From 3df584043e196a2c224d9a3563a7286e6999a0de Mon Sep 17 00:00:00 2001 From: Aleksey Savaitan Date: Thu, 12 Sep 2024 17:40:10 +0300 Subject: [PATCH] [#1361] add root ca cert for telemetry configuration Signed-off-by: Aleksey Savaitan --- cmd/frostfs-node/config.go | 6 ++++- cmd/frostfs-node/config/tracing/config.go | 23 +++++++++++++++-- cmd/frostfs-node/tracing.go | 10 +++++--- config/example/node.env | 1 + config/example/node.json | 3 ++- config/example/node.yaml | 1 + go.mod | 30 +++++++++++----------- go.sum | Bin 40699 -> 40699 bytes 8 files changed, 52 insertions(+), 22 deletions(-) diff --git a/cmd/frostfs-node/config.go b/cmd/frostfs-node/config.go index f98f1c1a3..bb6580a40 100644 --- a/cmd/frostfs-node/config.go +++ b/cmd/frostfs-node/config.go @@ -1299,7 +1299,11 @@ func (c *cfg) reloadConfig(ctx context.Context) { }}) components = append(components, dCmp{"pools", c.reloadPools}) components = append(components, dCmp{"tracing", func() error { - updated, err := tracing.Setup(ctx, *tracingconfig.ToTracingConfig(c.appCfg)) + traceConfig, err := tracingconfig.ToTracingConfig(c.appCfg) + if err != nil { + return err + } + updated, err := tracing.Setup(ctx, *traceConfig) if updated { c.log.Info(logs.FrostFSNodeTracingConfigationUpdated) } diff --git a/cmd/frostfs-node/config/tracing/config.go b/cmd/frostfs-node/config/tracing/config.go index e846be158..8544c672c 100644 --- a/cmd/frostfs-node/config/tracing/config.go +++ b/cmd/frostfs-node/config/tracing/config.go @@ -1,6 +1,11 @@ package tracing import ( + "crypto/x509" + "errors" + "fmt" + "os" + "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config" "git.frostfs.info/TrueCloudLab/frostfs-node/misc" "git.frostfs.info/TrueCloudLab/frostfs-observability/tracing" @@ -11,8 +16,8 @@ const ( ) // ToTracingConfig extracts tracing config. -func ToTracingConfig(c *config.Config) *tracing.Config { - return &tracing.Config{ +func ToTracingConfig(c *config.Config) (*tracing.Config, error) { + conf := &tracing.Config{ Enabled: config.BoolSafe(c.Sub(subsection), "enabled"), Exporter: tracing.Exporter(config.StringSafe(c.Sub(subsection), "exporter")), Endpoint: config.StringSafe(c.Sub(subsection), "endpoint"), @@ -20,6 +25,20 @@ func ToTracingConfig(c *config.Config) *tracing.Config { InstanceID: getInstanceIDOrDefault(c), Version: misc.Version, } + + if trustedCa := config.StringSafe(c.Sub(subsection), "trusted_ca"); trustedCa != "" { + caBytes, err := os.ReadFile(trustedCa) + if err != nil { + return nil, fmt.Errorf("cannot read trusted ca cert by path: %w", err) + } + certPool := x509.NewCertPool() + ok := certPool.AppendCertsFromPEM(caBytes) + if !ok { + return