Add root ca cert for telemetry configuration #1363

Merged
fyrchik merged 2 commits from AlekseySVTN/frostfs-node:add-root-ca-cert-for-telemetry-configuration into master 2024-09-13 15:12:49 +00:00
Member

Signed-off-by: Aleksey Savaitan a.savaitan@yadro.com

Signed-off-by: Aleksey Savaitan <a.savaitan@yadro.com>
AlekseySVTN reviewed 2024-09-10 08:30:09 +00:00
@ -17,0 +14,4 @@
conf, err := tracingconfig.ToTracingConfig(c.appCfg)
if err != nil {
c.log.Error(logs.FrostFSNodeFailedInitTracing, zap.Error(err))
return
Author
Member

Need to think about "return" here.

Need to think about "return" here.
fyrchik changed title from WIP #1361 Add root ca cert for telemetry configuration to WIP: Add root ca cert for telemetry configuration 2024-09-10 08:44:33 +00:00
fyrchik reviewed 2024-09-10 08:57:53 +00:00
@ -256,2 +256,3 @@
"endpoint": "localhost:9090",
"exporter": "otlp_grpc"
"exporter": "otlp_grpc",
"caCert": ""
Owner

trusted_ca or trusted_ca_list (as we already have in other places, though, I am not sure we want an array here)

`trusted_ca` or `trusted_ca_list` (as we already have in other places, though, I am not sure we want an array here)
Author
Member

We have decided to use trusted_ca for first steps.

We have decided to use trusted_ca for first steps.
AlekseySVTN force-pushed add-root-ca-cert-for-telemetry-configuration from b16d4b10c6 to 4036461500 2024-09-10 08:59:04 +00:00 Compare
fyrchik reviewed 2024-09-10 09:21:59 +00:00
@ -23,0 +26,4 @@
if caCert := config.StringSafe(c.Sub(subsection), "caCert"); caCert != "" {
certPool := x509.NewCertPool()
ok := certPool.AppendCertsFromPEM([]byte(caCert))
Owner

Ehm, do you expect the whole certificate to be inlined in the configuration?
It is much better to accept path, as we already do.

Ehm, do you expect the whole certificate to be inlined in the configuration? It is much better to accept path, as we already do.
Author
Member

Fixed, we have decided to use path on FS.

Fixed, we have decided to use path on FS.
fyrchik marked this conversation as resolved
AlekseySVTN force-pushed add-root-ca-cert-for-telemetry-configuration from 4036461500 to 81350b33d5 2024-09-12 08:28:35 +00:00 Compare
AlekseySVTN force-pushed add-root-ca-cert-for-telemetry-configuration from 81350b33d5 to ab2746c2e8 2024-09-12 10:10:32 +00:00 Compare
AlekseySVTN force-pushed add-root-ca-cert-for-telemetry-configuration from ab2746c2e8 to ec6ff3c9d5 2024-09-12 10:11:28 +00:00 Compare
AlekseySVTN force-pushed add-root-ca-cert-for-telemetry-configuration from ec6ff3c9d5 to df007b9671 2024-09-12 10:12:18 +00:00 Compare
AlekseySVTN force-pushed add-root-ca-cert-for-telemetry-configuration from df007b9671 to a8a979917b 2024-09-12 10:19:27 +00:00 Compare
AlekseySVTN changed title from WIP: Add root ca cert for telemetry configuration to Add root ca cert for telemetry configuration 2024-09-12 10:19:29 +00:00
AlekseySVTN requested review from fyrchik 2024-09-12 10:19:54 +00:00
AlekseySVTN requested review from dstepanov-yadro 2024-09-12 10:20:28 +00:00
AlekseySVTN reviewed 2024-09-12 10:21:42 +00:00
@ -17,2 +14,4 @@
conf, err := tracingconfig.ToTracingConfig(c.appCfg)
if err != nil {
c.log.Error(logs.FrostFSNodeFailedInitTracing, zap.Error(err))
} else {
Author
Member

Please, check it. It seems to be more good to paste return after c.log on 16 and on 20 line.
@dstepanov-yadro @fyrchik

Please, check it. It seems to be more good to paste return after c.log on 16 and on 20 line. @dstepanov-yadro @fyrchik

agree

agree
Author
Member

Fixed.

