Skip to content

Improve config reload error reporting with severity-aware task logs#13090

Open
brbzull0 wants to merge 5 commits intoapache:masterfrom
brbzull0:config-reload-error-reporting
Open

Improve config reload error reporting with severity-aware task logs#13090
brbzull0 wants to merge 5 commits intoapache:masterfrom
brbzull0:config-reload-error-reporting

Conversation

@brbzull0
Copy link
Copy Markdown
Contributor

@brbzull0 brbzull0 commented Apr 15, 2026
edited
Loading

Unify diagnostic logging (diags.log) with ConfigContext task logs (traffic_ctl config status) via CfgLoad* macros.
Each task log entry now carries a DiagsLevel severity, enabling --min-level filtering in traffic_ctl and severity tags in output ([Note], [Err], etc). Reload summaries are logged to diags.log after a grace period, with detailed per-subtask dumps under the config.reload debug tag.

the entire idea is to get the following sort of visibility:

Successful reload

$ traffic_ctl config status

✔ Reload [success] — rldtk-1739808000000
  Started : 2026 Apr 14 12:00:00.123
  Finished: 2026 Apr 14 12:00:00.368
  Duration: 245ms

  ✔ 11 success  ◌ 0 in-progress  ✗ 0 failed  (11 total)

  Tasks:
   ✔ ip_allow.yaml ·································  18ms
      [Note]  ip_allow.yaml loading ...
      [Note]  ip_allow.yaml finished loading
   ✔ ssl_client_coordinator ·························   2ms
   │  [Note]  SSL configs reloaded
   ├─ ✔ SSLConfig ···································   0ms
   │     [Note]  SSLConfig loading ...
   │     [Dbg]   Reload SSLConfig
   │     [Note]  SSLConfig reloaded
   ├─ ✔ SNIConfig ···································   1ms
   │     [Note]  sni.yaml loading ...
   │     [Note]  sni.yaml finished loading
   └─ ✔ SSLCertificateConfig ························ 119ms
         [Note]  (ssl) ssl_multicert.yaml loading ...
         [Note]  (ssl) ssl_multicert.yaml finished loading
   ✔ ssl_ticket_key ·································   1ms
      [Note]  SSL ticket key loading ...
      [Note]  SSL ticket key reloaded
   ...

Failed reload — SNI parse error

$ traffic_ctl config status -t hotfix-cert

✗ Reload [fail] — hotfix-cert
  Started : 2026 Apr 14 14:30:10.500
  Finished: 2026 Apr 14 14:30:10.810
  Duration: 310ms

  ✔ 9 success  ◌ 0 in-progress  ✗ 2 failed  (11 total)

  Tasks:
   ✔ ip_allow.yaml ·································  18ms
      [Note]  ip_allow.yaml loading ...
      [Note]  ip_allow.yaml finished loading
   ✗ ssl_client_coordinator ·························  85ms  ✗ FAIL
   │  [Note]  SSL configs reloaded
   ├─ ✔ SSLConfig ···································  10ms
   │     [Note]  SSLConfig loading ...
   │     [Dbg]   Reload SSLConfig
   │     [Note]  SSLConfig reloaded
   ├─ ✗ SNIConfig ···································  12ms  ✗ FAIL
   │     [Note]  sni.yaml loading ...
   │     [Err]   sni.yaml failed to load
   └─ ✔ SSLCertificateConfig ························  13ms
         [Note]  (ssl) ssl_multicert.yaml loading ...
         [Note]  (ssl) ssl_multicert.yaml finished loading
   ...

Failed reload — partial SSL cert failures

$ traffic_ctl config status -t ssl-bulk-partial

✗ Reload [fail] — ssl-bulk-partial
  Started : 2026 Apr 14 12:29:19.586
  Finished: 2026 Apr 14 12:29:19.700
  Duration: 114ms

  ✔ 5 success  ◌ 0 in-progress  ✗ 2 failed  (8 total)

  Tasks:
   ✗ ssl_client_coordinator ·························  106ms  ✗ FAIL
   │  [Note]  SSL configs reloaded
   ├─ ✔ SSLConfig ···································    1ms
   │     [Note]  SSLConfig loading ...
   │     [Dbg]   Reload SSLConfig
   │     [Note]  SSLConfig reloaded
   ├─ ✔ SNIConfig ···································    0ms
   │     [Note]  sni.yaml loading ...
   │     [Note]  sni.yaml finished loading
   └─ ✗ SSLCertificateConfig ························  105ms  ✗ FAIL
         [Note]  (ssl) ssl_multicert.yaml loading ...
         [Err]   Failed to load certificate 'cert-05.pem' at item 5
         [Err]   Failed to load certificate 'cert-09.pem' at item 9
         [Err]   Failed to load certificate 'cert-17.pem' at item 17
         [Err]   (ssl) ssl_multicert.yaml failed to load
   ✔ ssl_ticket_key ·································    0ms
      [Note]  SSL ticket key loading ...
      [Note]  SSL ticket key reloaded