nil, errors.New("can't fill cert pool by ca cert") + } + conf.ServerCaCertPool = certPool + } + return conf, nil } func getInstanceIDOrDefault(c *config.Config) string { diff --git a/cmd/frostfs-node/tracing.go b/cmd/frostfs-node/tracing.go index 675c31374..f550dd882 100644 --- a/cmd/frostfs-node/tracing.go +++ b/cmd/frostfs-node/tracing.go @@ -11,11 +11,15 @@ import ( ) func initTracing(ctx context.Context, c *cfg) { - conf := tracingconfig.ToTracingConfig(c.appCfg) - - _, err := tracing.Setup(ctx, *conf) + conf, err := tracingconfig.ToTracingConfig(c.appCfg) if err != nil { c.log.Error(logs.FrostFSNodeFailedInitTracing, zap.Error(err)) + return + } + _, err = tracing.Setup(ctx, *conf) + if err != nil { + c.log.Error(logs.FrostFSNodeFailedInitTracing, zap.Error(err)) + return } c.closers = append(c.closers, closer{ diff --git a/config/example/node.env b/config/example/node.env index c3fa85c13..030a79934 100644 --- a/config/example/node.env +++ b/config/example/node.env @@ -199,6 +199,7 @@ FROSTFS_STORAGE_SHARD_1_GC_REMOVER_SLEEP_INTERVAL=5m FROSTFS_TRACING_ENABLED=true FROSTFS_TRACING_ENDPOINT="localhost" FROSTFS_TRACING_EXPORTER="otlp_grpc" +FROSTFS_TRACING_TRUSTED_CA="" FROSTFS_RUNTIME_SOFT_MEMORY_LIMIT=1073741824 diff --git a/config/example/node.json b/config/example/node.json index d7187250b..4e6d239fe 100644 --- a/config/example/node.json +++ b/config/example/node.json @@ -255,7 +255,8 @@ "tracing": { "enabled": true, "endpoint": "localhost:9090", - "exporter": "otlp_grpc" + "exporter": "otlp_grpc", + "trusted_ca": "/etc/ssl/tracing.pem" }, "runtime": { "soft_memory_limit": 1073741824 diff --git a/config/example/node.yaml b/config/example/node.yaml index 776b22bd0..5a8e6a2a4 100644 --- a/config/example/node.yaml +++ b/config/example/node.yaml @@ -231,6 +231,7 @@ tracing: enabled: true exporter: "otlp_grpc" endpoint: "localhost" + trusted_ca: "" runtime: soft_memory_limit: 1gb diff --git a/go.mod b/go.mod index 78fefc9ae..621d2e85d 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240621131249-49e5270f673e git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0 git.frostfs.info/TrueCloudLab/frostfs-locode-db v0.4.1-0.20240710074952-65761deb5c0d - git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20231101111734-b3ad3335ff65 + git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20240909114314-666d326cc573 git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20240903093628-8f751d9dd0ad git.frostfs.info/TrueCloudLab/hrw v1.2.1 git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20240814080254-96225afacb88 @@ -40,15 +40,15 @@ require ( github.com/ssgreg/journald v1.0.0 github.com/stretchr/testify v1.9.0 