Add root ca cert for telemetry configuration #1363
8 changed files with 87 additions and 50 deletions
|
@ -1278,7 +1278,6 @@ func (c *cfg) reloadConfig(ctx context.Context) {
|
||||||
|
|
||||||
// all the components are expected to support
|
// all the components are expected to support
|
||||||
// Logger's dynamic reconfiguration approach
|
// Logger's dynamic reconfiguration approach
|
||||||
var components []dCmp
|
|
||||||
|
|
||||||
// Logger
|
// Logger
|
||||||
|
|
||||||
|
@ -1288,34 +1287,7 @@ func (c *cfg) reloadConfig(ctx context.Context) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
components = append(components, dCmp{"logger", logPrm.Reload})
|
components := c.getComponents(ctx, logPrm)
|
||||||
components = append(components, dCmp{"runtime", func() error {
|
|
||||||
setRuntimeParameters(c)
|
|
||||||
return nil
|
|
||||||
}})
|
|
||||||
components = append(components, dCmp{"audit", func() error {
|
|
||||||
c.audit.Store(audit.Enabled(c.appCfg))
|
|
||||||
return nil
|
|
||||||
}})
|
|
||||||
components = append(components, dCmp{"pools", c.reloadPools})
|
|
||||||
components = append(components, dCmp{"tracing", func() error {
|
|
||||||
updated, err := tracing.Setup(ctx, *tracingconfig.ToTracingConfig(c.appCfg))
|
|
||||||
if updated {
|
|
||||||
c.log.Info(logs.FrostFSNodeTracingConfigationUpdated)
|
|
||||||
}
|
|
||||||
return err
|
|
||||||
}})
|
|
||||||
if cmp, updated := metricsComponent(c); updated {
|
|
||||||
if cmp.enabled {
|
|
||||||
cmp.preReload = enableMetricsSvc
|
|
||||||
} else {
|
|
||||||
cmp.preReload = disableMetricsSvc
|
|
||||||
}
|
|
||||||
components = append(components, dCmp{cmp.name, func() error { return cmp.reload(ctx) }})
|
|
||||||
}
|
|
||||||
if cmp, updated := pprofComponent(c); updated {
|
|
||||||
components = append(components, dCmp{cmp.name, func() error { return cmp.reload(ctx) }})
|
|
||||||
}
|
|
||||||
|
|
||||||
// Storage Engine
|
// Storage Engine
|
||||||
|
|
||||||
|
@ -1342,6 +1314,45 @@ func (c *cfg) reloadConfig(ctx context.Context) {
|
||||||
c.log.Info(logs.FrostFSNodeConfigurationHasBeenReloadedSuccessfully)
|
c.log.Info(logs.FrostFSNodeConfigurationHasBeenReloadedSuccessfully)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c *cfg) getComponents(ctx context.Context, logPrm *logger.Prm) []dCmp {
|
||||||
|
var components []dCmp
|
||||||
|
|
||||||
|
components = append(components, dCmp{"logger", logPrm.Reload})
|
||||||
|
components = append(components, dCmp{"runtime", func() error {
|
||||||
|
setRuntimeParameters(c)
|
||||||
|
return nil
|
||||||
|
}})
|
||||||
|
components = append(components, dCmp{"audit", func() error {
|
||||||
|
c.audit.Store(audit.Enabled(c.appCfg))
|
||||||
|
return nil
|
||||||
|
}})
|
||||||
|
components = append(components, dCmp{"pools", c.reloadPools})
|
||||||
|
components = append(components, dCmp{"tracing", func() error {
|
||||||
|
traceConfig, err := tracingconfig.ToTracingConfig(c.appCfg)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
updated, err := tracing.Setup(ctx, *traceConfig)
|
||||||
|
if updated {
|
||||||
|
c.log.Info(logs.FrostFSNodeTracingConfigationUpdated)
|
||||||
|
}
|
||||||
|
return err
|
||||||
|
}})
|
||||||
|
if cmp, updated := metricsComponent(c); updated {
|
||||||
|
if cmp.enabled {
|
||||||
|
cmp.preReload = enableMetricsSvc
|
||||||
|
} else {
|
||||||
|
cmp.preReload = disableMetricsSvc
|
||||||
|
}
|
||||||
|
components = append(components, dCmp{cmp.name, func() error { return cmp.reload(ctx) }})
|
||||||
|
}
|
||||||
|
if cmp, updated := pprofComponent(c); updated {
|
||||||
|
components = append(components, dCmp{cmp.name, func() error { return cmp.reload(ctx) }})
|
||||||
|
}
|
||||||
|
|
||||||
|
return components
|
||||||
|
}
|
||||||
|
|
||||||
func (c *cfg) reloadPools() error {
|
func (c *cfg) reloadPools() error {
|
||||||
newSize := objectconfig.Put(c.appCfg).PoolSizeLocal()
|
newSize := objectconfig.Put(c.appCfg).PoolSizeLocal()
|
||||||
c.reloadPool(c.cfgObject.pool.putLocal, newSize, "object.put.local_pool_size")
|
c.reloadPool(c.cfgObject.pool.putLocal, newSize, "object.put.local_pool_size")
|
||||||
|
|
|
@ -1,6 +1,11 @@
|
||||||
package tracing
|
package tracing
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/x509"
|
||||||
|
"errors"
|
||||||
|
"fmt"
|
||||||
|
"os"
|
||||||
|
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config"
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-node/misc"
|
"git.frostfs.info/TrueCloudLab/frostfs-node/misc"
|
||||||
"git.frostfs.info/TrueCloudLab/frostfs-observability/tracing"
|
"git.frostfs.info/TrueCloudLab/frostfs-observability/tracing"
|
||||||
|
@ -11,8 +16,8 @@ const (
|
||||||
)
|
)
|
||||||
|
|
||||||
// ToTracingConfig extracts tracing config.
