registering [5] (adapter.InfoFn)(0x9567d0)
I0913 16:56:45.614975       1 adapterInfoRegistry.go:36] Registering [6] (adapter.InfoFn)(0x9617f0)
I0913 16:56:45.614979       1 adapterInfoRegistry.go:36] Registering [7] (adapter.InfoFn)(0x9918f0)
I0913 16:56:45.614984       1 adapterInfoRegistry.go:36] Registering [8] (adapter.InfoFn)(0x9a7290)
W0913 16:56:45.616847       1 descriptor.go:183] attributes missing
W0913 16:56:45.617263       1 descriptor.go:183] monitoredResources missing
W0913 16:56:45.617270       1 descriptor.go:183] principals missing
I0913 16:56:45.618198       1 expr.go:412] expression cache miss for 'source.ip | ip("0.0.0.0")'
I0913 16:56:45.618217       1 expr.go:383] Parsed expression 'source.ip | ip("0.0.0.0")' into '&{%!s(*ast.SelectorExpr=&{0xc421f1c9c0 0xc421f1c9e0}) %!s(token.Pos=11) | %!s(*ast.CallExpr=&{0xc421f1ca20 15 [0xc421f1ca40] 0 25})}'
I0913 16:56:45.618252       1 expr.go:420] caching expression for 'source.ip | ip("0.0.0.0")''
I0913 16:56:45.618261       1 expr.go:412] expression cache miss for 'source.uid | ""'
I0913 16:56:45.618268       1 expr.go:383] Parsed expression 'source.uid | ""' into '&{%!s(*ast.SelectorExpr=&{0xc421f1cba0 0xc421f1cbc0}) %!s(token.Pos=12) | %!s(*ast.BasicLit=&{14 9 ""})}'
I0913 16:56:45.618277       1 expr.go:420] caching expression for 'source.uid | ""''
I0913 16:56:45.618281       1 expr.go:412] expression cache miss for 'target.ip | ip("0.0.0.0")'
I0913 16:56:45.618287       1 expr.go:383] Parsed expression 'target.ip | ip("0.0.0.0")' into '&{%!s(*ast.SelectorExpr=&{0xc421f1ce80 0xc421f1cea0}) %!s(token.Pos=11) | %!s(*ast.CallExpr=&{0xc421f1cf00 15 [0xc421f1cf20] 0 25})}'
I0913 16:56:45.618295       1 expr.go:420] caching expression for 'target.ip | ip("0.0.0.0")''
I0913 16:56:45.618299       1 expr.go:412] expression cache miss for 'target.uid | ""'
I0913 16:56:45.618304       1 expr.go:383] Parsed expression 'target.uid | ""' into '&{%!s(*ast.SelectorExpr=&{0xc421f1d080 0xc421f1d0a0}) %!s(token.Pos=12) | %!s(*ast.BasicLit=&{14 9 ""})}'
I0913 16:56:45.618310       1 expr.go:420] caching expression for 'target.uid | ""''
I0913 16:56:45.618486       1 expr.go:412] expression cache miss for '1'
I0913 16:56:45.618497       1 expr.go:383] Parsed expression '1' into '&{%!s(token.Pos=1) INT 1}'
I0913 16:56:45.618503       1 expr.go:420] caching expression for '1''
I0913 16:56:45.618508       1 expr.go:412] expression cache miss for 'request.path | "unknown"'
I0913 16:56:45.618514       1 expr.go:383] Parsed expression 'request.path | "unknown"' into '&{%!s(*ast.SelectorExpr=&{0xc42171e1c0 0xc42171e1e0}) %!s(token.Pos=14) | %!s(*ast.BasicLit=&{16 9 "unknown"})}'
I0913 16:56:45.618524       1 expr.go:420] caching expression for 'request.path | "unknown"''
I0913 16:56:45.618529       1 expr.go:412] expression cache miss for 'response.code | 200'
I0913 16:56:45.618536       1 expr.go:383] Parsed expression 'response.code | 200' into '&{%!s(*ast.SelectorExpr=&{0xc42171e3a0 0xc42171e3c0}) %!s(token.Pos=15) | %!s(*ast.BasicLit=&{17 5 200})}'
I0913 16:56:45.618543       1 expr.go:420] caching expression for 'response.code | 200''
I0913 16:56:45.618549       1 expr.go:412] expression cache miss for 'target.labels["app"] | "unknown"'
I0913 16:56:45.618555       1 expr.go:383] Parsed expression 'target.labels["app"] | "unknown"' into '&{%!s(*ast.IndexExpr=&{0xc42171e5a0 14 0xc42171e5c0 20}) %!s(token.Pos=22) | %!s(*ast.BasicLit=&{24 9 "unknown"})}'
I0913 16:56:45.618566       1 expr.go:420] caching expression for 'target.labels["app"] | "unknown"''
I0913 16:56:45.618570       1 expr.go:412] expression cache miss for 'source.labels["app"] | "unknown"'
I0913 16:56:45.618575       1 expr.go:383] Parsed expression 'source.labels["app"] | "unknown"' into '&{%!s(*ast.IndexExpr=&{0xc42171e7e0 14 0xc42171e800 20}) %!s(token.Pos=22) | %!s(*ast.BasicLit=&{24 9 "unknown"})}'
