TrueCloudLab/frostfs-node
18
1
Fork 27
Code Issues 94 Pull requests 3 Projects Releases 1 Activity Actions

Add root ca cert for telemetry configuration #1363

Merged
fyrchik merged 2 commits from AlekseySVTN/frostfs-node:add-root-ca-cert-for-telemetry-configuration into master 2024-09-13 15:12:49 +00:00
Conversation 7 Commits 2 Files changed 8 +87 -50
AlekseySVTN commented 2024-09-10 08:28:09 +00:00
Member
Copy link

Signed-off-by: Aleksey Savaitan a.savaitan@yadro.com

Signed-off-by: Aleksey Savaitan <a.savaitan@yadro.com>
AlekseySVTN added 1 commit 2024-09-10 08:28:10 +00:00
#1361 Add root ca cert for telemetry configuration
Some checks failed
Build / Build Components (pull_request) Has been cancelled
Details
DCO action / DCO (pull_request) Has been cancelled
Details
Pre-commit hooks / Pre-commit (pull_request) Has been cancelled
Details
Tests and linters / Lint (pull_request) Has been cancelled
Details
Tests and linters / Tests (pull_request) Has been cancelled
Details
Tests and linters / Tests with -race (pull_request) Has been cancelled
Details
Tests and linters / Staticcheck (pull_request) Has been cancelled
Details
Tests and linters / gopls check (pull_request) Has been cancelled
Details
Tests and linters / Run gofumpt (pull_request) Has been cancelled
Details
Vulncheck / Vulncheck (pull_request) Has been cancelled
Details
b16d4b10c6 
Signed-off-by: Aleksey Savaitan <a.savaitan@yadro.com>
AlekseySVTN reviewed 2024-09-10 08:30:09 +00:00
cmd/frostfs-node/tracing.go Outdated
@ -17,0 +14,4 @@
conf, err := tracingconfig.ToTracingConfig(c.appCfg)
if err != nil {
c.log.Error(logs.FrostFSNodeFailedInitTracing, zap.Error(err))
return
AlekseySVTN commented 2024-09-10 08:30:09 +00:00
Author
Member
Copy link

Need to think about "return" here.

Need to think about "return" here.
fyrchik changed title from WIP #1361 Add root ca cert for telemetry configuration to WIP: Add root ca cert for telemetry configuration 2024-09-10 08:44:33 +00:00
fyrchik reviewed 2024-09-10 08:57:53 +00:00
config/example/node.json Outdated
@ -256,2 +256,3 @@
"endpoint": "localhost:9090",
"exporter": "otlp_grpc"
"exporter": "otlp_grpc",
"caCert": ""
fyrchik commented 2024-09-10 08:57:53 +00:00
Owner
Copy link

trusted_ca or trusted_ca_list (as we already have in other places, though, I am not sure we want an array here)

`trusted_ca` or `trusted_ca_list` (as we already have in other places, though, I am not sure we want an array here)
AlekseySVTN commented 2024-09-12 09:58:18 +00:00
Author
Member
Copy link

We have decided to use trusted_ca for first steps.

We have decided to use trusted_ca for first steps.
AlekseySVTN force-pushed add-root-ca-cert-for-telemetry-configuration from b16d4b10c6 to 4036461500 2024-09-10 08:59:04 +00:00 Compare
fyrchik reviewed 2024-09-10 09:21:59 +00:00
cmd/frostfs-node/config/tracing/config.go Outdated
@ -23,0 +26,4 @@
if caCert := config.StringSafe(c.Sub(subsection), "caCert"); caCert != "" {
certPool := x509.NewCertPool()
ok := certPool.AppendCertsFromPEM([]byte(caCert))
fyrchik commented 2024-09-10 09:21:59 +00:00
Owner
Copy link

Ehm, do you expect the whole certificate to be inlined in the configuration?
It is much better to accept path, as we already do.

Ehm, do you expect the whole certificate to be inlined in the configuration? It is much better to accept path, as we already do.
AlekseySVTN commented 2024-09-12 09:58:46 +00:00
Author
Member
Copy link

Fixed, we have decided to use path on FS.