|
// ToTracingConfig extracts tracing config.
|
||||||
func ToTracingConfig(c *config.Config) *tracing.Config {
|
func ToTracingConfig(c *config.Config) (*tracing.Config, error) {
|
||||||
return &tracing.Config{
|
conf := &tracing.Config{
|
||||||
Enabled: config.BoolSafe(c.Sub(subsection), "enabled"),
|
Enabled: config.BoolSafe(c.Sub(subsection), "enabled"),
|
||||||
Exporter: tracing.Exporter(config.StringSafe(c.Sub(subsection), "exporter")),
|
Exporter: tracing.Exporter(config.StringSafe(c.Sub(subsection), "exporter")),
|
||||||
Endpoint: config.StringSafe(c.Sub(subsection), "endpoint"),
|
Endpoint: config.StringSafe(c.Sub(subsection), "endpoint"),
|
||||||
|
@ -20,6 +25,20 @@ func ToTracingConfig(c *config.Config) *tracing.Config {
|
||||||
InstanceID: getInstanceIDOrDefault(c),
|
InstanceID: getInstanceIDOrDefault(c),
|
||||||
Version: misc.Version,
|
Version: misc.Version,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if trustedCa := config.StringSafe(c.Sub(subsection), "trusted_ca"); trustedCa != "" {
|
||||||
|
caBytes, err := os.ReadFile(trustedCa)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("cannot read trusted ca cert by path: %w", err)
|
||||||
|
}
|
||||||
|
certPool := x509.NewCertPool()
|
||||||
|
ok := certPool.AppendCertsFromPEM(caBytes)
|
||||||
|
if !ok {
|
||||||
|
return nil, errors.New("can't fill cert pool by ca cert")
|
||||||
|
}
|
||||||
|
conf.ServerCaCertPool = certPool
|
||||||
|
}
|
||||||
|
return conf, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func getInstanceIDOrDefault(c *config.Config) string {
|
func getInstanceIDOrDefault(c *config.Config) string {
|
||||||
|
|
|
@ -11,11 +11,15 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func initTracing(ctx context.Context, c *cfg) {
|
func initTracing(ctx context.Context, c *cfg) {
|
||||||
conf := tracingconfig.ToTracingConfig(c.appCfg)
|
conf, err := tracingconfig.ToTracingConfig(c.appCfg)
|
||||||
|
|
||||||
_, err := tracing.Setup(ctx, *conf)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
c.log.Error(logs.FrostFSNodeFailedInitTracing, zap.Error(err))
|
c.log.Error(logs.FrostFSNodeFailedInitTracing, zap.Error(err))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
_, err = tracing.Setup(ctx, *conf)
|
||||||
|
if err != nil {
|
||||||
|
c.log.Error(logs.FrostFSNodeFailedInitTracing, zap.Error(err))
|
||||||
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
c.closers = append(c.closers, closer{
|
c.closers = append(c.closers, closer{
|
||||||
|
|
|
@ -199,6 +199,7 @@ FROSTFS_STORAGE_SHARD_1_GC_REMOVER_SLEEP_INTERVAL=5m
|
||||||
FROSTFS_TRACING_ENABLED=true
|
FROSTFS_TRACING_ENABLED=true
|
||||||
FROSTFS_TRACING_ENDPOINT="localhost"
|
FROSTFS_TRACING_ENDPOINT="localhost"
|
||||||
FROSTFS_TRACING_EXPORTER="otlp_grpc"
|
FROSTFS_TRACING_EXPORTER="otlp_grpc"
|
||||||
|
FROSTFS_TRACING_TRUSTED_CA=""
|
||||||
|
|
||||||
FROSTFS_RUNTIME_SOFT_MEMORY_LIMIT=1073741824
|
FROSTFS_RUNTIME_SOFT_MEMORY_LIMIT=1073741824
|
||||||
|
|
||||||
|
|
|
@ -255,7 +255,8 @@
|
||||||
"tracing": {
|
"tracing": {
|
||||||
"enabled": true,
|
"enabled": true,
|
||||||
"endpoint": "localhost:9090",
|
"endpoint": "localhost:9090",
|
||||||
"exporter": "otlp_grpc"
|
"exporter": "otlp_grpc",
|
||||||
|
"trusted_ca": "/etc/ssl/tracing.pem"
|
||||||
},
|
},
|
||||||
"runtime": {
|
"runtime": {
|
||||||
"soft_memory_limit": 1073741824
|
"soft_memory_limit": 1073741824
|
||||||
|
|
|
@ -231,6 +231,7 @@ tracing:
|
||||||
enabled: true
|
enabled: true
|
||||||
