diff --git a/docs/admin/deployment.md b/docs/admin/deployment.md
index 908ff9f48ca..5a11d8cf41e 100644
--- a/docs/admin/deployment.md
+++ b/docs/admin/deployment.md
@@ -831,16 +831,16 @@ subject=CN = wolf-170
Getting CA Private Key
Required Server Certificate Files:
.//daosTelemetryCA.crt
- .//telemetryserver.key
- .//telemetryserver.crt
+ .//telemetry.key
+ .//telemetry.crt
$ ls -l
total 20
-rw-r--r-- 1 root daos_daemons 1460 Sep 27 17:18 daosTelemetryCA.crt
-rw-r--r-- 1 root root 41 Sep 27 17:19 daosTelemetryCA.srl
-rw-r--r-- 1 root root 0 Sep 27 17:18 index.txt
-rw-r--r-- 1 root root 3 Sep 27 17:18 serial.txt
--rw-r--r-- 1 daos_agent daos_agent 1302 Sep 27 17:19 telemetryserver.crt
--r-------- 1 daos_agent daos_agent 1675 Sep 27 17:19 telemetryserver.key
+-rw-r--r-- 1 daos_agent daos_agent 1302 Sep 27 17:19 telemetry.crt
+-r-------- 1 daos_agent daos_agent 1675 Sep 27 17:19 telemetry.key
```
Below example is ran with daos_server user on server node
@@ -858,16 +858,16 @@ subject=CN = wolf-173
Getting CA Private Key
Required Server Certificate Files:
.//daosTelemetryCA.crt
- .//telemetryserver.key
- .//telemetryserver.crt
+ .//telemetry.key
+ .//telemetry.crt
$ ls -l
total 20
-rw-r--r-- 1 root daos_daemons 1460 Sep 27 17:24 daosTelemetryCA.crt
-rw-r--r-- 1 root root 41 Sep 27 17:24 daosTelemetryCA.srl
-rw-r--r-- 1 root root 0 Sep 27 17:24 index.txt
-rw-r--r-- 1 root root 3 Sep 27 17:24 serial.txt
--rw-r--r-- 1 daos_server daos_server 1302 Sep 27 17:24 telemetryserver.crt
--r-------- 1 daos_server daos_server 1679 Sep 27 17:24 telemetryserver.key
+-rw-r--r-- 1 daos_server daos_server 1302 Sep 27 17:24 telemetry.crt
+-r-------- 1 daos_server daos_server 1679 Sep 27 17:24 telemetry.key
```
You can copy this certificates on /etc/daos/certs/ or someother secure location
@@ -884,9 +884,9 @@ telemetry_config:
# Set the server telemetry endpoint port number
port: 9191
# Server certificate for use in TLS handshakes
- server_cert: /etc/daos/certs/telemetryserver.crt
+ https_cert: /etc/daos/certs/telemetry.crt
# Key portion of Server Certificate
- server_key: /etc/daos/certs/telemetryserver.key
+ https_key: /etc/daos/certs/telemetry.key
```
```yaml
@@ -901,9 +901,9 @@ telemetry_config:
# Retain client telemetry for a period of time after the client process exits.
retain: 30s
# Server certificate for use in TLS handshakes
- server_cert: /etc/daos/certs/telemetryserver.crt
+ https_cert: /etc/daos/certs/telemetry.crt
# Key portion of Server Certificate
- server_key: /etc/daos/certs/telemetryserver.key
+ https_key: /etc/daos/certs/telemetry.key
```
```yaml
diff --git a/src/control/cmd/daos_agent/config.go b/src/control/cmd/daos_agent/config.go
index 7c86677ff25..f604cd5a1a7 100644
--- a/src/control/cmd/daos_agent/config.go
+++ b/src/control/cmd/daos_agent/config.go
@@ -58,6 +58,10 @@ type Config struct {
FabricInterfaces []*NUMAFabricConfig `yaml:"fabric_ifaces,omitempty"`
ProviderIdx uint // TODO SRS-31: Enable with multiprovider functionality
TelemetryConfig *security.TelemetryConfig `yaml:"telemetry_config"`
+ // Support Old config options.
+ TelemetryPort int `yaml:"telemetry_port,omitempty"`
+ TelemetryEnabled bool `yaml:"telemetry_enabled,omitempty"`
+ TelemetryRetain time.Duration `yaml:"telemetry_retain,omitempty"`
}
// TelemetryExportEnabled returns true if client telemetry export is enabled.
@@ -97,6 +101,19 @@ func LoadConfig(cfgPath string) (*Config, error) {
return nil, fmt.Errorf("invalid system name: %s", cfg.SystemName)
}
+ // Support Old config options and copy it to the underline new structure value.
+ if cfg.TelemetryRetain > 0 {
+ cfg.TelemetryConfig.Retain = cfg.TelemetryRetain
+ }
+
+ if cfg.TelemetryPort != 0 {
+ cfg.TelemetryConfig.Port = cfg.TelemetryPort
+ }
+
+ if cfg.TelemetryEnabled {
+ cfg.TelemetryConfig.Enabled = cfg.TelemetryEnabled
+ }
+
if cfg.TelemetryConfig.Retain > 0 && cfg.TelemetryConfig.Port == 0 {
return nil, errors.New("telemetry_retain requires telemetry_port")
}
@@ -105,9 +122,9 @@ func LoadConfig(cfgPath string) (*Config, error) {
return nil, errors.New("telemetry_enabled requires telemetry_port")
}
- if cfg.TelemetryConfig.AllowInsecure == false {
- if cfg.TelemetryConfig.ServerCert == "" || cfg.TelemetryConfig.ServerKey == "" {
- return nil, errors.New("For secure mode, server_cert and server_key required under telemetry_config")
+ if !cfg.TelemetryConfig.AllowInsecure {
+ if cfg.TelemetryConfig.HttpsCert == "" || cfg.TelemetryConfig.HttpsKey == "" {
+ return nil, errors.New("For secure mode, https_cert and https_key required under telemetry_config")
}
}
diff --git a/src/control/cmd/daos_agent/config_test.go b/src/control/cmd/daos_agent/config_test.go
index 06280d7d844..32ff3b7f157 100644
--- a/src/control/cmd/daos_agent/config_test.go
+++ b/src/control/cmd/daos_agent/config_test.go
@@ -98,8 +98,8 @@ control_log_mask: debug
transport_config:
allow_insecure: true
telemetry_config:
- retain: 1
- port: 0
+ telemetry_retain: 1m
+ telemetry_port: 0
`)
telemetryEnabledWithBadPort := test.CreateTestFile(t, dir, `
@@ -112,11 +112,11 @@ control_log_mask: debug
transport_config:
allow_insecure: true
telemetry_config:
- enabled: true
- port: 0
+ telemetry_enabled: true
+ telemetry_port: 0
`)
- telemetryWithoutServerCert := test.CreateTestFile(t, dir, `
+ telemetryWithoutHttpsCert := test.CreateTestFile(t, dir, `
name: shire
access_points: ["one:10001", "two:10001"]
port: 4242
@@ -127,10 +127,10 @@ transport_config:
allow_insecure: true
telemetry_config:
allow_insecure: false
- server_cert: ""
+ https_cert: ""
`)
- telemetryWithoutServerKey := test.CreateTestFile(t, dir, `