Fixed.
AlekseySVTN force-pushed add-root-ca-cert-for-telemetry-configuration from a8a979917b to 9013b6a737 2024-09-12 10:29:20 +00:00 Compare
fyrchik approved these changes 2024-09-12 13:02:55 +00:00
Dismissed
@ -256,2 +256,3 @@
"endpoint": "localhost:9090",
"exporter": "otlp_grpc"
"exporter": "otlp_grpc",
"trusted_ca": ""
Owner

These values are used in tests, it would be nice to use some non-empty value here, e.g. /etc/ssl/tracing.pem

These values are used in tests, it would be nice to use some non-empty value here, e.g. `/etc/ssl/tracing.pem`
Author
Member

Fixed.

Fixed.
Owner

Can we avoid updating gRPC? It introduced deprecated warnings

Can we avoid updating gRPC? It introduced `deprecated` warnings
AlekseySVTN force-pushed add-root-ca-cert-for-telemetry-configuration from 9013b6a737 to d04b95ee23 2024-09-12 14:24:17 +00:00 Compare
AlekseySVTN dismissed fyrchik's review 2024-09-12 14:24:18 +00:00
Reason:

New commits pushed, approval review dismissed automatically according to repository settings

Author
Member

Can we avoid updating gRPC? It introduced deprecated warnings

Do you mean "paste nolint staticcheck"? Or something else (turn of ci/cd lintier for pr/ etc..)? Or may be put grpc.NewClient as linter says?

> Can we avoid updating gRPC? It introduced `deprecated` warnings Do you mean "paste nolint staticcheck"? Or something else (turn of ci/cd lintier for pr/ etc..)? Or may be put grpc.NewClient as linter says?
AlekseySVTN force-pushed add-root-ca-cert-for-telemetry-configuration from d04b95ee23 to a883ac4a4c 2024-09-12 14:27:10 +00:00 Compare
AlekseySVTN reviewed 2024-09-12 14:28:05 +00:00
@ -1278,7 +1278,6 @@ func (c *cfg) reloadConfig(ctx context.Context) {
// all the components are expected to support
// Logger's dynamic reconfiguration approach
var components []dCmp
Author
Member

Refactoring reason: linter - funlen 82>80.

Refactoring reason: linter - funlen 82>80.

It is better to put the refactoring in a separate commit.

It is better to put the refactoring in a separate commit.
Author
Member

Fixed

Fixed
AlekseySVTN force-pushed add-root-ca-cert-for-telemetry-configuration from a883ac4a4c to 368a8f6fc4 2024-09-12 14:34:10 +00:00 Compare

Can we avoid updating gRPC? It introduced deprecated warnings

Do you mean "paste nolint staticcheck"? Or something else (turn of ci/cd lintier for pr/ etc..)? Or may be put grpc.NewClient as linter says?

gopls check can't be disabled: https://github.com/golang/go/issues/50764 with source code annotation

> > Can we avoid updating gRPC? It introduced `deprecated` warnings > > Do you mean "paste nolint staticcheck"? Or something else (turn of ci/cd lintier for pr/ etc..)? Or may be put grpc.NewClient as linter says? > > `gopls` check can't be disabled: https://github.com/golang/go/issues/50764 with source code annotation
AlekseySVTN force-pushed add-root-ca-cert-for-telemetry-configuration from 368a8f6fc4 to c46c605341 2024-09-12 14:43:37 +00:00 Compare
AlekseySVTN force-pushed add-root-ca-cert-for-telemetry-configuration from c46c605341 to 87620d71f6 2024-09-12 14:48:56 +00:00 Compare
Author
Member

Can we avoid updating gRPC? It introduced deprecated warnings

Do you mean "paste nolint staticcheck"? Or something else (turn of ci/cd lintier for pr/ etc..)? Or may be put grpc.NewClient as linter says?

gopls check can't be disabled: https://github.com/golang/go/issues/50764 with source code annotation

Agree, I did't find solution to skip gopls suggestions.
So, should I remove "WithBlock" and replace DialContext to NewClient by gopls suggestions? Or any other ideas exits?