exporter: "otlp_grpc"
|
exporter: "otlp_grpc"
|
||||||
endpoint: "localhost"
|
endpoint: "localhost"
|
||||||
|
trusted_ca: ""
|
||||||
|
|
||||||
runtime:
|
runtime:
|
||||||
soft_memory_limit: 1gb
|
soft_memory_limit: 1gb
|
||||||
|
|
30
go.mod
30
go.mod
|
@ -8,7 +8,7 @@ require (
|
||||||
git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240621131249-49e5270f673e
|
git.frostfs.info/TrueCloudLab/frostfs-contract v0.19.3-0.20240621131249-49e5270f673e
|
||||||
git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0
|
git.frostfs.info/TrueCloudLab/frostfs-crypto v0.6.0
|
||||||
git.frostfs.info/TrueCloudLab/frostfs-locode-db v0.4.1-0.20240710074952-65761deb5c0d
|
git.frostfs.info/TrueCloudLab/frostfs-locode-db v0.4.1-0.20240710074952-65761deb5c0d
|
||||||
git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20231101111734-b3ad3335ff65
|
git.frostfs.info/TrueCloudLab/frostfs-observability v0.0.0-20240909114314-666d326cc573
|
||||||
git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20240903093628-8f751d9dd0ad
|
git.frostfs.info/TrueCloudLab/frostfs-sdk-go v0.0.0-20240903093628-8f751d9dd0ad
|
||||||
git.frostfs.info/TrueCloudLab/hrw v1.2.1
|
git.frostfs.info/TrueCloudLab/hrw v1.2.1
|
||||||
git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20240814080254-96225afacb88
|
git.frostfs.info/TrueCloudLab/policy-engine v0.0.0-20240814080254-96225afacb88
|
||||||
|
@ -40,15 +40,15 @@ require (
|
||||||
github.com/ssgreg/journald v1.0.0
|
github.com/ssgreg/journald v1.0.0
|
||||||
github.com/stretchr/testify v1.9.0
|
github.com/stretchr/testify v1.9.0
|
||||||
go.etcd.io/bbolt v1.3.10
|
go.etcd.io/bbolt v1.3.10
|
||||||
go.opentelemetry.io/otel v1.24.0
|
go.opentelemetry.io/otel v1.28.0
|
||||||
go.opentelemetry.io/otel/trace v1.24.0
|
go.opentelemetry.io/otel/trace v1.28.0
|
||||||
go.uber.org/zap v1.27.0
|
go.uber.org/zap v1.27.0
|
||||||
golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56
|
golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56
|
||||||
golang.org/x/sync v0.7.0
|
golang.org/x/sync v0.7.0
|
||||||
golang.org/x/sys v0.22.0
|
golang.org/x/sys v0.22.0
|
||||||
golang.org/x/term v0.21.0
|
golang.org/x/term v0.21.0
|
||||||
google.golang.org/grpc v1.66.2
|
google.golang.org/grpc v1.66.2
|
||||||
google.golang.org/protobuf v1.34.1
|
google.golang.org/protobuf v1.34.2
|
||||||
gopkg.in/yaml.v3 v3.0.1
|
gopkg.in/yaml.v3 v3.0.1
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -63,7 +63,7 @@ require (
|
||||||
github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
|
github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
|
||||||
github.com/beorn7/perks v1.0.1 // indirect
|
github.com/beorn7/perks v1.0.1 // indirect
|
||||||
github.com/bits-and-blooms/bitset v1.13.0 // indirect
|
github.com/bits-and-blooms/bitset v1.13.0 // indirect
|
||||||
github.com/cenkalti/backoff/v4 v4.2.1 // indirect
|
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
|
||||||
github.com/cespare/xxhash/v2 v2.3.0 // indirect
|
github.com/cespare/xxhash/v2 v2.3.0 // indirect
|
||||||
github.com/consensys/bavard v0.1.13 // indirect
|
github.com/consensys/bavard v0.1.13 // indirect
|
||||||
github.com/consensys/gnark-crypto v0.12.2-0.20231222162921-eb75782795d2 // indirect
|
github.com/consensys/gnark-crypto v0.12.2-0.20231222162921-eb75782795d2 // indirect
|
||||||
|
@ -73,13 +73,13 @@ require (
|
||||||
github.com/fsnotify/fsnotify v1.7.0 // indirect
|
github.com/fsnotify/fsnotify v1.7.0 // indirect
|
||||||
github.com/gdamore/encoding v1.0.0 // indirect