+ telemetryWithoutHttpsKey := test.CreateTestFile(t, dir, `
name: shire
access_points: ["one:10001", "two:10001"]
port: 4242
@@ -141,7 +141,7 @@ transport_config:
allow_insecure: true
telemetry_config:
allow_insecure: false
- server_key: ""
+ https_key: ""
`)
for name, tc := range map[string]struct {
@@ -173,12 +173,12 @@ telemetry_config:
expErr: errors.New("telemetry_enabled requires telemetry_port"),
},
"telemetry with secure mode with no server certificate": {
- path: telemetryWithoutServerCert,
- expErr: errors.New("For secure mode, server_cert and server_key required under telemetry_config"),
+ path: telemetryWithoutHttpsCert,
+ expErr: errors.New("For secure mode, https_cert and https_key required under telemetry_config"),
},
"telemetry with secure mode with no server key": {
- path: telemetryWithoutServerKey,
- expErr: errors.New("For secure mode, server_cert and server_key required under telemetry_config"),
+ path: telemetryWithoutHttpsKey,
+ expErr: errors.New("For secure mode, https_cert and https_key required under telemetry_config"),
},
"without optional items": {
path: withoutOptCfg,
diff --git a/src/control/cmd/daos_agent/telemetry.go b/src/control/cmd/daos_agent/telemetry.go
index df222d108b4..60bd83d0b33 100644
--- a/src/control/cmd/daos_agent/telemetry.go
+++ b/src/control/cmd/daos_agent/telemetry.go
@@ -20,8 +20,8 @@ func startPrometheusExporter(ctx context.Context, log logging.Logger, cs *promex
Port: cfg.TelemetryConfig.Port,
Title: "DAOS Client Telemetry",
AllowInsecure: cfg.TelemetryConfig.AllowInsecure,
- HttpsCert: cfg.TelemetryConfig.ServerCert,
- HttpsKey: cfg.TelemetryConfig.ServerKey,
+ HttpsCert: cfg.TelemetryConfig.HttpsCert,
+ HttpsKey: cfg.TelemetryConfig.HttpsKey,
Register: func(ctx context.Context, log logging.Logger) error {
c, err := promexp.NewClientCollector(ctx, log, cs, &promexp.CollectorOpts{
RetainDuration: cfg.TelemetryConfig.Retain,
diff --git a/src/control/cmd/dmg/auto_test.go b/src/control/cmd/dmg/auto_test.go
index a2c7ace937e..b1b26eb7d7f 100644
--- a/src/control/cmd/dmg/auto_test.go
+++ b/src/control/cmd/dmg/auto_test.go
@@ -593,9 +593,9 @@ disable_hugepages: false
control_log_mask: INFO
control_log_file: /tmp/daos_server.log
telemetry_config:
- allow_insecure: false
- server_cert: /etc/daos/certs/telemetryserver.crt
- server_key: /etc/daos/certs/telemetryserver.key
+ allow_insecure: true
+ https_cert: /etc/daos/certs/telemetry.crt
+ https_key: /etc/daos/certs/telemetry.key
ca_cert: /etc/daos/certs/daosTelemetryCA.crt
core_dump_filter: 19
name: daos_server
diff --git a/src/control/lib/control/http.go b/src/control/lib/control/http.go
index d93085056c6..6f4b80d135f 100644
--- a/src/control/lib/control/http.go
+++ b/src/control/lib/control/http.go
@@ -39,16 +39,16 @@ type httpGetter interface {
retryer
getURL() *url.URL
getBody(context.Context) ([]byte, error)
- getAllowInsecure() *bool
+ getAllowInsecure() bool
getCaCertPath() *string
}
type httpReq struct {
url *url.URL
getFn httpGetFn
- allowInsecure *bool
+ allowInsecure bool
cacertpath *string
- getBodyFn func(context.Context, *url.URL, httpGetFn, time.Duration, *bool, *string) ([]byte, error)
+ getBodyFn func(context.Context, *url.URL, httpGetFn, time.Duration, bool, *string) ([]byte, error)
}
func (r *httpReq) canRetry(err error, cur uint) bool {
@@ -83,7 +83,7 @@ func (r *httpReq) getURL() *url.URL {
return r.url
}
-func (r *httpReq) getAllowInsecure() *bool {
+func (r *httpReq) getAllowInsecure() bool {
return r.allowInsecure
}
@@ -152,7 +152,7 @@ func httpsGetFunc(cert []byte) (httpGetFn, error) {
// httpGetBody executes a simple HTTP GET request to a given URL and returns the
// content of the response body.
-func httpGetBody(ctx context.Context, url *url.URL, get httpGetFn, timeout time.Duration, allowInsecure *bool, cacertpath *string) ([]byte, error) {
+func httpGetBody(ctx context.Context, url *url.URL, get httpGetFn, timeout time.Duration, allowInsecure bool, cacertpath *string) ([]byte, error) {
if url == nil {
return nil, errors.New("nil URL")
}
@@ -165,7 +165,7 @@ func httpGetBody(ctx context.Context, url *url.URL, get httpGetFn, timeout time.
return nil, errors.New("nil get function")
}
- if *allowInsecure == false {
+ if !allowInsecure {
if cacertpath == nil {
return nil, errors.New("Provide the CA certificate path")
}
diff --git a/src/control/lib/control/http_test.go b/src/control/lib/control/http_test.go
index c15ba079753..1ed2224c62a 100644
--- a/src/control/lib/control/http_test.go
+++ b/src/control/lib/control/http_test.go
@@ -133,7 +133,7 @@ func TestControl_httpGetBody(t *testing.T) {
timeout time.Duration
cancelCtx bool
getFn httpGetFn
- allowInsecure *bool
+ allowInsecure bool
caCertPath *string
expResult []byte
expErr error
@@ -143,17 +143,17 @@ func TestControl_httpGetBody(t *testing.T) {
},
"empty URL": {
url: &url.URL{},
- allowInsecure: &defaultAllowInsecure,
+ allowInsecure: defaultAllowInsecure,
expErr: errors.New("host address is required"),
},
"nil getFn": {
url: defaultURL,
- allowInsecure: &defaultAllowInsecure,
+ allowInsecure: defaultAllowInsecure,
expErr: errors.New("nil get function"),
},
"getFn error": {
url: defaultURL,
- allowInsecure: &defaultAllowInsecure,
+ allowInsecure: defaultAllowInsecure,
getFn: func(_ string) (*http.Response, error) {
return nil, errors.New("mock getFn")
},
@@ -161,7 +161,7 @@ func TestControl_httpGetBody(t *testing.T) {
},
"http.Response error": {
url: defaultURL,
- allowInsecure: &defaultAllowInsecure,
+ allowInsecure: defaultAllowInsecure,
getFn: func(_ string) (*http.Response, error) {
return &http.Response{
StatusCode: http.StatusNotFound,
