[#1361] add root ca cert for telemetry configuration

Signed-off-by: Aleksey Savaitan <a.savaitan@yadro.com>
2024-09-12 17:40:10 +03:00 · 2024-09-12 17:40:10 +03:00 · 74a6a1da7f
commit 74a6a1da7f
parent 2be1aa781d
8 changed files with 84 additions and 54 deletions
--- a/cmd/frostfs-node/config.go
+++ b/cmd/frostfs-node/config.go
@ -1299,7 +1299,11 @@ func (c *cfg) reloadConfig(ctx context.Context) {
 	}})
 	components = append(components, dCmp{"pools", c.reloadPools})
 	components = append(components, dCmp{"tracing", func() error {
-		updated, err := tracing.Setup(ctx, *tracingconfig.ToTracingConfig(c.appCfg))
+		traceConfig, err := tracingconfig.ToTracingConfig(c.appCfg)
+		if err != nil {
+			return err
+		}
+		updated, err := tracing.Setup(ctx, *traceConfig)
 		if updated {
 			c.log.Info(logs.FrostFSNodeTracingConfigationUpdated)
 		}
--- a/cmd/frostfs-node/config/tracing/config.go
+++ b/cmd/frostfs-node/config/tracing/config.go
@ -1,6 +1,11 @@
 package tracing

 import (
+	"crypto/x509"
+	"errors"
+	"fmt"
+	"os"
+
 	"git.frostfs.info/TrueCloudLab/frostfs-node/cmd/frostfs-node/config"
 	"git.frostfs.info/TrueCloudLab/frostfs-node/misc"
 	"git.frostfs.info/TrueCloudLab/frostfs-observability/tracing"
@ -11,8 +16,8 @@ const (
 )

 // ToTracingConfig extracts tracing config.
-func ToTracingConfig(c *config.Config) *tracing.Config {
-	return &tracing.Config{
+func ToTracingConfig(c *config.Config) (*tracing.Config, error) {
+	conf := &tracing.Config{
 		Enabled:    config.BoolSafe(c.Sub(subsection), "enabled"),
 		Exporter:   tracing.Exporter(config.StringSafe(c.Sub(subsection), "exporter")),
 		Endpoint:   config.StringSafe(c.Sub(subsection), "endpoint"),
@ -20,6 +25,20 @@ func ToTracingConfig(c *config.Config) *tracing.Config {
 		InstanceID: getInstanceIDOrDefault(c),
 		Version:    misc.Version,
 	}
+
+	if trustedCa := config.StringSafe(c.Sub(subsection), "trusted_ca"); trustedCa != "" {
+		caBytes, err := os.ReadFile(trustedCa)
+		if err != nil {
+			return nil, fmt.Errorf("cannot read trusted ca cert by path: %w", err)
+		}
+		certPool := x509.NewCertPool()
+		ok := certPool.AppendCertsFromPEM(caBytes)
+		if !ok {
+			return nil, errors.New("can't fill cert pool by ca cert")
+		}
+		conf.ServerCaCertPool = certPool
+	}
+	return conf, nil
 }

 func getInstanceIDOrDefault(c *config.Config) string {
--- a/cmd/frostfs-node/tracing.go
+++ b/cmd/frostfs-node/tracing.go
@ -11,11 +11,15 @@ import (
 )

 func initTracing(ctx context.Context, c *cfg) {
-	conf := tracingconfig.ToTracingConfig(c.appCfg)
-
-	_, err := tracing.Setup(ctx, *conf)
+	conf, err := tracingconfig.ToTracingConfig(c.appCfg)
 	if err != nil {
 		c.log.Error(logs.FrostFSNodeFailedInitTracing, zap.Error(err))
+		return
+	}
+	_, err = tracing.Setup(ctx, *conf)
+	if err != nil {
+		c.log.Error(logs.FrostFSNodeFailedInitTracing, zap.Error(err))
+		return
 	}

 	c.closers = append(c.closers, closer{