I0913 16:56:45.618585       1 expr.go:420] caching expression for 'source.labels["app"] | "unknown"''
I0913 16:56:45.618588       1 expr.go:412] expression cache miss for 'target.service | "unknown"'
I0913 16:56:45.618595       1 expr.go:383] Parsed expression 'target.service | "unknown"' into '&{%!s(*ast.SelectorExpr=&{0xc42171e9e0 0xc42171ea00}) %!s(token.Pos=16) | %!s(*ast.BasicLit=&{18 9 "unknown"})}'
I0913 16:56:45.618602       1 expr.go:420] caching expression for 'target.service | "unknown"''
I0913 16:56:45.618605       1 expr.go:412] expression cache miss for 'target.labels["version"] | "unknown"'
I0913 16:56:45.618613       1 expr.go:383] Parsed expression 'target.labels["version"] | "unknown"' into '&{%!s(*ast.IndexExpr=&{0xc42171ece0 14 0xc42171ed20 24}) %!s(token.Pos=26) | %!s(*ast.BasicLit=&{28 9 "unknown"})}'
I0913 16:56:45.618622       1 expr.go:420] caching expression for 'target.labels["version"] | "unknown"''
I0913 16:56:45.618629       1 expr.go:412] expression cache miss for 'response.latency | response.duration | "0ms"'
I0913 16:56:45.618638       1 expr.go:383] Parsed expression 'response.latency | response.duration | "0ms"' into '&{%!s(*ast.BinaryExpr=&{0xc42171ef40 18 18 0xc42171efc0}) %!s(token.Pos=38) | %!s(*ast.BasicLit=&{40 9 "0ms"})}'
I0913 16:56:45.618647       1 expr.go:420] caching expression for 'response.latency | response.duration | "0ms"''
I0913 16:56:45.618788       1 expr.go:412] expression cache miss for 'request.method'
I0913 16:56:45.618797       1 expr.go:383] Parsed expression 'request.method' into '&{request method}'
I0913 16:56:45.618802       1 expr.go:420] caching expression for 'request.method''
I0913 16:56:45.618806       1 expr.go:412] expression cache miss for 'origin.ip'
I0913 16:56:45.618811       1 expr.go:383] Parsed expression 'origin.ip' into '&{origin ip}'
I0913 16:56:45.618815       1 expr.go:420] caching expression for 'origin.ip''
I0913 16:56:45.618818       1 expr.go:412] expression cache miss for 'request.scheme'
I0913 16:56:45.618822       1 expr.go:383] Parsed expression 'request.scheme' into '&{request scheme}'
I0913 16:56:45.618826       1 expr.go:420] caching expression for 'request.scheme''
I0913 16:56:45.618830       1 expr.go:412] expression cache miss for 'response.code'
I0913 16:56:45.618834       1 expr.go:383] Parsed expression 'response.code' into '&{response code}'
I0913 16:56:45.618838       1 expr.go:420] caching expression for 'response.code''
I0913 16:56:45.618848       1 expr.go:412] expression cache miss for 'response.size'
I0913 16:56:45.618853       1 expr.go:383] Parsed expression 'response.size' into '&{response size}'
I0913 16:56:45.618857       1 expr.go:420] caching expression for 'response.size''
I0913 16:56:45.618861       1 expr.go:412] expression cache miss for 'origin.user'
I0913 16:56:45.618865       1 expr.go:383] Parsed expression 'origin.user' into '&{origin user}'
I0913 16:56:45.618869       1 expr.go:420] caching expression for 'origin.user''
I0913 16:56:45.618872       1 expr.go:412] expression cache miss for 'request.time'
I0913 16:56:45.618877       1 expr.go:383] Parsed expression 'request.time' into '&{request time}'
I0913 16:56:45.618880       1 expr.go:420] caching expression for 'request.time''
I0913 16:56:45.618884       1 expr.go:412] expression cache miss for 'request.path'
I0913 16:56:45.618888       1 expr.go:383] Parsed expression 'request.path' into '&{request path}'
I0913 16:56:45.618892       1 expr.go:420] caching expression for 'request.path''
W0913 16:56:45.619212       1 apiserver.go:329] Failed to save /scopes/global/subjects/ratings.myproject.svc.cluster.local/rules
douglas-reid commented 7 years ago