@@ -172,7 +172,7 @@ func TestControl_httpGetBody(t *testing.T) {
},
"empty body": {
url: defaultURL,
- allowInsecure: &defaultAllowInsecure,
+ allowInsecure: defaultAllowInsecure,
getFn: func(_ string) (*http.Response, error) {
return &http.Response{
StatusCode: http.StatusOK,
@@ -183,7 +183,7 @@ func TestControl_httpGetBody(t *testing.T) {
},
"success with body": {
url: defaultURL,
- allowInsecure: &defaultAllowInsecure,
+ allowInsecure: defaultAllowInsecure,
getFn: func(_ string) (*http.Response, error) {
return &http.Response{
StatusCode: http.StatusOK,
@@ -194,7 +194,7 @@ func TestControl_httpGetBody(t *testing.T) {
},
"failure with body in secure mode without CA certificate path": {
url: defaultURL,
- allowInsecure: &falseAllowInsecure,
+ allowInsecure: falseAllowInsecure,
getFn: func(_ string) (*http.Response, error) {
return &http.Response{
StatusCode: http.StatusOK,
@@ -205,7 +205,7 @@ func TestControl_httpGetBody(t *testing.T) {
},
"failure with body in secure mode with bad CA certificate": {
url: defaultURL,
- allowInsecure: &falseAllowInsecure,
+ allowInsecure: falseAllowInsecure,
caCertPath: &badCertPerm,
getFn: func(_ string) (*http.Response, error) {
return &http.Response{
@@ -217,7 +217,7 @@ func TestControl_httpGetBody(t *testing.T) {
},
"failure with body in secure mode with bad CA certificate path": {
url: defaultURL,
- allowInsecure: &falseAllowInsecure,
+ allowInsecure: falseAllowInsecure,
caCertPath: &badCertPath,
getFn: func(_ string) (*http.Response, error) {
return &http.Response{
@@ -229,7 +229,7 @@ func TestControl_httpGetBody(t *testing.T) {
},
"reading body fails": {
url: defaultURL,
- allowInsecure: &defaultAllowInsecure,
+ allowInsecure: defaultAllowInsecure,
getFn: func(_ string) (*http.Response, error) {
return &http.Response{
StatusCode: http.StatusOK,
@@ -240,7 +240,7 @@ func TestControl_httpGetBody(t *testing.T) {
},
"request times out": {
url: defaultURL,
- allowInsecure: &defaultAllowInsecure,
+ allowInsecure: defaultAllowInsecure,
timeout: 5 * time.Millisecond,
getFn: func(_ string) (*http.Response, error) {
time.Sleep(1 * time.Second)
@@ -253,7 +253,7 @@ func TestControl_httpGetBody(t *testing.T) {
},
"request canceled": {
url: defaultURL,
- allowInsecure: &defaultAllowInsecure,
+ allowInsecure: defaultAllowInsecure,
cancelCtx: true,
getFn: func(_ string) (*http.Response, error) {
time.Sleep(1 * time.Second)
@@ -324,9 +324,8 @@ func (r *mockHTTPGetter) getURL() *url.URL {
}
}
-func (r *mockHTTPGetter) getAllowInsecure() *bool {
- allowInsecure := true
- return &allowInsecure
+func (r *mockHTTPGetter) getAllowInsecure() bool {
+ return true
}
func (r *mockHTTPGetter) getCaCertPath() *string {
diff --git a/src/control/lib/control/telemetry.go b/src/control/lib/control/telemetry.go
index 0916b496795..9c4dea20e23 100644
--- a/src/control/lib/control/telemetry.go
+++ b/src/control/lib/control/telemetry.go
@@ -114,7 +114,7 @@ func MetricsList(ctx context.Context, req *MetricsListReq) (*MetricsListResp, er
}
req.url = getMetricsURL(req.Host, req.Port, req.AllowInsecure)
- req.allowInsecure = &req.AllowInsecure
+ req.allowInsecure = req.AllowInsecure
req.cacertpath = &req.CaCertPath
scraped, err := scrapeMetrics(ctx, req)
@@ -176,7 +176,7 @@ func MetricsQuery(ctx context.Context, req *MetricsQueryReq) (*MetricsQueryResp,
}
req.url = getMetricsURL(req.Host, req.Port, req.AllowInsecure)
- req.allowInsecure = &req.AllowInsecure
+ req.allowInsecure = req.AllowInsecure
req.cacertpath = &req.CaCertPath
scraped, err := scrapeMetrics(ctx, req)
diff --git a/src/control/lib/control/telemetry_test.go b/src/control/lib/control/telemetry_test.go
index 906a076a230..a7720347a44 100644
--- a/src/control/lib/control/telemetry_test.go
+++ b/src/control/lib/control/telemetry_test.go
@@ -118,10 +118,10 @@ func newTestPBHistogram(numBuckets int) *pclient.Metric {
return metric
}
-func mockScrapeFnSuccess(t *testing.T, metricFam ...*pclient.MetricFamily) func(context.Context, *url.URL, httpGetFn, time.Duration, *bool, *string) ([]byte, error) {
+func mockScrapeFnSuccess(t *testing.T, metricFam ...*pclient.MetricFamily) func(context.Context, *url.URL, httpGetFn, time.Duration, bool, *string) ([]byte, error) {
t.Helper()
- return func(_ context.Context, _ *url.URL, _ httpGetFn, _ time.Duration, _ *bool, _ *string) ([]byte, error) {
+ return func(_ context.Context, _ *url.URL, _ httpGetFn, _ time.Duration, _ bool, _ *string) ([]byte, error) {
var b strings.Builder
for _, mf := range metricFam {
_, err := expfmt.MetricFamilyToText(&b, mf)
@@ -147,12 +147,12 @@ func TestControl_scrapeMetrics(t *testing.T) {
for name, tc := range map[string]struct {
req httpGetter
- scrapeFn func(context.Context, *url.URL, httpGetFn, time.Duration, *bool, *string) ([]byte, error)
+ scrapeFn func(context.Context, *url.URL, httpGetFn, time.Duration, bool, *string) ([]byte, error)
expResult pbMetricMap
expErr error
}{
"check scrape params": {
- scrapeFn: func(_ context.Context, url *url.URL, getter httpGetFn, timeout time.Duration, allowInsecure *bool, caCertPath *string) ([]byte, error) {
+ scrapeFn: func(_ context.Context, url *url.URL, getter httpGetFn, timeout time.Duration, allowInsecure bool, caCertPath *string) ([]byte, error) {
test.AssertEqual(t, testURL.Scheme, url.Scheme, "")
test.AssertEqual(t, testURL.Host, url.Host, "")
test.AssertEqual(t, testURL.Path, url.Path, "")
@@ -166,19 +166,19 @@ func TestControl_scrapeMetrics(t *testing.T) {
expResult: pbMetricMap{},
},
"HTTP scrape error": {
- scrapeFn: func(context.Context, *url.URL, httpGetFn, time.Duration, *bool, *string) ([]byte, error) {
+ scrapeFn: func(context.Context, *url.URL, httpGetFn, time.Duration, bool, *string) ([]byte, error) {