Fixed, we have decided to use path on FS.
fyrchik marked this conversation as resolved
AlekseySVTN force-pushed add-root-ca-cert-for-telemetry-configuration from 4036461500 to 81350b33d5 2024-09-12 08:28:35 +00:00 Compare
AlekseySVTN force-pushed add-root-ca-cert-for-telemetry-configuration from 81350b33d5 to ab2746c2e8 2024-09-12 10:10:32 +00:00 Compare
AlekseySVTN force-pushed add-root-ca-cert-for-telemetry-configuration from ab2746c2e8 to ec6ff3c9d5 2024-09-12 10:11:28 +00:00 Compare
AlekseySVTN force-pushed add-root-ca-cert-for-telemetry-configuration from ec6ff3c9d5 to df007b9671 2024-09-12 10:12:18 +00:00 Compare
AlekseySVTN force-pushed add-root-ca-cert-for-telemetry-configuration from df007b9671 to a8a979917b 2024-09-12 10:19:27 +00:00 Compare
AlekseySVTN changed title from WIP: Add root ca cert for telemetry configuration to Add root ca cert for telemetry configuration 2024-09-12 10:19:29 +00:00
AlekseySVTN requested review from fyrchik 2024-09-12 10:19:54 +00:00
AlekseySVTN requested review from dstepanov-yadro 2024-09-12 10:20:28 +00:00
AlekseySVTN reviewed 2024-09-12 10:21:42 +00:00
cmd/frostfs-node/tracing.go Outdated
@ -17,2 +14,4 @@
conf, err := tracingconfig.ToTracingConfig(c.appCfg)
if err != nil {
c.log.Error(logs.FrostFSNodeFailedInitTracing, zap.Error(err))
} else {
AlekseySVTN commented 2024-09-12 10:21:42 +00:00
Author
Member
Copy link

Please, check it. It seems to be more good to paste return after c.log on 16 and on 20 line.
@dstepanov-yadro @fyrchik

Please, check it. It seems to be more good to paste return after c.log on 16 and on 20 line. @dstepanov-yadro @fyrchik
dstepanov-yadro commented 2024-09-12 13:11:45 +00:00
Member
Copy link

agree

agree
👍 1
AlekseySVTN commented 2024-09-12 14:24:25 +00:00
Author
Member
Copy link

Fixed.

Fixed.
AlekseySVTN force-pushed add-root-ca-cert-for-telemetry-configuration from a8a979917b to 9013b6a737 2024-09-12 10:29:20 +00:00 Compare
fyrchik approved these changes 2024-09-12 13:02:55 +00:00
Dismissed
config/example/node.json Outdated
@ -256,2 +256,3 @@
"endpoint": "localhost:9090",
"exporter": "otlp_grpc"
"exporter": "otlp_grpc",
"trusted_ca": ""
fyrchik commented 2024-09-12 13:02:52 +00:00
Owner
Copy link

These values are used in tests, it would be nice to use some non-empty value here, e.g. /etc/ssl/tracing.pem

These values are used in tests, it would be nice to use some non-empty value here, e.g. `/etc/ssl/tracing.pem`
AlekseySVTN commented 2024-09-12 14:24:39 +00:00
Author
Member
Copy link

Fixed.

Fixed.
fyrchik commented 2024-09-12 13:08:08 +00:00
Owner
Copy link

Can we avoid updating gRPC? It introduced deprecated warnings

Can we avoid updating gRPC? It introduced `deprecated` warnings
AlekseySVTN force-pushed add-root-ca-cert-for-telemetry-configuration from 9013b6a737 to d04b95ee23 2024-09-12 14:24:17 +00:00 Compare
AlekseySVTN dismissed fyrchik's review 2024-09-12 14:24:18 +00:00
Reason:

New commits pushed, approval review dismissed automatically according to repository settings

AlekseySVTN commented 2024-09-12 14:26:14 +00:00
Author
Member
Copy link

Can we avoid updating gRPC? It introduced deprecated warnings

Do you mean "paste nolint staticcheck"? Or something else (turn of ci/cd lintier for pr/ etc..)? Or may be put grpc.NewClient as linter says?

