From ec6ff3c9d5608a03e535d2ad4fa651905569af6d Mon Sep 17 00:00:00 2001 From: Aleksey Savaitan Date: Tue, 10 Sep 2024 11:27:02 +0300 Subject: [PATCH] [#1361] Add root ca cert for telemetry configuration Signed-off-by: Aleksey Savaitan --- cmd/frostfs-node/config.go | 6 +++- cmd/frostfs-node/config/tracing/config.go | 23 +++++++++++-- cmd/frostfs-node/tracing.go | 9 +++-- config/example/node.env | 1 + config/example/node.json | 3 +- config/example/node.yaml | 1 + go.mod | 38 +++++++++++----------- go.sum | Bin 40699 -> 42763 bytes 8 files changed, 55 insertions(+), 26 deletions(-) diff --git a/cmd/frostfs-node/config.go b/cmd/frostfs-node/config.go index 16f49a082..37d0d3198 100644 --- a/cmd/frostfs-node/config.go +++ b/cmd/frostfs-node/config.go @@ -1308,7 +1308,11 @@ func (c *cfg) reloadConfig(ctx context.Context) { }}) components = append(components, dCmp{"pools", c.reloadPools}) components = append(components, dCmp{"tracing", func() error { - updated, err := tracing.Setup(ctx, *tracingconfig.ToTracingConfig(c.appCfg)) + traceConfig, err := tracingconfig.ToTracingConfig(c.appCfg) + if err != nil { + return err + } + updated, err := tracing.Setup(ctx, *traceConfig) if updated { c.log.Info(logs.FrostFSNodeTracingConfigationUpdated) } diff --git a/cmd/frostfs-node/config/tracing/config.go b/cmd/frostfs-node/config/tracing/config.go index e846be158..8544c672c 100644 --- a/cmd/frostfs-node/config/tracing/config.go +++ b/cmd/frostfs-node/config/tracing/config.go @@ -1,6 +1,11 @@ package tracing import ( + "crypto/x509" + "errors" + "fmt" + "os" + "git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config" "git.frostfs.info/TrueCloudLab/frostfs-node/misc" "git.frostfs.info/TrueCloudLab/frostfs-observability/tracing" @@ -11,8 +16,8 @@ const ( ) // ToTracingConfig extracts tracing config. -func ToTracingConfig(c *config.Config) *tracing.Config { - return &tracing.Config{ +func ToTracingConfig(c *config.Config) (*tracing.Config, error) { + conf := &tracing.Config{ Enabled: config.BoolSafe(c.Sub(subsection), "enabled"), Exporter: tracing.Exporter(config.StringSafe(c.Sub(subsection), "exporter")), Endpoint: config.StringSafe(c.Sub(subsection), "endpoint"), @@ -20,6 +25,20 @@ func ToTracingConfig(c *config.Config) *tracing.Config { InstanceID: getInstanceIDOrDefault(c), Version: misc.Version, } + + if trustedCa := config.StringSafe(c.Sub(subsection), "trusted_ca"); trustedCa != "" { + caBytes, err := os.ReadFile(trustedCa) + if err != nil { + return nil, fmt.Errorf("cannot read trusted ca cert by path: %w", err) + } + certPool := x509.NewCertPool() + ok := certPool.AppendCertsFromPEM(caBytes) + if !ok { + return nil, errors.New("can't fill cert pool by ca cert") + } + conf.ServerCaCertPool = certPool + } + return conf, nil } func getInstanceIDOrDefault(c *config.Config) string { diff --git a/cmd/frostfs-node/tracing.go b/cmd/frostfs-node/tracing.go index 675c31374..2d8598054 100644 --- a/cmd/frostfs-node/tracing.go +++ b/cmd/frostfs-node/tracing.go @@ -11,9 +11,12 @@ import ( ) func initTracing(ctx context.Context, c *cfg) { - conf := tracingconfig.ToTracingConfig(c.appCfg) - - _, err := tracing.Setup(ctx, *conf) + conf, err := tracingconfig.ToTracingConfig(c.appCfg) + if err != nil { + c.log.Error(logs.FrostFSNodeFailedInitTracing, zap.Error(err)) + return + } + _, err = tracing.Setup(ctx, *conf) if err != nil { c.log.Error(logs.FrostFSNodeFailedInitTracing, zap.Error(err)) } diff --git a/config/example/node.env b/config/example/node.env index 82553745e..7555ea800 100644 --- a/config/example/node.env +++ b/config/example/node.env @@ -198,6 +198,7 @@ FROSTFS_STORAGE_SHARD_1_GC_REMOVER_SLEEP_INTERVAL=5m FROSTFS_TRACING_ENABLED=true FROSTFS_TRACING_ENDPOINT="localhost" FROSTFS_TRACING_EXPORTER="otlp_grpc" +FROSTFS_TRACING_TRUSTED_CA="" FROSTFS_RUNTIME_SOFT_MEMORY_LIMIT=1073741824 diff --git a/config/example/node.json b/config/example/node.json index da108c692..bcce0c3bc 100644 --- a/config/example/node.json +++ b/config/example/node.json @@ -254,7 +254,8 @@ "tracing": { "enabled": true, "endpoint": "localhost:9090", - "exporter": "otlp_grpc" + "exporter": "otlp_grpc", + "trusted_ca": "" }, "runtime": { "soft_memory_limit": 1073741824 diff --git a/config/example/node.yaml b/config/example/node.yaml index a79f48226..e8bce5bf1 100644 --- a/config/example/node.yaml +++ b/config/example/node.yaml @@ -230,6 +230,7 @@ tracing: enabled: true exporter: "otlp_grpc" endpoint: "localhost" + trusted_ca: "" runtime: soft_memory_limit: 1gb diff --git a/go.mod b/go.mod index 93eef5b8c..b653ea155 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240621131249-49e5270f673e git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0 git.frostfs.info/TrueCloudLab/frostfs-locode-db v0.4.1-0.20240710074952-65761deb5c0d - git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20231101111734-b3ad3335ff65 + git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20240909114314-666d326cc573 git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20240903093628-8f751d9dd0ad git.frostfs.info/TrueCloudLab/hrw v1.2.1 git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20240814080254-96225afacb88 @@ -40,15 +40,15 @@ require ( github.com/ssgreg/journald v1.0.0 github.com/stretchr/testify v1.9.0 go.etcd.io/bbolt v1.3.10 - go.opentelemetry.io/otel v1.24.0 - go.opentelemetry.io/otel/trace v1.24.0 + go.opentelemetry.io/otel v1.28.0 + go.opentelemetry.io/otel/trace v1.28.0 go.uber.org/zap v1.27.0 golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 golang.org/x/sync v0.7.0 golang.org/x/sys v0.22.0 - golang.org/x/term v0.18.0 - google.golang.org/grpc v1.63.2 - google.golang.org/protobuf v1.33.0 + golang.org/x/term v0.21.0 + google.golang.org/grpc v1.64.0 + google.golang.org/protobuf v1.34.2 gopkg.in/yaml.v3 v3.0.1 ) @@ -63,7 +63,7 @@ require ( github.com/antlr4-go/antlr/v4 v4.13.