--min-level filtering — errors and warnings only

$ traffic_ctl config status -t ssl-bulk-partial --min-level warning

✗ Reload [fail] — ssl-bulk-partial
  ...
  Tasks:
   ✗ ssl_client_coordinator ·························  106ms  ✗ FAIL
   ├─ ✔ SSLConfig ···································    1ms
   ├─ ✔ SNIConfig ···································    0ms
   └─ ✗ SSLCertificateConfig ························  105ms  ✗ FAIL
         [Err]   Failed to load certificate 'cert-05.pem' at item 5
         [Err]   Failed to load certificate 'cert-09.pem' at item 9
         [Err]   Failed to load certificate 'cert-17.pem' at item 17
         [Err]   (ssl) ssl_multicert.yaml failed to load
   ✔ ssl_ticket_key ·································    0ms

diags.log — one-line reload summaries

NOTE: Config reload [my-token] completed successfully: 3 tasks succeeded (3 total)
WARNING: Config reload [my-token] finished with failures: 1 succeeded, 1 failed (3 total) — run: traffic_ctl config status -t my-token

diags.log — detailed dump via config.reload debug tag

DIAG: (config.reload)   [fail] ssl_client_coordinator
DIAG: (config.reload)     [Note] SSL configs reloaded
DIAG: (config.reload)     [success] SSLConfig
DIAG: (config.reload)       [Note] SSLConfig loading ...
DIAG: (config.reload)       [Dbg] Reload SSLConfig
DIAG: (config.reload)       [Note] SSLConfig reloaded
DIAG: (config.reload)     [fail] SNIConfig
DIAG: (config.reload)       [Note] sni.yaml loading ...
DIAG: (config.reload)       [Err] sni.yaml failed to load
DIAG: (config.reload)   [success] ssl_ticket_key
DIAG: (config.reload)     [Note] SSL ticket key loading ...
DIAG: (config.reload)     [Note] SSL ticket key reloaded

Severity tags

Tag Level Source
[Dbg] Debug CfgLoadDbg macro
[Note] Note CfgLoadInProgress, CfgLoadComplete, CfgLoadLog(DL_Note), ctx.in_progress(text), ctx.complete(text)
[Warn] Warning CfgLoadFail(DL_Warning), CfgLoadLog(DL_Warning)
[Err] Error CfgLoadFail(DL_Error), ctx.fail(text)

Fixes: #12963

Damian Meden added 3 commits April 15, 2026 12:12
Add severity-aware logging to config reload framework
61abfd7 
Unify diagnostic logging (diags.log) with ConfigContext task logs
(traffic_ctl config status) via CfgLoad* macros. Each task log
entry now carries a DiagsLevel severity, enabling --min-level
filtering in traffic_ctl and severity tags in output ([Note],
[Err], etc). Reload summaries are logged to diags.log after a
grace period, with detailed per-subtask dumps under the
config.reload debug tag.

Fixes: apache#12963
cleanup
b730cd0
Fix log for the sslconfig module
66fb7a3
@brbzull0 brbzull0 self-assigned this Apr 15, 2026
@brbzull0 brbzull0 changed the title Config reload error reporting Improve config reload error reporting with severity-aware task logs Apr 15, 2026
@brbzull0 brbzull0 added this to the 11.0.0 milestone Apr 15, 2026
@brbzull0
Copy link
Copy Markdown
Contributor Author

brbzull0 commented Apr 16, 2026

[approve ci FreeBSD]

@brbzull0
Copy link
Copy Markdown
Contributor Author

brbzull0 commented Apr 16, 2026

[approve ci osx]

@brbzull0
Copy link
Copy Markdown
Contributor Author

brbzull0 commented Apr 16, 2026

[approve ci freebsd]

@brbzull0 brbzull0 marked this pull request as ready for review April 16, 2026 15:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@brbzull0 brbzull0

Labels

Config Reload

Projects

None yet

Milestone

11.0.0

Development

Successfully merging this pull request may close these issues.

ATS Reload migration task. Improve error reporting

1 participant

@brbzull0