From 9013b6a7376955b2dbdc6d207a05120daa092bb2 Mon Sep 17 00:00:00 2001 From: Aleksey Savaitan Date: Tue, 10 Sep 2024 11:27:02 +0300 Subject: [PATCH] [#1361] Add root ca cert for telemetry configuration Signed-off-by: Aleksey Savaitan --- cmd/frostfs-node/config.go | 6 +++- cmd/frostfs-node/config/tracing/config.go | 23 +++++++++++-- cmd/frostfs-node/tracing.go | 9 +++-- config/example/node.env | 1 + config/example/node.json | 3 +- config/example/node.yaml | 1 + go.mod | 38 +++++++++++----------- go.sum | Bin 40699 -> 40699 bytes 8 files changed, 55 insertions(+), 26 deletions(-) diff --git a/cmd/frostfs-node/config.go b/cmd/frostfs-node/config.go index 16f49a082..37d0d3198 100644 --- a/cmd/frostfs-node/config.go +++ b/cmd/frostfs-node/config.go @@ -1308,7 +1308,11 @@ func (c *cfg) reloadConfig(ctx context.Context) { }}) components = append(components, dCmp{"pools", c.reloadPools}) components = append(components, dCmp{"tracing", func() error { - updated, err := tracing.Setup(ctx, *tracingconfig.ToTracingConfig(c.appCfg)) + traceConfig, err := tracingconfig.ToTracingConfig(c.appCfg) + if err != nil { + return err + } + updated, err := tracing.Setup(ctx, *traceConfig) if updated { c.log.Info(logs.FrostFSNodeTracingConfigationUpdated) } diff --git a/cmd/frostfs-node/config/tracing/config.go b/cmd/frostfs-node/config/tracing/config.go index e846be158..8544c672c 100644 --- a/cmd/frostfs-node/config/tracing/config.go +++ b/cmd/frostfs-node/config/tracing/config.go @@ -1,6 +1,11 @@ package tracing import ( + "crypto/x509" + "errors" + "fmt" + "os" + "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config" "git.frostfs.info/TrueCloudLab/frostfs-node/misc" "git.frostfs.info/TrueCloudLab/frostfs-observability/tracing" @@ -11,8 +16,8 @@ const ( ) // ToTracingConfig extracts tracing config. -func ToTracingConfig(c *config.Config) *tracing.Config { - return &tracing.Config{ +func ToTracingConfig(c *config.Config) (*tracing.Config, error) { + conf := &tracing.Config{ Enabled: config.BoolSafe(c.Sub(subsection), "enabled"), Exporter: tracing.Exporter(config.StringSafe(c.Sub(subsection), "exporter")), Endpoint: config.StringSafe(c.Sub(subsection), "endpoint"), @@ -20,6 +25,20 @@ func ToTracingConfig(c *config.Config) *tracing.Config { InstanceID: getInstanceIDOrDefault(c), Version: misc.Version, } + + if trustedCa := config.StringSafe(c.Sub(subsection), "trusted_ca"); trustedCa != "" { + caBytes, err := os.ReadFile(trustedCa) + if err != nil { + return nil, fmt.Errorf("cannot read trusted ca cert by path: %w", err) + } + certPool := x509.NewCertPool() + ok := certPool.AppendCertsFromPEM(caBytes) + if !ok { + return nil, errors.New("can't fill cert pool by ca cert") + } + conf.ServerCaCertPool = certPool + } + return conf, nil } func getInstanceIDOrDefault(c *config.Config) string { diff --git a/cmd/frostfs-node/tracing.go b/cmd/frostfs-node/tracing.go index 675c31374..21cf0ae9f 100644 --- a/cmd/frostfs-node/tracing.go +++ b/cmd/frostfs-node/tracing.go @@ -11,11 +11,14 @@ import ( ) func initTracing(ctx context.Context, c *cfg) { - conf := tracingconfig.ToTracingConfig(c.appCfg) - - _, err := tracing.Setup(ctx, *conf) + conf, err := tracingconfig.ToTracingConfig(c.appCfg) if err != nil { c.log.Error(logs.FrostFSNodeFailedInitTracing, zap.Error(err)) + } else { + _, err = tracing.Setup(ctx, *conf) + if err != nil { + c.log.Error(logs.FrostFSNodeFailedInitTracing, zap.Error(err)) + } } c.closers = append(c.closers, closer{ diff --git a/config/example/node.env b/config/example/node.env