|
github.com/gdamore/encoding v1.0.0 // indirect
|
||||||
github.com/go-fed/httpsig v1.1.0 // indirect
|
github.com/go-fed/httpsig v1.1.0 // indirect
|
||||||
github.com/go-logr/logr v1.4.1 // indirect
|
github.com/go-logr/logr v1.4.2 // indirect
|
||||||
github.com/go-logr/stdr v1.2.2 // indirect
|
github.com/go-logr/stdr v1.2.2 // indirect
|
||||||
github.com/golang/snappy v0.0.4 // indirect
|
github.com/golang/snappy v0.0.4 // indirect
|
||||||
github.com/gorilla/websocket v1.5.1 // indirect
|
github.com/gorilla/websocket v1.5.1 // indirect
|
||||||
github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus v1.0.0 // indirect
|
github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus v1.0.0 // indirect
|
||||||
github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.0.1 // indirect
|
github.com/grpc-ecosystem/go-grpc-middleware/v2 v2.0.1 // indirect
|
||||||
github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0 // indirect
|
github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
|
||||||
github.com/hashicorp/go-version v1.6.0 // indirect
|
github.com/hashicorp/go-version v1.6.0 // indirect
|
||||||
github.com/hashicorp/hcl v1.0.0 // indirect
|
github.com/hashicorp/hcl v1.0.0 // indirect
|
||||||
github.com/holiman/uint256 v1.2.4 // indirect
|
github.com/holiman/uint256 v1.2.4 // indirect
|
||||||
|
@ -115,18 +115,18 @@ require (
|
||||||
github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect
|
github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect
|
||||||
github.com/twmb/murmur3 v1.1.8 // indirect
|
github.com/twmb/murmur3 v1.1.8 // indirect
|
||||||
github.com/urfave/cli v1.22.14 // indirect
|
github.com/urfave/cli v1.22.14 // indirect
|
||||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 // indirect
|
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect
|
||||||
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0 // indirect
|
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.28.0 // indirect
|
||||||
go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.22.0 // indirect
|
go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.28.0 // indirect
|
||||||
go.opentelemetry.io/otel/metric v1.24.0 // indirect
|
go.opentelemetry.io/otel/metric v1.28.0 // indirect
|
||||||
go.opentelemetry.io/otel/sdk v1.22.0 // indirect
|
go.opentelemetry.io/otel/sdk v1.28.0 // indirect
|
||||||
go.opentelemetry.io/proto/otlp v1.1.0 // indirect
|
go.opentelemetry.io/proto/otlp v1.3.1 // indirect
|
||||||
go.uber.org/multierr v1.11.0 // indirect
|
go.uber.org/multierr v1.11.0 // indirect
|
||||||
golang.org/x/crypto v0.24.0 // indirect
|
golang.org/x/crypto v0.24.0 // indirect
|
||||||
golang.org/x/net v0.26.0 // indirect
|
golang.org/x/net v0.26.0 // indirect
|
||||||
golang.org/x/text v0.16.0 // indirect
|
golang.org/x/text v0.16.0 // indirect
|
||||||
google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 // indirect
|
google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 // indirect
|
||||||
google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 // indirect
|
google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect
|
||||||
gopkg.in/ini.v1 v1.67.0 // indirect
|
gopkg.in/ini.v1 v1.67.0 // indirect
|
||||||
lukechampine.com/blake3 v1.2.1 // indirect
|
lukechampine.com/blake3 v1.2.1 // indirect
|
||||||
rsc.io/tmplfunc v0.0.3 // indirect
|
rsc.io/tmplfunc v0.0.3 // indirect
|
||||||
|
|
BIN
go.sum
BIN
go.sum
Binary file not shown.
Loading…
Reference in a new issue