return nil, errors.New("mock scrape")
},
expErr: errors.New("mock scrape"),
},
"scrape returns no content": {
- scrapeFn: func(context.Context, *url.URL, httpGetFn, time.Duration, *bool, *string) ([]byte, error) {
+ scrapeFn: func(context.Context, *url.URL, httpGetFn, time.Duration, bool, *string) ([]byte, error) {
return []byte{}, nil
},
expResult: pbMetricMap{},
},
"scrape returns bad content": {
- scrapeFn: func(context.Context, *url.URL, httpGetFn, time.Duration, *bool, *string) ([]byte, error) {
+ scrapeFn: func(context.Context, *url.URL, httpGetFn, time.Duration, bool, *string) ([]byte, error) {
return []byte("Hello world
"), nil
},
expErr: errors.New("parsing error"),
@@ -217,7 +217,7 @@ func TestControl_MetricsList(t *testing.T) {
}
for name, tc := range map[string]struct {
- scrapeFn func(context.Context, *url.URL, httpGetFn, time.Duration, *bool, *string) ([]byte, error)
+ scrapeFn func(context.Context, *url.URL, httpGetFn, time.Duration, bool, *string) ([]byte, error)
req *MetricsListReq
expResp *MetricsListResp
expErr error
@@ -241,7 +241,7 @@ func TestControl_MetricsList(t *testing.T) {
Port: 1066,
AllowInsecure: true,
},
- scrapeFn: func(context.Context, *url.URL, httpGetFn, time.Duration, *bool, *string) ([]byte, error) {
+ scrapeFn: func(context.Context, *url.URL, httpGetFn, time.Duration, bool, *string) ([]byte, error) {
return nil, errors.New("mock scrape")
},
expErr: errors.New("mock scrape"),
@@ -252,7 +252,7 @@ func TestControl_MetricsList(t *testing.T) {
Port: 8888,
AllowInsecure: true,
},
- scrapeFn: func(context.Context, *url.URL, httpGetFn, time.Duration, *bool, *string) ([]byte, error) {
+ scrapeFn: func(context.Context, *url.URL, httpGetFn, time.Duration, bool, *string) ([]byte, error) {
return []byte{}, nil
},
expResp: &MetricsListResp{
@@ -284,7 +284,7 @@ func TestControl_MetricsList(t *testing.T) {
} {
t.Run(name, func(t *testing.T) {
if tc.scrapeFn == nil {
- tc.scrapeFn = func(context.Context, *url.URL, httpGetFn, time.Duration, *bool, *string) ([]byte, error) {
+ tc.scrapeFn = func(context.Context, *url.URL, httpGetFn, time.Duration, bool, *string) ([]byte, error) {
return nil, nil
}
}
@@ -432,7 +432,7 @@ func TestControl_MetricsQuery(t *testing.T) {
}
for name, tc := range map[string]struct {
- scrapeFn func(context.Context, *url.URL, httpGetFn, time.Duration, *bool, *string) ([]byte, error)
+ scrapeFn func(context.Context, *url.URL, httpGetFn, time.Duration, bool, *string) ([]byte, error)
req *MetricsQueryReq
expResp *MetricsQueryResp
expErr error
@@ -456,7 +456,7 @@ func TestControl_MetricsQuery(t *testing.T) {
Port: 1066,
AllowInsecure: true,
},
- scrapeFn: func(context.Context, *url.URL, httpGetFn, time.Duration, *bool, *string) ([]byte, error) {
+ scrapeFn: func(context.Context, *url.URL, httpGetFn, time.Duration, bool, *string) ([]byte, error) {
return nil, errors.New("mock scrape")
},
expErr: errors.New("mock scrape"),
@@ -467,7 +467,7 @@ func TestControl_MetricsQuery(t *testing.T) {
Port: 8888,
AllowInsecure: true,
},
- scrapeFn: func(context.Context, *url.URL, httpGetFn, time.Duration, *bool, *string) ([]byte, error) {
+ scrapeFn: func(context.Context, *url.URL, httpGetFn, time.Duration, bool, *string) ([]byte, error) {
return []byte{}, nil
},
expResp: &MetricsQueryResp{
diff --git a/src/control/lib/telemetry/promexp/httpd.go b/src/control/lib/telemetry/promexp/httpd.go
index 0f6a0920dd8..7597bc5005d 100644
--- a/src/control/lib/telemetry/promexp/httpd.go
+++ b/src/control/lib/telemetry/promexp/httpd.go
@@ -85,6 +85,7 @@ func StartExporter(ctx context.Context, log logging.Logger, cfg *ExporterConfig)
// http listener is a blocking call
go func() {
log.Infof("Listening on %s", listenAddress)
+ log.Infof("cfg.AllowInsecure %s", cfg.AllowInsecure)
if cfg.AllowInsecure {
log.Infof("Prometheus web exporter started with insecure (http) mode")
err := srv.ListenAndServe()
diff --git a/src/control/security/config.go b/src/control/security/config.go
index 5eb3c7b577f..42bb9c587c9 100644
--- a/src/control/security/config.go
+++ b/src/control/security/config.go
@@ -20,20 +20,20 @@ import (
)
const (
- certDir = "/etc/daos/certs/"
- defaultCACert = certDir + "daosCA.crt"
- defaultServerCert = certDir + "server.crt"
- defaultServerKey = certDir + "server.key"
- defaultAdminCert = certDir + "admin.crt"
- defaultAdminKey = certDir + "admin.key"
- defaultAgentCert = certDir + "agent.crt"
- defaultAgentKey = certDir + "agent.key"
- defaultTelemetryServerCert = certDir + "telemetryserver.crt"
- defaultTelemetryServerKey = certDir + "telemetryserver.key"
- defaultTelemetryCACert = certDir + "daosTelemetryCA.crt"
- defaultClientCertDir = certDir + "clients"
- defaultServer = "server"
- defaultInsecure = false
+ certDir = "/etc/daos/certs/"
+ defaultCACert = certDir + "daosCA.crt"
+ defaultServerCert = certDir + "server.crt"
+ defaultServerKey = certDir + "server.key"
+ defaultAdminCert = certDir + "admin.crt"
+ defaultAdminKey = certDir + "admin.key"
+ defaultAgentCert = certDir + "agent.crt"
+ defaultAgentKey = certDir + "agent.key"
+ defaultTelemetryCert = certDir + "telemetry.crt"
+ defaultTelemetryKey = certDir + "telemetry.key"
+ defaultTelemetryCACert = certDir + "daosTelemetryCA.crt"
+ defaultClientCertDir = certDir + "clients"
+ defaultServer = "server"
+ defaultInsecure = false
)
// MappedClientUser represents a client user that is mapped to a uid.
@@ -111,12 +111,12 @@ type TransportConfig struct {
// TelemetryConfig contains all the information on whether or not to use
// secure endpoint for telemetry and their location if their use is specified.