go.etcd.io/bbolt v1.3.10 - go.opentelemetry.io/otel v1.24.0 - go.opentelemetry.io/otel/trace v1.24.0 + go.opentelemetry.io/otel v1.28.0 + go.opentelemetry.io/otel/trace v1.28.0 go.uber.org/zap v1.27.0 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 golang.org/x/sync v0.7.0 golang.org/x/sys v0.22.0 golang.org/x/term v0.21.0 google.golang.org/grpc v1.66.2 - google.golang.org/protobuf v1.34.1 + google.golang.org/protobuf v1.34.2 gopkg.in/yaml.v3 v3.0.1 ) @@ -63,7 +63,7 @@ require ( github.com/antlr4-go/antlr/v4 v4.13.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bits-and-blooms/bitset v1.13.0 // indirect - github.com/cenkalti/backoff/v4 v4.2.1 // indirect + github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/consensys/bavard v0.1.13 // indirect github.com/consensys/gnark-crypto v0.12.2-0.20231222162921-eb75782795d2 // indirect @@ -73,13 +73,13 @@ require ( github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/gdamore/encoding v1.0.0 // indirect github.com/go-fed/httpsig v1.1.0 // indirect - github.com/go-logr/logr v1.4.1 // indirect + github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/golang/snappy v0.0.4 // indirect github.com/gorilla/websocket v1.5.1 // indirect github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus v1.0.0 // indirect github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.0.1 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect github.com/hashicorp/go-version v1.6.0 // indirect github.com/hashicorp/hcl v1.0.0 // indirect github.com/holiman/uint256 v1.2.4 // indirect @@ -115,18 +115,18 @@ require ( github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect github.com/twmb/murmur3 v1.1.8 // indirect github.com/urfave/cli v1.22.14 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0 // indirect - go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.22.0 // indirect - go.opentelemetry.io/otel/metric v1.24.0 // indirect - go.opentelemetry.io/otel/sdk v1.22.0 // indirect - go.opentelemetry.io/proto/otlp v1.1.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0 // indirect + go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.28.0 // indirect + go.opentelemetry.io/otel/metric v1.28.0 // indirect + go.opentelemetry.io/otel/sdk v1.28.0 // indirect + go.opentelemetry.io/proto/otlp v1.3.1 // indirect go.uber.org/multierr v1.11.0 // indirect golang.org/x/crypto v0.24.0 // indirect golang.org/x/net v0.26.0 // indirect golang.org/x/text v0.16.