index 82553745e..7555ea800 100644 --- a/config/example/node.env +++ b/config/example/node.env @@ -198,6 +198,7 @@ FROSTFS_STORAGE_SHARD_1_GC_REMOVER_SLEEP_INTERVAL=5m FROSTFS_TRACING_ENABLED=true FROSTFS_TRACING_ENDPOINT="localhost" FROSTFS_TRACING_EXPORTER="otlp_grpc" +FROSTFS_TRACING_TRUSTED_CA="" FROSTFS_RUNTIME_SOFT_MEMORY_LIMIT=1073741824 diff --git a/config/example/node.json b/config/example/node.json index da108c692..bcce0c3bc 100644 --- a/config/example/node.json +++ b/config/example/node.json @@ -254,7 +254,8 @@ "tracing": { "enabled": true, "endpoint": "localhost:9090", - "exporter": "otlp_grpc" + "exporter": "otlp_grpc", + "trusted_ca": "" }, "runtime": { "soft_memory_limit": 1073741824 diff --git a/config/example/node.yaml b/config/example/node.yaml index a79f48226..e8bce5bf1 100644 --- a/config/example/node.yaml +++ b/config/example/node.yaml @@ -230,6 +230,7 @@ tracing: enabled: true exporter: "otlp_grpc" endpoint: "localhost" + trusted_ca: "" runtime: soft_memory_limit: 1gb diff --git a/go.mod b/go.mod index 93eef5b8c..b653ea155 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240621131249-49e5270f673e git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0 git.frostfs.info/TrueCloudLab/frostfs-locode-db v0.4.1-0.20240710074952-65761deb5c0d - git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20231101111734-b3ad3335ff65 + git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20240909114314-666d326cc573 git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20240903093628-8f751d9dd0ad git.frostfs.info/TrueCloudLab/hrw v1.2.1 git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20240814080254-96225afacb88 @@ -40,15 +40,15 @@ require ( github.com/ssgreg/journald v1.0.0 github.com/stretchr/testify v1.9.0 go.etcd.io/bbolt v1.3.10 - go.opentelemetry.io/otel v1.24.0 - go.opentelemetry.io/otel/trace v1.24.0 + go.opentelemetry.io/otel v1.28.0 + go.opentelemetry.io/otel/trace v1.28.0 go.uber.org/zap v1.27.0 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 golang.org/x/sync v0.7.0 golang.org/x/sys v0.22.0 - golang.org/x/term v0.18.0 - google.golang.org/grpc v1.63.2 - google.golang.org/protobuf v1.33.0 + golang.org/x/term v0.21.0 + google.golang.org/grpc v1.64.0 + google.golang.org/protobuf v1.34.2 gopkg.in/yaml.v3 v3.0.1 ) @@ -63,7 +63,7 @@ require ( github.com/antlr4-go/antlr/v4 v4.13.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bits-and-blooms/bitset v1.13.0 // indirect - github.com/cenkalti/backoff/v4 v4.2.1 // indirect + github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/consensys/bavard v0.1.13 // indirect github.com/consensys/gnark-crypto v0.12.2-0.20231222162921-eb75782795d2 // indirect @@ -73,13 +73,13 @@ require ( github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/gdamore/encoding v1.0.0 // indirect github.com/go-fed/httpsig v1.1.0 // indirect - github.com/go-logr/logr v1.4.1 // indirect + github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/golang/snappy v0.0.4 // indirect github.com/gorilla/websocket v1.5.1 // indirect github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus v1.0.0 // indirect github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.0.1 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect github.com/hashicorp/go-version v1.6.0 // indirect github.com/hashicorp/hcl v1.0.0 // indirect github.com/holiman/uint256 v1.2.4 // indirect @@ -115,18 +115,18 @@ require ( github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect github.com/twmb/murmur3 v1.1.8 // indirect github.com/urfave/cli v1.22.14 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0 // indirect - go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.22.0 // indirect - go.opentelemetry.io/otel/metric v1.24.0 // indirect - go.opentelemetry.io/otel/sdk v1.22.0 // indirect - go.opentelemetry.io/proto/otlp v1.1.