> Can we avoid updating gRPC? It introduced `deprecated` warnings Do you mean "paste nolint staticcheck"? Or something else (turn of ci/cd lintier for pr/ etc..)? Or may be put grpc.NewClient as linter says?
AlekseySVTN force-pushed add-root-ca-cert-for-telemetry-configuration from d04b95ee23 to a883ac4a4c 2024-09-12 14:27:10 +00:00 Compare
AlekseySVTN reviewed 2024-09-12 14:28:05 +00:00
cmd/frostfs-node/config.go Outdated
@ -1278,7 +1278,6 @@ func (c *cfg) reloadConfig(ctx context.Context) {
// all the components are expected to support
// Logger's dynamic reconfiguration approach
var components []dCmp
AlekseySVTN commented 2024-09-12 14:28:05 +00:00
Author
Member
Copy link

Refactoring reason: linter - funlen 82>80.

Refactoring reason: linter - funlen 82>80.
dstepanov-yadro commented 2024-09-12 14:33:18 +00:00
Member
Copy link

It is better to put the refactoring in a separate commit.

It is better to put the refactoring in a separate commit.
AlekseySVTN commented 2024-09-12 14:45:27 +00:00
Author
Member
Copy link

Fixed

Fixed
AlekseySVTN force-pushed add-root-ca-cert-for-telemetry-configuration from a883ac4a4c to 368a8f6fc4 2024-09-12 14:34:10 +00:00 Compare
dstepanov-yadro commented 2024-09-12 14:41:48 +00:00
Member
Copy link

Can we avoid updating gRPC? It introduced deprecated warnings

Do you mean "paste nolint staticcheck"? Or something else (turn of ci/cd lintier for pr/ etc..)? Or may be put grpc.NewClient as linter says?

gopls check can't be disabled: https://github.com/golang/go/issues/50764 with source code annotation

> > Can we avoid updating gRPC? It introduced `deprecated` warnings > > Do you mean "paste nolint staticcheck"? Or something else (turn of ci/cd lintier for pr/ etc..)? Or may be put grpc.NewClient as linter says? > > `gopls` check can't be disabled: https://github.com/golang/go/issues/50764 with source code annotation
AlekseySVTN force-pushed add-root-ca-cert-for-telemetry-configuration from 368a8f6fc4 to c46c605341 2024-09-12 14:43:37 +00:00 Compare
AlekseySVTN force-pushed add-root-ca-cert-for-telemetry-configuration from c46c605341 to 87620d71f6 2024-09-12 14:48:56 +00:00 Compare
AlekseySVTN commented 2024-09-13 08:02:30 +00:00
Author
Member
Copy link

Can we avoid updating gRPC? It introduced deprecated warnings

Do you mean "paste nolint staticcheck"? Or something else (turn of ci/cd lintier for pr/ etc..)? Or may be put grpc.NewClient as linter says?

gopls check can't be disabled: https://github.com/golang/go/issues/50764 with source code annotation

Agree, I did't find solution to skip gopls suggestions.
So, should I remove "WithBlock" and replace DialContext to NewClient by gopls suggestions? Or any other ideas exits?

> > > Can we avoid updating gRPC? It introduced `deprecated` warnings > > > > Do you mean "paste nolint staticcheck"? Or something else (turn of ci/cd lintier for pr/ etc..)? Or may be put grpc.NewClient as linter says? > > > > > > `gopls` check can't be disabled: https://github.com/golang/go/issues/50764 with source code annotation Agree, I did't find solution to skip gopls suggestions. So, should I remove "WithBlock" and replace DialContext to NewClient by gopls suggestions? Or any other ideas exits?
dstepanov-yadro commented 2024-09-13 12:06:37 +00:00
Member
Copy link

Can we avoid updating gRPC? It introduced deprecated warnings

Do you mean "paste nolint staticcheck"? Or something else (turn of ci/cd lintier for pr/ etc..)? Or may be put grpc.NewClient as linter says?

gopls check can't be disabled: https://github.com/golang/go/issues/50764 with source code annotation

Agree, I did't find solution to skip gopls suggestions.
So, should I remove "WithBlock" and replace DialContext to NewClient by gopls suggestions? Or any other ideas exits?