> > > Can we avoid updating gRPC? It introduced `deprecated` warnings > > > > Do you mean "paste nolint staticcheck"? Or something else (turn of ci/cd lintier for pr/ etc..)? Or may be put grpc.NewClient as linter says? > > > > > > `gopls` check can't be disabled: https://github.com/golang/go/issues/50764 with source code annotation Agree, I did't find solution to skip gopls suggestions. So, should I remove "WithBlock" and replace DialContext to NewClient by gopls suggestions? Or any other ideas exits?

Can we avoid updating gRPC? It introduced deprecated warnings

Do you mean "paste nolint staticcheck"? Or something else (turn of ci/cd lintier for pr/ etc..)? Or may be put grpc.NewClient as linter says?

gopls check can't be disabled: https://github.com/golang/go/issues/50764 with source code annotation

Agree, I did't find solution to skip gopls suggestions.
So, should I remove "WithBlock" and replace DialContext to NewClient by gopls suggestions? Or any other ideas exits?

Will fix here #1374

> > > > Can we avoid updating gRPC? It introduced `deprecated` warnings > > > > > > Do you mean "paste nolint staticcheck"? Or something else (turn of ci/cd lintier for pr/ etc..)? Or may be put grpc.NewClient as linter says? > > > > > > > > > > `gopls` check can't be disabled: https://github.com/golang/go/issues/50764 with source code annotation > > Agree, I did't find solution to skip gopls suggestions. > So, should I remove "WithBlock" and replace DialContext to NewClient by gopls suggestions? Or any other ideas exits? Will fix here https://git.frostfs.info/TrueCloudLab/frostfs-node/pulls/1374

Can we avoid updating gRPC? It introduced deprecated warnings

Do you mean "paste nolint staticcheck"? Or something else (turn of ci/cd lintier for pr/ etc..)? Or may be put grpc.NewClient as linter says?

gopls check can't be disabled: https://github.com/golang/go/issues/50764 with source code annotation

Agree, I did't find solution to skip gopls suggestions.
So, should I remove "WithBlock" and replace DialContext to NewClient by gopls suggestions? Or any other ideas exits?

you can rebase

> > > > Can we avoid updating gRPC? It introduced `deprecated` warnings > > > > > > Do you mean "paste nolint staticcheck"? Or something else (turn of ci/cd lintier for pr/ etc..)? Or may be put grpc.NewClient as linter says? > > > > > > > > > > `gopls` check can't be disabled: https://github.com/golang/go/issues/50764 with source code annotation > > Agree, I did't find solution to skip gopls suggestions. > So, should I remove "WithBlock" and replace DialContext to NewClient by gopls suggestions? Or any other ideas exits? you can rebase
AlekseySVTN force-pushed add-root-ca-cert-for-telemetry-configuration from 87620d71f6 to 7bbe90803c 2024-09-13 14:19:46 +00:00 Compare
Author
Member

Can we avoid updating gRPC? It introduced deprecated warnings

Do you mean "paste nolint staticcheck"? Or something else (turn of ci/cd lintier for pr/ etc..)? Or may be put grpc.NewClient as linter says?

gopls check can't be disabled: https://github.com/golang/go/issues/50764 with source code annotation

Agree, I did't find solution to skip gopls suggestions.
So, should I remove "WithBlock" and replace DialContext to NewClient by gopls suggestions? Or any other ideas exits?

you can rebase

Thanks, done.

> > > > > Can we avoid updating gRPC? It introduced `deprecated` warnings > > > > > > > > Do you mean "paste nolint staticcheck"? Or something else (turn of ci/cd lintier for pr/ etc..)? Or may be put grpc.NewClient as linter says? > > > > > > > > > > > > > > `gopls` check can't be disabled: https://github.com/golang/go/issues/50764 with source code annotation > > > > Agree, I did't find solution to skip gopls suggestions. > > So, should I remove "WithBlock" and replace DialContext to NewClient by gopls suggestions? Or any other ideas exits? > > you can rebase Thanks, done.
dstepanov-yadro approved these changes 2024-09-13 14:37:26 +00:00
fyrchik merged commit 96308a26c6 into master 2024-09-13 15:12:49 +00:00
Sign in to join this conversation.
No reviewers
No milestone
No project
No assignees
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: TrueCloudLab/frostfs-node#1363
No description provided.