@karmab can you add version information (including Mixer version, cluster version, rbac, etc.) to the bug description?

karmab commented 7 years ago

i m using the following gcr.io/istio-testing/mixer a6e8b94c9217394139f41acb5c9bfdc19426690d kubernetes v1.7.0+695f48a16f

mandarjog commented 7 years ago

Hi @karmab that way of creating rate limits is no longer supported. Use kubectl to push the rate limit rule in and use a newer build. Use a file like this https://github.com/istio/mixer/blob/master/testdata/config/quota.yaml to set rate limits.

karmab commented 7 years ago

hello @mandarjog today i tried with 0.2.2 commit and still get an error :( 

I0915 18:45:38.896012       1 controller.go:207] Publishing 3 events
I0915 18:45:38.896076       1 controller.go:266] handler = map[handler.memquota.istio-system:name:"handler.memquota.istio-system" adapter:"memquota" params:&Params{Quotas:[{requestcount.quota.istio-config-default 5000 1s [{map[destination:ratings source:reviews] 1 1s} {map[destination:ratings] 100 1s}]}],MinDeduplicationDuration:1s,} ]
I0915 18:45:38.896292       1 evaluator.go:210] evaluator.getOrCreateCacheEntry failed expr:'source.labels["app"] | source.service | "unknown"', err: unknown attribute source.labels
I0915 18:45:38.896300       1 evaluator.go:132] evaluator.EvalType failed expr:'source.labels["app"] | source.service | "unknown"', err: unknown attribute source.labels
W0915 18:45:38.896308       1 controller.go:486] Filtering action from rule istio-system/quota. Handler handler.memquota.istio-system could not be initialized due to cannot infer type information from params in instance 'requestcount.quota.istio-system': unknown attribute source.labels.
W0915 18:45:38.896314       1 controller.go:499] Purging rule quota with no actions
I0915 18:45:38.896321       1 controller.go:167] Published snapshot[2] with 0 rules, 1 handlers, previously 0 rules
I0915 18:45:38.896325       1 controller.go:526] cleanupResolver[1] handler table has 0 entries