Will fix here #1374

> > > > Can we avoid updating gRPC? It introduced `deprecated` warnings > > > > > > Do you mean "paste nolint staticcheck"? Or something else (turn of ci/cd lintier for pr/ etc..)? Or may be put grpc.NewClient as linter says? > > > > > > > > > > `gopls` check can't be disabled: https://github.com/golang/go/issues/50764 with source code annotation > > Agree, I did't find solution to skip gopls suggestions. > So, should I remove "WithBlock" and replace DialContext to NewClient by gopls suggestions? Or any other ideas exits? Will fix here https://git.frostfs.info/TrueCloudLab/frostfs-node/pulls/1374
dstepanov-yadro commented 2024-09-13 13:14:08 +00:00
Member
Copy link

Can we avoid updating gRPC? It introduced deprecated warnings

Do you mean "paste nolint staticcheck"? Or something else (turn of ci/cd lintier for pr/ etc..)? Or may be put grpc.NewClient as linter says?

gopls check can't be disabled: https://github.com/golang/go/issues/50764 with source code annotation

Agree, I did't find solution to skip gopls suggestions.
So, should I remove "WithBlock" and replace DialContext to NewClient by gopls suggestions? Or any other ideas exits?

you can rebase

> > > > Can we avoid updating gRPC? It introduced `deprecated` warnings > > > > > > Do you mean "paste nolint staticcheck"? Or something else (turn of ci/cd lintier for pr/ etc..)? Or may be put grpc.NewClient as linter says? > > > > > > > > > > `gopls` check can't be disabled: https://github.com/golang/go/issues/50764 with source code annotation > > Agree, I did't find solution to skip gopls suggestions. > So, should I remove "WithBlock" and replace DialContext to NewClient by gopls suggestions? Or any other ideas exits? you can rebase
AlekseySVTN force-pushed add-root-ca-cert-for-telemetry-configuration from 87620d71f6 to 7bbe90803c 2024-09-13 14:19:46 +00:00 Compare
AlekseySVTN commented 2024-09-13 14:22:18 +00:00
Author
Member
Copy link

Can we avoid updating gRPC? It introduced deprecated warnings

Do you mean "paste nolint staticcheck"? Or something else (turn of ci/cd lintier for pr/ etc..)? Or may be put grpc.NewClient as linter says?

gopls check can't be disabled: https://github.com/golang/go/issues/50764 with source code annotation

Agree, I did't find solution to skip gopls suggestions.
So, should I remove "WithBlock" and replace DialContext to NewClient by gopls suggestions? Or any other ideas exits?

you can rebase

Thanks, done.

> > > > > Can we avoid updating gRPC? It introduced `deprecated` warnings > > > > > > > > Do you mean "paste nolint staticcheck"? Or something else (turn of ci/cd lintier for pr/ etc..)? Or may be put grpc.NewClient as linter says? > > > > > > > > > > > > > > `gopls` check can't be disabled: https://github.com/golang/go/issues/50764 with source code annotation > > > > Agree, I did't find solution to skip gopls suggestions. > > So, should I remove "WithBlock" and replace DialContext to NewClient by gopls suggestions? Or any other ideas exits? > > you can rebase Thanks, done.
dstepanov-yadro approved these changes 2024-09-13 14:37:26 +00:00
fyrchik merged commit 96308a26c6 into master 2024-09-13 15:12:49 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
fyrchik
dstepanov-yadro
Labels
Clear labels   
P0

Highest

  
P1

High

  
P2

Medium

  
P3

Low

  
badger

Badger DB related issues

  
frostfs-adm

   
frostfs-cli

   
frostfs-ir

   
frostfs-lens

   
frostfs-node

   
good first issue

Good for newcomers

  
triage
  
Infrastructure

Infrastructure, Automation, CI/CD or DevOps related stuff

  
blocked

The issue or PR is blocked by something

  
bug

Something is not working

  
config

Configuration format update or breaking change

  
discussion

Talking about something in order to reach a decision or to exchange ideas

  
documentation

Documentation related

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
go

Language features adoption

  
help wanted

Extra attention is needed

  
internal

   
invalid

Something is wrong

  
kludge

This is a kludge and we know it

  
observability

Related to metrics, tracing and logs

  
perfomance

Perfomance related

  
question

More information is needed

  
refactoring

Refactoring

  
wontfix

This won't be fixed

No labels
P0
P1
P2
P3
badger
frostfs-adm
frostfs-cli
frostfs-ir
frostfs-lens
frostfs-node
good first issue
triage
Infrastructure
blocked
bug
config
discussion
documentation
duplicate
enhancement
go
help wanted
internal
invalid
kludge
observability
perfomance
question
refactoring
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: TrueCloudLab/frostfs-node#1363
No description provided.
Delete branch "AlekseySVTN/frostfs-node:add-root-ca-cert-for-telemetry-configuration"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?