type TelemetryConfig struct {
- Port int `yaml:"port,omitempty"`
- AllowInsecure bool `yaml:"allow_insecure"`
- Enabled bool `yaml:"enabled,omitempty"`
- Retain time.Duration `yaml:"retain,omitempty"`
- ServerCert string `yaml:"server_cert,omitempty"`
- ServerKey string `yaml:"server_key,omitempty"`
+ Port int `yaml:"telemetry_port,omitempty"`
+ AllowInsecure bool `yaml:"allow_insecure,omitempty"`
+ Enabled bool `yaml:"telemetry_enabled,omitempty"`
+ Retain time.Duration `yaml:"telemetry_retain,omitempty"`
+ HttpsCert string `yaml:"https_cert,omitempty"`
+ HttpsKey string `yaml:"https_key,omitempty"`
CARootPath string `yaml:"ca_cert,omitempty"`
}
@@ -125,9 +125,9 @@ type TelemetryConfig struct {
func DefaultClientTelemetryConfig() *TelemetryConfig {
return &TelemetryConfig{
Enabled: false,
- AllowInsecure: defaultInsecure,
- ServerCert: defaultTelemetryServerCert,
- ServerKey: defaultTelemetryServerKey,
+ AllowInsecure: true,
+ HttpsCert: defaultTelemetryCert,
+ HttpsKey: defaultTelemetryKey,
CARootPath: defaultTelemetryCACert,
}
}
diff --git a/src/control/server/config/server.go b/src/control/server/config/server.go
index 6e0ef620247..038b322832d 100644
--- a/src/control/server/config/server.go
+++ b/src/control/server/config/server.go
@@ -61,6 +61,7 @@ type Server struct {
HelperLogFile string `yaml:"helper_log_file,omitempty"`
FWHelperLogFile string `yaml:"firmware_helper_log_file,omitempty"`
FaultPath string `yaml:"fault_path,omitempty"`
+ TelemetryPort int `yaml:"telemetry_port,omitempty"`
TelemetryConfig *security.TelemetryConfig `yaml:"telemetry_config"`
CoreDumpFilter uint8 `yaml:"core_dump_filter,omitempty"`
ClientEnvVars []string `yaml:"client_env_vars,omitempty"`
@@ -707,6 +708,9 @@ func (cfg *Server) Validate(log logging.Logger) (err error) {
return FaultConfigNoProvider
case cfg.ControlPort <= 0:
return FaultConfigBadControlPort
+ //Support old configuration option
+ case cfg.TelemetryPort < 0:
+ return FaultConfigBadTelemetryPort
}
if cfg.TelemetryConfig != nil {
diff --git a/src/control/server/config/server_test.go b/src/control/server/config/server_test.go
index 9a45070de05..51076d8d10c 100644
--- a/src/control/server/config/server_test.go
+++ b/src/control/server/config/server_test.go
@@ -249,8 +249,8 @@ func TestServerConfig_Constructed(t *testing.T) {
WithTelemetryConfig(&security.TelemetryConfig{
AllowInsecure: true,
Port: 9191,
- ServerCert: "/etc/daos/certs/telemetryserver.crt",
- ServerKey: "/etc/daos/certs/telemetryserver.key",
+ HttpsCert: "/etc/daos/certs/telemetry.crt",
+ HttpsKey: "/etc/daos/certs/telemetry.key",
CARootPath: "/etc/daos/certs/daosTelemetryCA.crt"}).
WithSystemName("daos_server").
WithSocketDir("./.daos/daos_server").
@@ -425,8 +425,8 @@ func TestServerConfig_MDonSSD_Constructed(t *testing.T) {
WithTelemetryConfig(&security.TelemetryConfig{
AllowInsecure: true,
Port: 9191,
- ServerCert: "/etc/daos/certs/telemetryserver.crt",
- ServerKey: "/etc/daos/certs/telemetryserver.key",
+ HttpsCert: "/etc/daos/certs/telemetry.crt",
+ HttpsKey: "/etc/daos/certs/telemetry.key",
CARootPath: "/etc/daos/certs/daosTelemetryCA.crt"}).
WithFabricProvider("ofi+tcp").
WithAccessPoints("example")
diff --git a/src/control/server/telemetry.go b/src/control/server/telemetry.go
index 0ccac94930b..28848f6879e 100644
--- a/src/control/server/telemetry.go
+++ b/src/control/server/telemetry.go
@@ -73,8 +73,8 @@ func startPrometheusExporter(ctx context.Context, srv *server) (func(), error) {
Port: srv.cfg.TelemetryConfig.Port,
Title: "DAOS Engine Telemetry",
AllowInsecure: srv.cfg.TelemetryConfig.AllowInsecure,
- HttpsCert: srv.cfg.TelemetryConfig.ServerCert,
- HttpsKey: srv.cfg.TelemetryConfig.ServerKey,
+ HttpsCert: srv.cfg.TelemetryConfig.HttpsCert,
+ HttpsKey: srv.cfg.TelemetryConfig.HttpsKey,
Register: func(ctx context.Context, log logging.Logger) error {
return regPromEngineSources(ctx, srv.log, srv.harness.Instances())
},
diff --git a/src/tests/ftest/config_file_gen.py b/src/tests/ftest/config_file_gen.py
index c030abc9f9e..9ab409ac533 100755
--- a/src/tests/ftest/config_file_gen.py
+++ b/src/tests/ftest/config_file_gen.py
@@ -12,14 +12,13 @@
import sys
from argparse import ArgumentParser, RawDescriptionHelpFormatter
-from util.agent_utils_params import (DaosAgentTelemetryCredentials, DaosAgentTransportCredentials,
+from util.agent_utils_params import (DaosAgentTelemetryConfig, DaosAgentTransportCredentials,
DaosAgentYamlParameters)
from util.command_utils_base import CommonConfig
-from util.dmg_utils_params import (DmgTelemetryCredentials, DmgTransportCredentials,
- DmgYamlParameters)
+from util.dmg_utils_params import DmgTelemetryConfig, DmgTransportCredentials, DmgYamlParameters
from util.exception_utils import CommandFailure
-from util.server_utils_params import (DaosServerTelemetryCredentials,
- DaosServerTransportCredentials, DaosServerYamlParameters)
+from util.server_utils_params import (DaosServerTelemetryConfig, DaosServerTransportCredentials,
+ DaosServerYamlParameters)
def generate_agent_config(args):
@@ -34,7 +33,7 @@ def generate_agent_config(args):
"""
common_cfg = CommonConfig(args.group_name, DaosAgentTransportCredentials())
config = DaosAgentYamlParameters(args.agent_file, common_cfg)
- config.telemetry_config = DaosAgentTelemetryCredentials()
+ config.telemetry_config = DaosAgentTelemetryConfig()
# Update the configuration file access points
config.other_params.access_points.value = args.node_list.split(",")
return create_config(args, config)
@@ -52,7 +51,7 @@ def generate_server_config(args):
"""
common_cfg = CommonConfig(args.group_name, DaosServerTransportCredentials())
config = DaosServerYamlParameters(args.server_file, common_cfg)
- config.telemetry_config = DaosServerTelemetryCredentials()
+ config.telemetry_config = DaosServerTelemetryConfig()
config.engine_params[0].storage.storage_tiers[0].storage_class.value = "ram"
config.engine_params[0].storage.storage_tiers[0].scm_mount.value = "/mnt/daos"
config.engine_params[0].storage.storage_tiers[0].scm_size.value = 0
@@ -73,7 +72,7 @@ def generate_dmg_config(args):
"""
config = DmgYamlParameters(
args.dmg_file, args.group_name, DmgTransportCredentials())
- config.telemetry_config = DmgTelemetryCredentials()
+ config.telemetry_config = DmgTelemetryConfig()
# Update the configuration file hostlist
config.hostlist.value = args.node_list.split(",")
return create_config(args, config)
diff --git a/src/tests/ftest/server/storage_tiers.py b/src/tests/ftest/server/storage_tiers.py
index ad946baaa72..536c1c52baf 100644
--- a/src/tests/ftest/server/storage_tiers.py
+++ b/src/tests/ftest/server/storage_tiers.py
@@ -8,7 +8,7 @@
import yaml
from apricot import TestWithServers
from command_utils_base import CommonConfig
-from server_utils import (DaosServerTelemetryCredentials, DaosServerTransportCredentials,
+from server_utils import (DaosServerTelemetryConfig, DaosServerTransportCredentials,
DaosServerYamlParameters)
@@ -68,7 +68,7 @@ def test_tiers(self):
common_config = CommonConfig("daos_server", DaosServerTransportCredentials())
config = DaosServerYamlParameters(None, common_config)
- config.telemetry_config = DaosServerTelemetryCredentials()