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0 // indirect + go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.28.0 // indirect + go.opentelemetry.io/otel/metric v1.28.0 // indirect + go.opentelemetry.io/otel/sdk v1.28.0 // indirect + go.opentelemetry.io/proto/otlp v1.3.1 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.21.0 // indirect - golang.org/x/net v0.23.0 // indirect + golang.org/x/crypto v0.24.0 // indirect + golang.org/x/net v0.26.0 // indirect golang.org/x/text v0.16.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect gopkg.in/ini.v1 v1.67.0 // indirect lukechampine.com/blake3 v1.2.1 // indirect rsc.io/tmplfunc v0.0.3 // indirect diff --git a/go.sum b/go.sum index 102501484d75f374e9166356c4e0518726685216..23a69243e460621b4c8384080ad7973ddee96718 100644 GIT binary patch delta 2464 zcmai$ORwX09fn0O8dWWtVZ*2_=pYJhW#;%AUq*m%e2Zf{w&U2bvtfLR6W?!fVq5H3 z6|pI0|-=7fZqdoituNXgri;DNMkYXmZ+uB1dPgG6FSDr}CiYXY= z2bMwzY=mC@!Q#JVfxF@=D}tNI#5+x~BU0eYUJaRoN;rONvK!GxWoe%oP;YDX;W#8Z zygNs}d;QN>>(>zU3c6vHemMutz-|xp$)Hz2gPs-vp@b{Z?+Mt_+pXF15{jWRIsWAS z+b^H7>p$H8;a4E!*}qHH^wC>i zLav{FLw*BApj)|@^d+ycvFHdPcYzbOQ&54t|SF%L5B*2bb|-+ zYgBVxit4w);8;LXVQq+wpIE?ee`h^_$y+aIR14opfGAKQrjs~RJxDr}DiWwf*(Tac zj#9UVVnyco_wW&QrY^h{PDU|L@;=Gr%1r8qO2*wpRxy05<#DnLMMaEF(WVA${73k; z@oN7j@#qL&Aty7?gyEh|Vd>-?iy9P_t#y57h(3VTGP4Ng_ z?|5^`%m&wvXF&!fZoL#hAc)cC4t-$;`kJ?M);-$mlhPp^=Wm)2?YkW((N)vwfYHY# z&}@4#KRr))eT1TicLg}h$Q^3#aon0hJT4I()lyDa1+V9wNDBqOst=AjtlOo2iN8>S zbKwQ7>vg}dONNC+I1J>-o6=&bx6@?El`ILQ+AS0Kc92iwH|`3A&`dZQDJ(5%6K3U| zEbwuCvihjWv@~x`e9q#Yx^3ynZGkiTf}Ho@tu^I0nQW~T57)F}U!g0N62vfnhjgO@1~EA`r1QA{P3s0AmrqJX*6YTa|sPJc#U zkQYu&FsWwJgm^+TpeBSZ7Y|V7C;DSweQD6M3YY0D1k#G<*fYZXfh4 zPf1pRiV2L`WEhA^*7F=V*{__=J2`618X!h)tdNt&`f~ao(u<=(b;da>HGyCytavMxT3AagUaGr2617@*2PGpbjOc8#c+w zhB38n#*J_N=;8G*``_G05%|`xW+WIllnolY z^jN+B@W~B#;VueW-iC7F=~k1fRkKZ*1&dI%^6Rq*Q)a7el$SMp+k&}kHTSu>Hjp{Xcpv&m?| z$)J(`*}LQZg9q||PP^zB&cQ7zhMZzhQ%4MfJyYVj{ zzIXlL!|%R)-u2tRht9&&Rl|g(z#_0MVbq>b_6MIXbGb@FXQ%nWEIfqx{>=XT(G&E{ vU0g)vsIx-@1x8qI&B5eLRjI+XFf_v|lV<=Mt@B7t7oN-&8?hQ%Zy3*|ugZIxl=l#z6+5Y_F*FOLFwcr2q z4Gw`I5IR3NGJWDATOUCXGz>BHQ4Bp@Z5@IubEDYwMj_W8bSM$b)!_zb4ImGU=^`h+ zJwaIqVFcg&k^JAZCQ)&f75+sM+fo|>^xFkeq2W#@>Cl==2`y29gdl=2DRunUqj$dq zT|fKw@@)hnufU7Bbtn*$jA)?=yJG>EVMnjqIuE&$opk7&q~(6yxg~?i#rW4JlcyK% z&fJGgVK){Wl#5sb59{18>~imWcx0YnQBu3bM73!~*y0;w{OIcOb$RvE@50cHwP&ri zoH}1sGZ&pubzVC`9XSp;xR9a(oFc3XM&6jScq)y5Hr^-C*d1rz7dm5Ulb8nKOuY3E z%SZ}Sk|&R?Z=BMk^w+6|<|*w^<7X!D+uxZFpy`bgHJl&!BtcKd zzlUGH@ISoe@1)3!0|6#FQC0j3T8D$1trCs%NZ&&xLR)2Ad+Z8aDe$BBQs(=&33zzH zMw-VZ10Uf$?si_cRTp+8vj_T6xw=Y-(-KlzrXg-o@*Mt-xfRk@3AtQhi-Z&y%cB6H zQl^^TDbxU$O;eCzkr>3(Ons^F)(9pKZv&hvV#p*^v8>%Lv9wdChYp5&B!~jAF7b8= z@1+F_tNI|_#a{_gt2NH*aI!QP0EV}A9&w9w6+njyA%)X+cG~VpfstjKNMEQt+r16H z>>r!Q1!q|zO!QFbmellU>xwly)1l6&xl34UZnO6YA{B1YSC+uE<7EIMkc^K z(O5ocGkzP+V6J=NeMVmyJZbQKGnkxRw3Su{aG327+C0AnRN2>+v_CFSt9EsQ80Dt= zGJWfIaJm-rd^zEfbVfYGOn7e0ekY8705C{rt*9Hr2#a zsIs1&Yo7`Rs0bjx2>KJS?a*fByES6aJJ}ew`}c0II?N<6R3^)cJ}eLe2{s(9ulPBs z5poQGO|)O<%FrjN6bKjWm8;H`GoGGV$)Pou%pv2Qx{xGNFngCYr2o15EPm z>p$+pH*Q@w2m}Dt$uxX1-k`OWtrgbkd&00Ld*A9&)N@0SNMuT)#^?DvPcPh^H3w%a z+-^;ijApJW4uQ^r+>is2laW(5aTN=l?U=buDN;Rtr9!ViJG_4nLT+lt=k|g`G>2^M zwL=Lm+#~zEX%7l|%7cQzgx19?Q` z3