TRACING-4752: Add OpenTelemetry-Collector as optional sub-package #4281
Conversation
openshift-ci
bot
added
the
do-not-merge/work-in-progress
|
Skipping CI for Draft Pull Request. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: copejon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
| @@ -0,0 +1,27 @@ | |||
| [Unit] | |||
| Description=MicroShift Observability | |||
| BindsTo=microshift.service | |||
There was a problem hiding this comment.
Do we want to run the collector even when MicroShift fails?
There was a problem hiding this comment.
I'd think yes. If MicroShift fails to start, the metrics and log data should still be collectable by the metrics/logging backend remotely.
|
/retitle NO-ISSUE: OpenTelemetry certificates and service for MicroShift |
openshift-ci
bot
changed the title
openshift-ci-robot
added
the
jira/valid-reference
|
@copejon: This pull request explicitly references no jira issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
copejon
changed the title
|
@copejon: This pull request references TRACING-4752 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.19.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/jira refresh |
|
@copejon: This pull request references TRACING-4752 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.19.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
copejon
force-pushed
the
no-issue-generate-otel-cert
branch
from
fa4f579 to
fede276
Compare
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
implemented opentelemetry-collector in packaging pipeline. the otel binary is unable to see the cert files, but the config paths are correct and the files exist. file permissions for the observability user have been checked, but are good. WIP Signed-off-by: Jon Cope <[email protected]>
ensure the otelcol process creates necessary dirs added firewall port handling for otel-col exporter Signed-off-by: Jon Cope <[email protected]>
… on the localhost Signed-off-by: Jon Cope <[email protected]>
Signed-off-by: Jon Cope <[email protected]>
… to allow the collection of pod logs from the host filesystem Signed-off-by: Jon Cope <[email protected]>
Signed-off-by: Jon Cope <[email protected]>
…s more sense that observability should a) not be killed if microshift fails during start or runtime b) not cause the microshift service to start, and only be started after microshift completes Signed-off-by: Jon Cope <[email protected]>
…e extension systemd unit sets microshift.service for RequiredBy=, meaning that if observability fails to start, microshift should be killed. otel config now includes microshift-etcd, microshift-tuned services in log collection. Removed debugging exporter. Added filelog pipeline Signed-off-by: Jon Cope <[email protected]>
copejon
force-pushed
the
no-issue-generate-otel-cert
branch
from
2042714 to
ccfea22
Compare
Signed-off-by: Jon Cope <[email protected]>
packaging/rpm/microshift.spec
Outdated
| Requires: opentelemetry-collector | ||
|
|
||
| %description observability | ||
| Deploys the Red Hat build of Opentelemetry-collector as a systemd service on host. MicroShift provides client |
There was a problem hiding this comment.
We need to be consistent in the naming case. Either fix this, or the Summary section, please.
| Deploys the Red Hat build of Opentelemetry-collector as a systemd service on host. MicroShift provides client | |
| Deploys the Red Hat build of OpenTelemetry-Collector as a systemd service on host. MicroShift provides client |
packaging/rpm/microshift.spec
Outdated
| certificates to permit access to the kube-apiserver metrics endpoints. If a user defined opentelemetry-collector exists | ||
| at /etc/microshift/opentelemetry-collector.yaml, this config is used. Otherwise, a default config is provided. Note that | ||
| the default configuration requires the backend endpoint be set by the user. |
There was a problem hiding this comment.
| certificates to permit access to the kube-apiserver metrics endpoints. If a user defined opentelemetry-collector exists | |
| at /etc/microshift/opentelemetry-collector.yaml, this config is used. Otherwise, a default config is provided. Note that | |
| the default configuration requires the backend endpoint be set by the user. | |
| certificates to permit access to the kube-apiserver metrics endpoints. If a user-defined configuration file exists | |
| at /etc/microshift/opentelemetry-collector.yaml, this configuration is used. Otherwise, a default configuration is provided. | |
| Note that the default configuration requires the backend endpoint be set by the user. |
There was a problem hiding this comment.