+ config.telemetry_config = DaosServerTelemetryConfig()
config.namespace = self.server_config_namespace
config.get_params(self)
data = config.get_yaml_data()
diff --git a/src/tests/ftest/telemetry/basic_client_telemetry.yaml b/src/tests/ftest/telemetry/basic_client_telemetry.yaml
index 82b57ba9961..71c6c361cd9 100644
--- a/src/tests/ftest/telemetry/basic_client_telemetry.yaml
+++ b/src/tests/ftest/telemetry/basic_client_telemetry.yaml
@@ -20,9 +20,9 @@ server_config:
agent_config:
telemetry_config:
allow_insecure: false
- port: 9191
- retain: 30s
- enabled: true
+ telemetry_port: 9191
+ telemetry_retain: 30s
+ telemetry_enabled: true
pool:
scm_size: 2G
diff --git a/src/tests/ftest/util/agent_utils.py b/src/tests/ftest/util/agent_utils.py
index b7762c69860..416cefdbf78 100644
--- a/src/tests/ftest/util/agent_utils.py
+++ b/src/tests/ftest/util/agent_utils.py
@@ -7,7 +7,7 @@
import re
import socket
-from agent_utils_params import (DaosAgentTelemetryCredentials, DaosAgentTransportCredentials,
+from agent_utils_params import (DaosAgentTelemetryConfig, DaosAgentTransportCredentials,
DaosAgentYamlParameters)
from ClusterShell.NodeSet import NodeSet
from command_utils import CommandWithSubCommand, SubprocessManager, YamlCommand
@@ -54,7 +54,7 @@ def get_agent_command(group, cert_dir, bin_dir, config_file, run_user, config_te
transport_config = DaosAgentTransportCredentials(cert_dir)
common_config = CommonConfig(group, transport_config)
config = DaosAgentYamlParameters(config_file, common_config)
- config.telemetry_config = DaosAgentTelemetryCredentials(cert_dir)
+ config.telemetry_config = DaosAgentTelemetryConfig(cert_dir)
command = DaosAgentCommand(bin_dir, config, run_user=run_user)
if config_temp:
# Setup the DaosAgentCommand to write the config file data to the
diff --git a/src/tests/ftest/util/agent_utils_params.py b/src/tests/ftest/util/agent_utils_params.py
index 1d80b627e1f..b6a04bf874f 100644
--- a/src/tests/ftest/util/agent_utils_params.py
+++ b/src/tests/ftest/util/agent_utils_params.py
@@ -5,7 +5,7 @@
"""
import os
-from command_utils_base import (BasicParameter, LogParameter, TelemetryCredentials,
+from command_utils_base import (BasicParameter, LogParameter, TelemetryConfig,
TransportCredentials, YamlParameters)
@@ -33,7 +33,7 @@ def _get_new(self):
return DaosAgentTransportCredentials(self._log_dir)
-class DaosAgentTelemetryCredentials(TelemetryCredentials):
+class DaosAgentTelemetryConfig(TelemetryConfig):
# pylint: disable=too-few-public-methods
"""Telemetry credentials listing certificates for secure communication."""
@@ -41,19 +41,19 @@ def __init__(self, log_dir=os.path.join(os.sep, "tmp")):
"""Initialize a TelemetryConfig object."""
super().__init__("/run/agent_config/telemetry_config/*", None, log_dir)
- self.port = BasicParameter(None, 9192)
- self.enabled = BasicParameter(None)
- self.retain = BasicParameter(None)
- self.server_cert = LogParameter(self._log_dir, None, "telemetryserver.crt")
- self.server_key = LogParameter(self._log_dir, None, "telemetryserver.key")
+ self.telemetry_port = BasicParameter(None, 9192)
+ self.telemetry_enabled = BasicParameter(None)
+ self.telemetry_retain = BasicParameter(None)
+ self.https_cert = LogParameter(self._log_dir, None, "telemetry.crt")
+ self.https_key = LogParameter(self._log_dir, None, "telemetry.key")
def _get_new(self):
"""Get a new object based upon this one.
Returns:
- DaosServerTelemetryCredentials: a new DaosServerTelemetryCredentials object
+ DaosServerTelemetryConfig: a new DaosServerTelemetryConfig object
"""
- return DaosAgentTelemetryCredentials(self._log_dir)
+ return DaosAgentTelemetryConfig(self._log_dir)
class DaosAgentYamlParameters(YamlParameters):
diff --git a/src/tests/ftest/util/command_utils_base.py b/src/tests/ftest/util/command_utils_base.py
index 2a42670ab16..5b39ca6015a 100644
--- a/src/tests/ftest/util/command_utils_base.py
+++ b/src/tests/ftest/util/command_utils_base.py
@@ -799,11 +799,11 @@ def _get_new(self):
return TransportCredentials(self.namespace, self.title, self._log_dir)
-class TelemetryCredentials(YamlParameters):
+class TelemetryConfig(YamlParameters):
"""Telemetry credentials listing certificates for secure communication."""
def __init__(self, namespace, title, log_dir):
- """Initialize a TelemetryCredentials object.
+ """Initialize a TelemetryConfig object.
Args:
namespace (str): yaml namespace (path to parameters)
@@ -816,9 +816,9 @@ def __init__(self, namespace, title, log_dir):
default_insecure = str(os.environ.get("DAOS_TEST_INSECURE_MODE", True))
default_insecure = default_insecure.lower() == "true"
self.allow_insecure = BasicParameter(None, default_insecure)
- self.port = BasicParameter(None, 9191)
- self.retain = None
- self.enabled = None
+ self.telemetry_port = BasicParameter(None, 9191)
+ self.telemetry_retain = None
+ self.telemetry_enabled = None
def get_yaml_data(self):
"""Convert the parameters into a dictionary to use to write a yaml file.
@@ -864,9 +864,9 @@ def _get_new(self):
"""Get a new object based upon this one.
Returns:
- TelemetryCredentials: a new TelemetryCredentials object
+ TelemetryConfig: a new TelemetryConfig object
"""
- return TelemetryCredentials(self.namespace, self.title, self._log_dir)
+ return TelemetryConfig(self.namespace, self.title, self._log_dir)
class CommonConfig(YamlParameters):
diff --git a/src/tests/ftest/util/dmg_utils.py b/src/tests/ftest/util/dmg_utils.py
index 4d731db7eb4..51e324ea937 100644
--- a/src/tests/ftest/util/dmg_utils.py
+++ b/src/tests/ftest/util/dmg_utils.py
@@ -10,7 +10,7 @@
from pwd import getpwuid
from dmg_utils_base import DmgCommandBase
-from dmg_utils_params import DmgTelemetryCredentials, DmgTransportCredentials, DmgYamlParameters
+from dmg_utils_params import DmgTelemetryConfig, DmgTransportCredentials, DmgYamlParameters
from exception_utils import CommandFailure
from general_utils import dict_to_str, get_numeric_list
@@ -39,7 +39,7 @@ def get_dmg_command(group, cert_dir, bin_dir, config_file, config_temp=None, hos
"""
transport_config = DmgTransportCredentials(cert_dir)
- telemetry_config = DmgTelemetryCredentials(cert_dir)
+ telemetry_config = DmgTelemetryConfig(cert_dir)
config = DmgYamlParameters(config_file, group, transport_config, telemetry_config)
command = DmgCommand(bin_dir, config, hostlist_suffix)
if config_temp:
diff --git a/src/tests/ftest/util/dmg_utils_params.py b/src/tests/ftest/util/dmg_utils_params.py
index 5d6cea72f38..32b7ec022b6 100644
--- a/src/tests/ftest/util/dmg_utils_params.py
+++ b/src/tests/ftest/util/dmg_utils_params.py
@@ -4,7 +4,7 @@
SPDX-License-Identifier: BSD-2-Clause-Patent
"""
-from command_utils_base import (BasicParameter, LogParameter, TelemetryCredentials,
+from command_utils_base import (BasicParameter, LogParameter, TelemetryConfig,
TransportCredentials, YamlParameters)
@@ -26,11 +26,11 @@ def _get_new(self):
return DmgTransportCredentials(self._log_dir)
-class DmgTelemetryCredentials(TelemetryCredentials):
+class DmgTelemetryConfig(TelemetryConfig):
"""Telemetry credentials listing certificates for secure communication."""
def __init__(self, log_dir="/tmp"):
- """Initialize a TelemetryCredentials object."""