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bits-and-blooms/bitset v1.13.0 // indirect - github.com/cenkalti/backoff/v4 v4.2.1 // indirect + github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/consensys/bavard v0.1.13 // indirect github.com/consensys/gnark-crypto v0.12.2-0.20231222162921-eb75782795d2 // indirect @@ -73,13 +73,13 @@ require ( github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/gdamore/encoding v1.0.0 // indirect github.com/go-fed/httpsig v1.1.0 // indirect - github.com/go-logr/logr v1.4.1 // indirect + github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/golang/snappy v0.0.4 // indirect github.com/gorilla/websocket v1.5.1 // indirect github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus v1.0.0 // indirect github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.0.1 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect github.com/hashicorp/go-version v1.6.0 // indirect github.com/hashicorp/hcl v1.0.0 // indirect github.com/holiman/uint256 v1.2.4 // indirect @@ -115,18 +115,18 @@ require ( github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect github.com/twmb/murmur3 v1.1.8 // indirect github.com/urfave/cli v1.22.14 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0 // indirect - go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.22.0 // indirect - go.opentelemetry.io/otel/metric v1.24.0 // indirect - go.opentelemetry.io/otel/sdk v1.22.0 // indirect - go.opentelemetry.io/proto/otlp v1.1.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0 // indirect + go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.28.0 // indirect + go.opentelemetry.io/otel/metric v1.28.0 // indirect + go.opentelemetry.io/otel/sdk v1.28.0 // indirect + go.opentelemetry.io/proto/otlp v1.3.1 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.21.0 // indirect - golang.org/x/net v0.23.0 // indirect + golang.org/x/crypto v0.24.0 // indirect + golang.org/x/net v0.26.0 // indirect golang.org/x/text v0.16.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240318140521-94a12d6c2237 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect gopkg.in/ini.v1 v1.67.0 // indirect lukechampine.com/blake3 v1.2.1 // indirect rsc.io/tmplfunc v0.0.3 // indirect diff --git a/go.sum b/go.sum index 102501484d75f374e9166356c4e0518726685216..9fd337939a95b03749cf6cec26e95a5d2c6a44c4 100644 GIT binary patch delta 1393 zcmajfyRX|+90zc<<^M$*W5@PQoH!X!ZO3oN&pd34 z9U&NKPX%HCv9h&fKth7@2OuN{Bq}5%gw%{d(#ZO&5JDX*bI&z%pT zQj@dAstOd?*^-wx_jY#Af=|!Ca0;zMo7?B_KL>7IJaY=GBb#fl|MfKZ^XeNE0@a}- zH^?<%(SVE+9+HM_a%e@ML_ZoB^FpDML=z7yud5ca)FQ#>^(&jC{s;Ni#T8sf$YV^3 zlb+9!oJqDKvD+)FRKWE>kTBemBR_C#UgUk1*Qg2uzuT{Xy8AK+onIeEUdSknA0LwUuomD zSRn1TIn8afESz?aPV+*k4N5<$wl{{2O#e*Xt-y$=iVb)TZj9wqGV-XOIj?% z!}d(@42I?tWyu6pB+i3bFVm9%o;=j9`RBo&|0Q_JKlg~l8L%~CxanLN4MhW&<=9Qp zp+xcgwym7aje}Td)RxK^%O6U2{I9_G{+UOVc;XYSP*!PzU!(I{Ms%#UUqPuED2E3< zgdr>6oVM*HAv+J1B)AQBgB@m(>8ACV8TxXmRejmPXF63w$!>ey4l~8;h9hwpjcgHZ zlq*CE`K}JGg_i*mUI%t~fkNx>kvu^fJm#^Pg-vrI%MSVitr(mowC3oLD4F08(o%(p zJVmXMoA1K=Pk=9?v-=2kEKE~a7AFJguo;!2S<)k#R|dTnyVk?BB%5>^!38?bF`>zd z;F+ws`7QnWG)R`G_YwS<)134IZ%{@C!@FpLdy?5$c}8w73#dRzX37Q;nYUEA=(fRy zclS1*mG~}r?Y$@W5%`!B$C_Z-LTo6bJe1Ph3R`^+8x$O^#{;~#^hG1@R0DRdLEy~~ z_cnLm|L6>GukQ*31j8tVA@EfjM{(FBaT}trBd=v2G%S?28wyT{K1I1+1i7N?^~=`b ze1S6xqL2B5+*Jn$>kWP5#S>t3<5KT`Rn@{hW36=(wKhw6Q(`@<6eQE}iHfZ8W*)?S z-kBDQi~}_IhHT*7ubS|bXZSIDvnn|QYaG# z{B-lmX7}a~r@+r2zq*fZ|C=K{rW2{V$f4Q5PAs)jxkM7P#<)}E)o?C!YpgepJSprO N0=wS)^2w#s{{XdE&1V1r delta 163 zcmV;U09^lz&I0?r0 RlQ5hMv&Ngu1GDU(9|zteN=X0!