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect gopkg.in/ini.v1 v1.67.0 // indirect lukechampine.com/blake3 v1.2.1 // indirect rsc.io/tmplfunc v0.0.3 // indirect diff --git a/go.sum b/go.sum index 2147f8988d8924828513181a65c5f0de30cdd105..4d21d9bca55353e9aab18be5d6e3b43f4562c4c8 100644 GIT binary patch delta 1980 zcmai#Ij`(?8OB9IgrY=B5E2L)4&tJK%su06yre*Qyp6}Z$M)FM`VedApoESM=a(@_FDb8grdC?28ef^dK(3FgMMj+% z62{RPeCwym|I=C=j<@A8yqC=V%L+ZiN6Z-2m_Cv@%S9Hm7aT+qlX44=j@F*eQ?5gY ztK<*w{`pq>HjLbY_pCe`n}roR{fWA4DHG_BixT2;Yzo1ML$=;WR?mqDib%x#^Y@;; zdByI2_ufZe2jQ2))LiD(72$J%;HTmdaZEH@tP)D83qDPF>~szRqID0gJOAhAyI+Ct zUVKk_7lFYCb3Y$zPGd5`S4&>5XNOMBb-K7NADd7CK=L_e`WwDP3EGrqaaxtJ@#l)we(U0D>Q!qrsL?fe9+C z^2iBlDSwICLkrM{QADZ=QGuwomP#nf^Pj8_$Sd{4mjw*BH+fGK!{SKAG6)Zo4{|$1 z^E{Fqqi}Ls=hhpp1IrLEEi|pOU05Q1c&)WhL4a$NT=^*i3 z)?Vx}?MkhvdJEeyn6E}XwR{M0MPD=Ld?>P4+`g1-Q}!`UJ0=Zcs-z%XEAN=j-yEd{ z(Ca(&p~F9BZ$Fy*WQZq1I}+o*JDmJd1{rbGcCu{Ag-9x_*b6-Bt(x7)zMTGwzGi-O zGn_6oi^7EqQUWc`M{G8MO_1xxMub?s4t#QlZY@c{Jw}oeZpA=SzhNmn)Oj z;E+0>@ud;U0~?#A8(p8S$OrPjDDl7hpJ}5rDcS)GJrY2OHG5%;R!`T3Et{1c%gACp z!)hU{z4=A)gX@KZ?r)UY%2ql|wG57Zu$ZcrGc{6{jf6P08i|xSoicXhw0#QBUh#~) zVo#PGbfBGph7r2&q_*8C5~cfGB+(^e;^QheK&R31D%CB3xcfu#`)3ReLJ$I?F!Vge z5DW?kECxyRJ_raLCzTJ{8gL1!Axue8V5&${zwDM0J9Q07?)N3dyX8#H-<<7FzA+~s zzb}2U;FE~)W)UGmywEXR&PXyzD=?9hR2gZbJYg#x_IARiORVkYGE<)r>=z5(CtO{G zY!qF-6Uk7fSL(5yj5Z}?{ZgiQX_76!?r1ix_BnO0^ySg42uuBo!`BuNHbS5>X*5b| zaLDk90ED2+kBV^E52u!M=a1)`JAeN7o3DPB!Nv-+qvM)qV8{_sGQs8K6i{^~HF@kF zv>;r^rx;5P^Phil^C5!X!cRJBTy=fwz;GMaku_Odt;+3U$4}j4meLwv(p{CRh2l%h Mi9mkK@PMo-< zqnoiblob2{fKG=r@E1_fQSoSykZ7o|4j={>)W!9?j=cowxyBiw8UB>*{KXSj(WOZH+`M!sl+j>g&=g+3$$2jm~w5+B#hJZlFv*egDPV zSM2WB@BjEK$OGN1>Z3{U^!dn)@q)vc<#s(k76G|j82VNr8bV?KplN$%O#i(3_7}k2 zN8gd(!vJ%O+?zXx8e^E0la9&I*N~kI+~(9(iO?+If#4ZVJ#U7fnUiWg{rM&Q>YjU6 z_o37lTL+DsWu_p9O=VebvyVb5wMTTN7{d}aTy8G;)Yh7Qe*58FbNiF;qu|jxbaY=Z zc)eu<0-kkM=fz#>dCVmMngI!#w5jLn)@CzYnSO75kGW#coTEq@EZJqqHK691A06aW zNeV_}`cq_$Mczc4Vog*9=gp=++0ZY3X@3ClM`J{uY0*wCjd){@0y{=WA%Jiu!)|a?>+IDEw?-`oIr@toO zyyt)T#6L?>)dw2MO}cGG9c+?IQ0nN~@_pd@b{XrvxIpT%_wz z$S-0_iBvFzgKsR|R$UypLmQX|y}}!yo#sdS31zO~pP4%e=QJP?YIj8|u_gBsAe7Ru z!!cPy!J;UT`2x!j(kPAB3hz!x{`IE-V@qF3h0q*lx67UNIGBk?QXzv75Nax-+n{@8 zNuY*#QJ&*(gy@WpT9{}q+e?U~PHvS7%R-OAp~VLf;qy+s)({w2S0?G`DiP!#Os; zj1c3v?2K+yVVTau&0@V`!-paG-R^$bANo&*wIdG9d7$`&+e;h_X&6}3l8eC*pRX5U zd@4mhVNqdt@V=sN6rLZc{qbT8ZhdOkO^hbx4&&_WD`2RRsTJp59`%zxg1PqC`lfjI zsc^1aRh5iK)~tn*{a$1it7Awqw1D7J+c-9&7&F)fE-yb8enpvopMFsfv26>7+N|l= zYujLSmqX*Gk8 zW4hl|+U1-VN-W)DZ>+k|up-Ag`Qc>C^Ft|mU9Bh>M_e}X%H*hc2d`Drk4YtR?|!@g z&5JpS;D9Co0ba%lL4$+=*C(91f9{|*I=eNG@kG{}yd%Yc5cVo5C8xkzD=@t5k+Lkx zlJus-r(c__Prf>3AAcbKXTfJHq2(pJhJz3cy2j)-u5xJ5Ty_`Cu4aRm5j?9KQSb9a zT~D)5=>L%r2<*|ZWd&X-wsitM;44DtpmgDJYJ`!9AOv`~IrnY$I^m1|pN>zq$Aiy< zB@S$Eo`+{~wB{v5w*^Fb(RLJVM9MT+B0FUIc)Ga@rhmNs_`5JsWU#x0yLh@L>Q=6w z8<*d(atN8Uj`5IP<5IBl(uI>wfB5v~6^7q}XV(&vIw@?oWG4m(SZHig5j;K`GDi