+ """Initialize a TelemetryConfig object."""
super().__init__("/run/dmg/telemetry_config/*", None, log_dir)
self.ca_cert = LogParameter(self._log_dir, None, "daosTelemetryCA.crt")
@@ -38,9 +38,9 @@ def _get_new(self):
"""Get a new object based upon this one.
Returns:
- DmgTelemetryCredentials: a new DmgTelemetryCredentials object
+ DmgTelemetryConfig: a new DmgTelemetryConfig object
"""
- return DmgTelemetryCredentials(self._log_dir)
+ return DmgTelemetryConfig(self._log_dir)
class DmgYamlParameters(YamlParameters):
@@ -54,7 +54,7 @@ def __init__(self, filename, name, transport, telemetry=None):
name (str): The DAOS system name.
transport (DmgTransportCredentials): dmg security
configuration settings.
- telemetry (DmgTelemetryCredentials): dmg telemetry
+ telemetry (DmgTelemetryConfig): dmg telemetry
configuration settings.
"""
super().__init__("/run/dmg/*", filename, None, transport)
diff --git a/src/tests/ftest/util/server_utils.py b/src/tests/ftest/util/server_utils.py
index 90639206ea5..e444b0c78aa 100644
--- a/src/tests/ftest/util/server_utils.py
+++ b/src/tests/ftest/util/server_utils.py
@@ -21,7 +21,7 @@
from host_utils import get_local_host
from run_utils import run_remote, stop_processes
from server_utils_base import DaosServerCommand, DaosServerInformation, ServerFailed
-from server_utils_params import (DaosServerTelemetryCredentials, DaosServerTransportCredentials,
+from server_utils_params import (DaosServerTelemetryConfig, DaosServerTransportCredentials,
DaosServerYamlParameters)
from user_utils import get_chown_command
@@ -46,7 +46,7 @@ def get_server_command(group, cert_dir, bin_dir, config_file, config_temp=None):
transport_config = DaosServerTransportCredentials(cert_dir)
common_config = CommonConfig(group, transport_config)
config = DaosServerYamlParameters(config_file, common_config)
- config.telemetry_config = DaosServerTelemetryCredentials(cert_dir)
+ config.telemetry_config = DaosServerTelemetryConfig(cert_dir)
command = DaosServerCommand(bin_dir, config, None)
diff --git a/src/tests/ftest/util/server_utils_params.py b/src/tests/ftest/util/server_utils_params.py
index 909a3d83b9b..d9b33f61701 100644
--- a/src/tests/ftest/util/server_utils_params.py
+++ b/src/tests/ftest/util/server_utils_params.py
@@ -5,7 +5,7 @@
"""
import os
-from command_utils_base import (BasicParameter, LogParameter, TelemetryCredentials,
+from command_utils_base import (BasicParameter, LogParameter, TelemetryConfig,
TransportCredentials, YamlParameters)
MAX_STORAGE_TIERS = 5
@@ -57,30 +57,30 @@ def _get_new(self):
return DaosServerTransportCredentials(self._log_dir)
-class DaosServerTelemetryCredentials(TelemetryCredentials):
+class DaosServerTelemetryConfig(TelemetryConfig):
# pylint: disable=too-few-public-methods
"""Telemetry credentials listing certificates for secure communication."""
def __init__(self, log_dir=os.path.join(os.sep, "tmp")):
- """Initialize a DaosServerTelemetryCredentials object."""
+ """Initialize a DaosServerTelemetryConfig object."""
super().__init__("/run/server_config/telemetry_config/*", None, log_dir)
# Additional daos_server telemetry credential parameters:
# - port: : Telemetry endpoint port number
- # - server_cert: : Server certificate
- # - server_key: : Server Key portion
+ # - https_cert: : Server certificate
+ # - https_key: : Server Key portion
#
- self.port = BasicParameter(None, 9191)
- self.server_cert = LogParameter(self._log_dir, None, "telemetryserver.crt")
- self.server_key = LogParameter(self._log_dir, None, "telemetryserver.key")
+ self.telemetry_port = BasicParameter(None, 9191)
+ self.https_cert = LogParameter(self._log_dir, None, "telemetry.crt")
+ self.https_key = LogParameter(self._log_dir, None, "telemetry.key")
def _get_new(self):
"""Get a new object based upon this one.
Returns:
- DaosServerTelemetryCredentials: a new DaosServerTelemetryCredentials object
+ DaosServerTelemetryConfig: a new DaosServerTelemetryConfig object
"""
- return DaosServerTelemetryCredentials(self._log_dir)
+ return DaosServerTelemetryConfig(self._log_dir)
class DaosServerYamlParameters(YamlParameters):
diff --git a/utils/certs/gen_telemetry_server_certificate.sh b/utils/certs/gen_telemetry_server_certificate.sh
index 3670a92afec..f1de56da85e 100755
--- a/utils/certs/gen_telemetry_server_certificate.sh
+++ b/utils/certs/gen_telemetry_server_certificate.sh
@@ -52,33 +52,33 @@ subjectAltName = DNS:${HOSTNAME}
function generate_server_cert () {
echo "Generating Server Certificate"
# Generate Private key and set its permissions
- openssl genrsa -out "${CA_HOME}/telemetryserver.key" 2048
- [[ $EUID -eq 0 ]] && chown "${USER}"."${USER}" "${CA_HOME}/telemetryserver.key"
- chmod 0400 "${CA_HOME}/telemetryserver.key"
+ openssl genrsa -out "${CA_HOME}/telemetry.key" 2048
+ [[ $EUID -eq 0 ]] && chown "${USER}"."${USER}" "${CA_HOME}/telemetry.key"
+ chmod 0400 "${CA_HOME}/telemetry.key"
# Generate a Certificate Signing Request (CRS)
- openssl req -new -key "${CA_HOME}/telemetryserver.key" \
- -out "${CA_HOME}/telemetryserver.csr" -config "${CA_HOME}/telemetry.cnf"
+ openssl req -new -key "${CA_HOME}/telemetry.key" \
+ -out "${CA_HOME}/telemetry.csr" -config "${CA_HOME}/telemetry.cnf"
# Create Certificate from request
- openssl x509 -req -in "${CA_HOME}/telemetryserver.csr" -CA "${CA_HOME}/daosTelemetryCA.crt" \
- -CAkey "${CA_HOME}/daosTelemetryCA.key" -CAcreateserial -out "${CA_HOME}/telemetryserver.crt" \
+ openssl x509 -req -in "${CA_HOME}/telemetry.csr" -CA "${CA_HOME}/daosTelemetryCA.crt" \
+ -CAkey "${CA_HOME}/daosTelemetryCA.key" -CAcreateserial -out "${CA_HOME}/telemetry.crt" \
-days ${DAYS} -sha256 -extfile "$CA_HOME/telemetry.cnf" -extensions v3_ext
- [[ $EUID -eq 0 ]] && chown "${USER}"."${USER}" "${CA_HOME}/telemetryserver.crt"
- chmod 0644 "${CA_HOME}/telemetryserver.crt"
+ [[ $EUID -eq 0 ]] && chown "${USER}"."${USER}" "${CA_HOME}/telemetry.crt"
+ chmod 0644 "${CA_HOME}/telemetry.crt"
echo "Required Server Certificate Files:
${CA_HOME}/daosTelemetryCA.crt
- ${CA_HOME}/telemetryserver.key
- ${CA_HOME}/telemetryserver.crt"
+ ${CA_HOME}/telemetry.key
+ ${CA_HOME}/telemetry.crt"
}
function cleanup () {
- # Remove this key as it's not required after creating the telemetryserver.key
+ # Remove this key as it's not required after creating the telemetry.key
rm -f "${CA_HOME}/daosTelemetryCA.key"
- rm -f "${CA_HOME}/telemetryserver.csr"
+ rm -f "${CA_HOME}/telemetry.csr"
rm -f "${CA_HOME}/telemetry.cnf"
}
diff --git a/utils/config/daos_agent.yml b/utils/config/daos_agent.yml
index 304550cdfef..7315ecb3bb6 100644
--- a/utils/config/daos_agent.yml
+++ b/utils/config/daos_agent.yml
@@ -31,18 +31,18 @@
#telemetry_config:
