data-prepper icon indicating copy to clipboard operation
data-prepper copied to clipboard
verified publisher icon opensearch-project

Fixes the issue of not being able to receive Jaeger HotROD 1.62.0 via OpenTelemetry SDK

Open linghengqian opened this issue 1 year ago • 0 comments

Description

[Describe what this change achieves]

  • Fixes the issue of not being able to receive Jaeger HotROD 1.62.0 via OpenTelemetry SDK.
  • Starting from https://github.com/jaegertracing/jaeger/pull/4187 , Jaeger HotROD no longer uses jaegertracing/jaeger-agent to receive jaegertracing/example-hotrod data, but directly uses otel/opentelemetry-collector-contrib. According to https://www.jaegertracing.io/docs/1.60/deployment/#agent , jaegertracing/jaeger-agent is considered a deprecated component. It does not make any sense.
  • I can't understand why insecure_skip_verify needs to be configured in the first place. insecure_skip_verify and insecure should not be configured at the same time. See https://github.com/open-telemetry/opentelemetry-collector/blob/v0.109.0/config/configtls/README.md and https://github.com/open-telemetry/opentelemetry-collector/blob/v0.109.0/exporter/otlpexporter/README.md.

Additionally you can configure TLS to be enabled but skip verifying the server's certificate chain. This cannot be combined with insecure since insecure won't use TLS at all. insecure_skip_verify (default = false): whether to skip verifying the certificate or not.

  • The reason why this PR uses otel/opentelemetry-collector-contrib instead of otel/opentelemetry-collector is very simple. https://opentelemetry.io/docs/collector/installation/ does not introduce otel/opentelemetry-collector at all, and that Docker Image does not look like it is for end users.

  • Also see https://github.com/open-telemetry/opentelemetry-collector/issues/11337 . The logging exporter has been removed.

  • otlp/2 is obviously a custom name, I don't understand why it was otlp/2 in the first place. The source seems to be from https://www.youtube.com/watch?v=WhRrwSHDBFs .

  • All opensearch default certificates point to https://node-0.example.com, which limits the customization of the container's hostname. In this case, I think there is no need to share opensearch's /usr/share/opensearch/config/root-ca.pem file with data prepper, and we can directly set insecure: "true".

  • There is no point in mounting /usr/share/data-prepper/config/data-prepper-config.yaml, since all the TLS related parts are turned off.

  • image

  • image

  • image

Issues Resolved

Resolves #[Issue number to be closed when this PR is merged]

  • Fixes #4923 .

Check List

  • [x] New functionality includes testing.
  • [x] New functionality has a documentation issue. Please link to it in this PR.
    • [x] New functionality has javadoc added
  • [x] Commits are signed with a real name per the DCO

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check here.

linghengqian avatar Sep 22 '24 10:09 linghengqian