opentelemetry-erlang
opentelemetry-erlang copied to clipboard
open-telemetry
Exporter expects `tls_certificate_check` to be started even when explicit `ssl_options` are configured
In our elixir app we have the exporter configured like:
config :opentelemetry,
text_map_propagators: [:trace_context],
processors: [
otel_batch_processor: %{
exporter:
{:opentelemetry_exporter,
%{
protocol: :grpc,
endpoints: [
{:http, 'localhost', 4317, [verify: :verify_none]}
]
}}
}
]
We are trying to upgrade the exporter to version 1.0 but we found out that even though we are explicitly passing ssl_options in our endpoint config, the exporter expects the tls_certificate_check app to be running. We would like to avoid it if possible.
We would expect tls_certificate_check to be called only when explicit ssl_options were not provided.
If the issue is that the application is required and started then the fix will be to move it to optional_applications in .app.src
If the issue is that the application is required and started then the fix will be to move it to
optional_applicationsin.app.src
Thank you for the reply 👍 .
In our case (elixir app using mix) tls_certificate_check is not started by default, which is fine. The problem is a call to the tls_certificate_check is made and then the app errors saying it wasn't started.
I guess moving to optional_applications would still be good to do. Happy to change it if you think we should.
FWIW I was getting this error and resolved by passing ssl_options to the exporter config:
config :opentelemetry,
text_map_propagators: [:trace_context],
processors: [
otel_batch_processor: %{
exporter:
{:opentelemetry_exporter,
%{
protocol: :grpc,
endpoints: ["http://localhost:4317"],
ssl_options: [verify: :verify_none]
}}
}
]
In our case we don't have this problem as long as opentelemetry_exporter is before the other opentelemetry dependencies in mix.exs. This also makes it load with mix releases.
In our case we don't have this problem as long as opentelemetry_exporter is before the other opentelemetry dependencies in mix.exs. This also makes it load with mix releases.
Scratch this, this seemed to be a flaky fix. Currently we need to do the following to make this work:
- add releases configuration in
mix.exs
releases: [
my_app: [
applications: [tls_certificate_check: :permanent]
]
]
For dev, add tls_certificate_check in extra_applications
def application,
do: [
mod: {MyApp.Application, []},
extra_applications: [:logger, :tls_certificate_check]
]
@tsloughter is this supposed to work this way? If so, I can open up a PR to document this for Elixir users.
If I read the code correctly, opentelemetry calls init on the exporter module (which is configured by the user). So you as a user are responsible for making sure opentelemetry_exporter starts before opentelemetry?
@dvic yes. The start order can't be implicitly discerned
Thanks! What is the best place to document this? In https://github.com/open-telemetry/opentelemetry-erlang/blob/main/apps/opentelemetry_api/lib/open_telemetry.ex?
Best place would be in the readme of opentelemtry_exporter. And when we add "guides" to the hex docs.
This particular issue was resolved by #434
I think we can likely drop the dep on tls_certificate_check rather than move it to optional and require the user to intervene for it to work. Better to just work if the ssl options are needed.