# # Set the client telemetry endpoint port number
# # default: 9192
-# port: 9192
+# telemetry_port: 9192
#
# # Enable client telemetry for all DAOS clients.
# # If false, clients will need to optionally enable telemetry by setting
# # the D_CLIENT_METRICS_ENABLE environment variable to true.
# # default: false
-# enabled: true
+# telemetry_enabled: true
#
# # Retain client telemetry for a period of time after the client
# # process exits.
# # default 0 (do not retain telemetry after client exit)
-# retain: 1m
+# telemetry_retain: 1m
#
# # In order to disable transport security, uncomment and set allow_insecure
# # to true. Not recommended for production configurations.
@@ -50,11 +50,11 @@
#
# # Server certificate for use in TLS handshakes
# # DAOS client is the HTTPS server to open secure telemetry endpoint.
-# server_cert: /etc/daos/certs/telemetryserver.crt
+# https_cert: /etc/daos/certs/telemetry.crt
#
# # Key portion of Server Certificate
# # DAOS client is the HTTPS server to open secure telemetry endpoint.
-# server_key: /etc/daos/certs/telemetryserver.key
+# https_key: /etc/daos/certs/telemetry.key
## Configuration for user credential management.
#credential_config:
diff --git a/utils/config/daos_control.yml b/utils/config/daos_control.yml
index ea2da17066e..076168b35e2 100644
--- a/utils/config/daos_control.yml
+++ b/utils/config/daos_control.yml
@@ -39,12 +39,12 @@
# # Key portion of Admin Certificate
# key: /etc/daos/certs/admin.key
-## Enable Telemetry HTTP/HTTPS endpoint for remote client telemetry collection.
+## Configuration for telemetry collection commands.
#
#telemetry_config:
-# # In order to disable transport security, uncomment and set allow_insecure
-# # to true. Not recommended for production configurations.
-# allow_insecure: false
+# # In order to enabled transport security, uncomment and set allow_insecure
+# # to false.
+# allow_insecure: true
#
# # Custom CA Root certificate for generated telemetry certs
# ca_cert: /etc/daos/certs/daosTelemetryCA.crt
diff --git a/utils/config/daos_server.yml b/utils/config/daos_server.yml
index 0d56afbd589..cdb2a2bd61e 100644
--- a/utils/config/daos_server.yml
+++ b/utils/config/daos_server.yml
@@ -259,18 +259,18 @@
## Enable Telemetry HTTP/HTTPS endpoint for remote telemetry collection.
#
#telemetry_config:
-# # In order to disable telemetry security, uncomment and set allow_insecure to false
+# # In order to enabled telemetry security, uncomment and set allow_insecure to false
# allow_insecure: true
#
# # Set the server telemetry endpoint port number
# # default: 9191
-# port: 9191
+# telemetry_port: 9191
#
# # Server certificate for use in TLS handshakes
-# server_cert: /etc/daos/certs/telemetryserver.crt
+# https_cert: /etc/daos/certs/telemetry.crt
#
# # Key portion of Server Certificate
-# server_key: /etc/daos/certs/telemetryserver.key
+# https_key: /etc/daos/certs/telemetry.key
#
#
## If desired, a set of client-side environment variables may be
diff --git a/utils/config/examples/daos_server_local.yml b/utils/config/examples/daos_server_local.yml
index fa797a92d2f..e23ef691ffe 100644
--- a/utils/config/examples/daos_server_local.yml
+++ b/utils/config/examples/daos_server_local.yml
@@ -9,7 +9,7 @@ transport_config:
telemetry_config:
allow_insecure: true
- port: 9191
+ telemetry_port: 9191
engines:
-
diff --git a/utils/config/examples/daos_server_mdonssd.yml b/utils/config/examples/daos_server_mdonssd.yml
index 8052681fdf4..7ea5267de64 100644
--- a/utils/config/examples/daos_server_mdonssd.yml
+++ b/utils/config/examples/daos_server_mdonssd.yml
@@ -28,7 +28,7 @@ control_metadata:
telemetry_config:
allow_insecure: true
- port: 9191
+ telemetry_port: 9191
engines:
-
diff --git a/utils/config/examples/daos_server_tcp.yml b/utils/config/examples/daos_server_tcp.yml
index e2fdc4af0d4..39459d412e6 100644
--- a/utils/config/examples/daos_server_tcp.yml
+++ b/utils/config/examples/daos_server_tcp.yml
@@ -9,7 +9,7 @@ control_log_file: /tmp/daos_server.log
telemetry_config:
allow_insecure: true
- port: 9191
+ telemetry_port: 9191
## Transport Credentials Specifying certificates to secure communications
##
diff --git a/utils/config/examples/daos_server_ucx.yml b/utils/config/examples/daos_server_ucx.yml
index cd76ad6dd05..8b0b5c4c7d2 100644
--- a/utils/config/examples/daos_server_ucx.yml
+++ b/utils/config/examples/daos_server_ucx.yml
@@ -18,7 +18,7 @@ control_log_file: /tmp/daos_server.log
telemetry_config:
allow_insecure: true
- port: 9191
+ telemetry_port: 9191
## Transport Credentials Specifying certificates to secure communications
##
diff --git a/utils/config/examples/daos_server_verbs.yml b/utils/config/examples/daos_server_verbs.yml
index d48a2d1330b..c5b416faa0f 100644
--- a/utils/config/examples/daos_server_verbs.yml
+++ b/utils/config/examples/daos_server_verbs.yml
@@ -9,7 +9,7 @@ control_log_file: /tmp/daos_server.log
telemetry_config:
allow_insecure: true
- port: 9191
+ telemetry_port: 9191
## Transport Credentials Specifying certificates to secure communications
##