GCS error handling, example, and documentation #397

mdisibio · 2020-12-07T20:50:50Z

What this PR does:
This PR addresses the silent errors encountered here: #379 The root cause was the consumption of the iterator in getting tenant and block list for GCS backend. An error state with permissions could cause the loop to run infinitely and polling the blocklist would never complete. This behavior is cautioned about here: https://github.com/googleapis/google-cloud-go/blob/master/storage/bucket.go#L1183

This PR includes many updates, which will be explained here:

Added an example compose to exercise the GCS backend using https://github.com/fsouza/fake-gcs-server
- This requires adding a new gcs backend option endpoint:string to redirect api traffic.
- This requires adding a new gcs backend option insecure:bool to disable authentication for the api using option.WithoutAuthentication(), which allows the storage client to run without error.
- This requires an update to the GCS storage api client due to a header parsing bug here: googleapis/google-cloud-go@b580ccd#diff-e553a431afedc9d7ba6cb6997862fcf5f951aa3c28b552ad58537ebe797825dc It seems not to be a problem for real GCS, but is required to use gcs-fake-server.
gcs-fake-server can run in http mode and the storage client can theoretically do that as well, however in practice it does not work (details below). Therefore the gcs-fake-server is running in https mode.
- This requires adding a new gcs backend option to disable TLS certificate checks due to self-signed cert.
- The storage client checks for the presence of STORAGE_EMULATOR_HOST environment variable and when present configures the api to speak to the host using http. However the storage client then loses the api prefix configured in the endpoint ("/storage/v1/") upon the first file write, breaking subsequent api calls. See code here: https://github.com/googleapis/google-cloud-go/blob/master/storage/writer.go#L129
GCS backend was updated to check for bucket existence on startup. This helps to fail fast if there is a problem with permissions or infrastructure. Previously it wouldn't detect the error until the first block was written, or block list was polled.
Added new GCS configuration documentation page, including the new options.

Other implementation notes:

gcs/instrumentation.go which provides gcs request metrics, which simplified to only wrap a given RoundTripper, and the creation of the transport was moved gcs.go
GCS backend creation: updated for changes needed to disable tls cert checks, override endpoint, check bucket existence.
Disabling tls checks requires making a clone of http.DefaultTransport which is then edited
Some other error handling was tightened up:
- Check error on writer.Close
- errors.Wrap other errors for better troubleshooting

Which issue(s) this PR fixes:
Fixes #379

Checklist

Tests updated
Documentation added
CHANGELOG.md updated - the order of entries should be [CHANGE], [FEATURE], [ENHANCEMENT], [BUGFIX]

… gcs backend. Add gcs example using fake-gcs-server and add necessary settings. Add documentation page for GCS configuration. Update gcs client library reference for header parsing bug fix

joe-elliott

Looks like you have to run make vendor-check and then I had a few questions. Otherwise looks good.

tempodb/backend/gcs/gcs.go

achatterjee-grafana

Added few copy-edit suggestions.

docs/tempo/website/configuration/gcs.md

achatterjee-grafana · 2020-12-08T15:39:39Z

docs/tempo/website/configuration/gcs.md

+    trace:
+        backend: gcs                                              # store traces in gcs
+        s3:
+            bucket_name: tempo                                    # store traces in this bucket
+            chunk_buffer_size: 10485760                           # optional. buffer size for reads. default = 10MiB
+            endpoint: https://storage.googleapis.com/storage/v1/  # optional. api endpoint override
+            insecure: false                                       # optional. Set to true to disable authentication 
+                                                                  #   and certificate checks.
+            project_id: project                                   # optional if bucket already exists. Project ID
+                                                                  #   to use when creating bucket on first run.
+```


Suggested change

trace:

backend: gcs # store traces in gcs

s3:

bucket_name: tempo # store traces in this bucket

chunk_buffer_size: 10485760 # optional. buffer size for reads. default = 10MiB

endpoint: https://storage.googleapis.com/storage/v1/ # optional. api endpoint override

insecure: false # optional. Set to true to disable authentication

# and certificate checks.

project_id: project # optional if bucket already exists. Project ID

# to use when creating bucket on first run.

```

trace:

backend: gcs # Store traces in gcs.

s3:

bucket_name: tempo # Store traces in this bucket.

chunk_buffer_size: 10485760 # Optional, buffer size for reads. Default = 10MiB

endpoint: https://storage.googleapis.com/storage/v1/ # Optional, API endpoint override.

insecure: false # Optional, set to true to disable authentication

# and certificate checks.

project_id: project # Optional, if bucket already exists. Project ID

# to use when creating a bucket on the first run.

achatterjee-grafana · 2020-12-08T15:41:39Z