For the backend endpoint, should we be specific on what we expect users to set?
I mean, should we say exporters.otlp section must be edited by users?
There was a problem hiding this comment.
Added more specific instructions
| # EXAMPLE OTLP (Prometheus) ENDPOINT CONFIG | ||
| # The otlp exporter requires an endpoint listening for OTLP connections. To prevent spamming the log with Go | ||
| # stack traces, the exporter is disabled. The endpoint is not known at installation, thus a tire-kicking of the | ||
| # microshift-observability package would result in stack traces spam in logs. |
There was a problem hiding this comment.
Let's think what we can do so that the logs are not "spammed" when the default configuration is used. It sounds as if we should copy this file with .example suffix so that users would have to explicitly rename the file when they enable the collector service.
There was a problem hiding this comment.
In any case, the "style" of this comment should be reworded.
There was a problem hiding this comment.
I've tweaked the comment and made it a little more informational
| @@ -0,0 +1,20 @@ | |||
| [Unit] | |||
| Description=MicroShift Observability | |||
| After=microshift.service | |||
There was a problem hiding this comment.
Should we use ConditionPathExists here for all the files the service expects to have before it starts?
There was a problem hiding this comment.
The opentelemetry-collector performs that check for us each time it starts.
There was a problem hiding this comment.
Right, but the point of the condition in systemd is not to attempt starting the service if the path does no exist.
There was a problem hiding this comment.
Could this help to avoid unnecessary restarts?
|
|
||
| # It takes a bit for the certs to be created. This service will reach it's burst limit almost immediately, pretty much | ||
| # guaranteeing that it will reach the restart limit before it can possibly succeed. | ||
| RestartSec=200ms |
There was a problem hiding this comment.
Do we really need this? We've configured the service to start After microshift, so microshift must report readiness to systemd before the current service startup is attempted. MicroShift only reports readiness after creating all certificates.
What am I missing?
There was a problem hiding this comment.
In earlier tests this was necessary to keep the service from crash looping, but that doesn't seem to be an issue in the latest opentelemetry-collector. Will remove
…ng of observability service Signed-off-by: Jon Cope <[email protected]>
…es "debug" exporter instead, which writes to stderr Signed-off-by: Jon Cope <[email protected]>
Signed-off-by: Jon Cope <[email protected]>
| auth_type: tls | ||
| ca_file: /etc/pki/microshift-opentelemetry-collector-client/client-ca.crt | ||
| key_file: /etc/pki/microshift-opentelemetry-collector-client/client.key | ||
| cert_file: /etc/pki/microshift-opentelemetry-collector-client/client.crt |
There was a problem hiding this comment.
These paths need to be updated too -> /var/lib/microshift/..../
packaging/rpm/microshift.spec
Outdated
| certificates to permit access to the kube-apiserver metrics endpoints. If a user defined Opentelemetry-Collector exists | ||
| at /etc/microshift/opentelemetry-collector.yaml, this config is used. Otherwise, a default config is provided. Note that | ||
| the default configuration requires the backend endpoint be set by the user. The otlp export must also be specified as | ||
| .service.pipelines.$RECIEVER.exporter: "otlp". The specification for the otlp config is: |
There was a problem hiding this comment.
Let's not use shortened words because it's a user-facing RPM description.
fixed cert signer to be kubelet, not kube-apiserver Signed-off-by: Jon Cope <[email protected]>
copejon
force-pushed
the
no-issue-generate-otel-cert
branch
from
aee833a to
ad4892d
Compare
|
@copejon: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
| Requires: opentelemetry-collector | ||
|
|
||
| %description observability | ||
| Deploys the Red Hat build of Opentelemetry-Collector as a systemd service on host. MicroShift provides client |
There was a problem hiding this comment.
Please, fix the case of Opentelemety -> OpenTelemetry to make it consistent with the summary text.
Which issue(s) this PR addresses:
Closes #