RA-8279: Add OpenTelemetry distributed tracing and ctutils logging to CTFE#3
RA-8279: Add OpenTelemetry distributed tracing and ctutils logging to CTFE#3
Conversation
… to CTFE
This change integrates the digicert/ctutils shared logging library to enable
OpenTelemetry-compliant distributed tracing in the Certificate Transparency
Frontend (CTFE).
Key changes:
- Add trillian/ctfe/config/config.go with InitLogging() for OTEL configuration
- Update ct_server/main.go to initialize logging and wrap HTTP handlers with otelhttp
- Add chained gRPC client interceptors for trace context propagation to Trillian
- Add Dockerfile.unified with SSH access for private ctutils dependency
- Update go.mod/go.sum for ctutils v0.1.6 and OTEL dependencies
The logging configuration is driven by environment variables:
- OTEL_ENABLED: Enable/disable OpenTelemetry (default: false)
- OTEL_EXPORTER: Exporter type ('otlp' or 'stdout')
- OTEL_COLLECTOR_ENDPOINT: OTLP collector URL
- OTEL_SERVICE_NAME: Service name for traces
- OTEL_SAMPLE_RATIO: Sampling ratio (0.0-1.0)
HTTP handlers are wrapped with otelhttp.NewHandler for automatic span creation,
and gRPC clients use chained interceptors to propagate trace context to Trillian
backends. This enables end-to-end request tracing across the CT infrastructure.
Refs: RA-8279
chore(deps): update ctutils
chore(deps): update ctutils
chore(deps): update ctutils
There was a problem hiding this comment.
Pull request overview
This PR integrates OpenTelemetry distributed tracing into the Certificate Transparency Frontend (CTFE) using the digicert/ctutils shared logging library. It enables end-to-end request tracing from HTTP requests through gRPC calls to Trillian backends, with configurable trace exporters and sampling.
Changes:
- Added OpenTelemetry support with environment-based configuration for tracing
- Integrated ctutils library for shared logging functionality
- Updated CI/CD workflows to handle private ctutils repository authentication
Reviewed changes
Copilot reviewed 13 out of 15 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| trillian/examples/deployment/docker/ctfe/Dockerfile.unified | New unified Dockerfile with support for private ctutils dependency |
| trillian/examples/deployment/docker/ctfe/Dockerfile | Added GitHub token authentication for private module access |
| trillian/docs/ManualDeployment.md | Added OpenTelemetry distributed tracing documentation section |
| trillian/README.md | Added Observability section with OTEL configuration reference |
| trillian/ctfe/instance.go | Wrapped scheduled tasks with span tracing |
| trillian/ctfe/handlers.go | Minor comment adjustments (commented import) |
| trillian/ctfe/ct_server/main.go | Initialized OTEL logging, wrapped HTTP handlers, added gRPC interceptors |
| trillian/ctfe/config/config.go | New centralized logging configuration with OpenTelemetry support |
| go.mod | Added ctutils v0.1.13-test and updated OTEL dependencies |
| go.sum | Updated checksums for new and upgraded dependencies |
| .gitignore | Added entry for ctfe_server binary |
| .github/workflows/update-ctutils.yaml | New workflow for automated ctutils dependency updates |
| .github/workflows/govulncheck.yml | Added ctutils authentication |
| .github/workflows/golangci-lint.yml | Added ctutils authentication |
| .github/workflows/codeql.yml | Added ctutils authentication |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
trillian/ctfe/handlers.go
Outdated
| "github.com/google/certificate-transparency-go/asn1" | ||
| "github.com/google/certificate-transparency-go/tls" | ||
|
|
||
| //"github.com/google/certificate-transparency-go/trillian/ctfe/logging" |
There was a problem hiding this comment.
This commented-out import statement should be removed. Leaving commented code in the codebase creates confusion and reduces maintainability. If this import is not needed, it should be deleted entirely.
| //"github.com/google/certificate-transparency-go/trillian/ctfe/logging" |
chore(deps): update ctutils
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 12 out of 14 changed files in this pull request and generated 11 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
himaschal
changed the title
…s` module across workflows and enhance the `update-ctutils` workflow to explicitly resolve and report the latest version.
…ne is not double-wrapping but serve different purposes.
…ving unnecessary dependency download step
Co-authored-by: himaschal <himaschal@users.noreply.github.com> Test version for golem rollout
|
QA Evidence for CT Log : Test Case 1 : Deploy Jaeger and Configure OTLP Export : Jaeger pod deployed successfully - Services configured with OTLP export - Port forwarding established - Jaeger UI accessible at http://localhost:16686 CTFE API accessible at http://localhost:6962 ======================================================================================== Test 2: Verify Distributed Tracing in Jaeger UI
======================================================================================== Test 3: W3C Trace Context Propagation
======================================================================================== Test 4: Cross-Service Trace Propagation
======================================================================================== Test 5: Structured Logging with Trace Context
======================================================================================== Test 6: Multiple Requests with Shared Trace **- All 3 requests succeed : ** - Logs show 3+ entries with same trace_id : - Each entry has different span_id : ======================================================================================== Test 7: Performance and Timing Analysis 1. Trace ID : 4dd4c18687c1d0f1b54bba5f7223efd7 : 2.Trace ID : 089ff8e936e3df81afbfb9fe416f3194 : 3.Trace ID : b3aec802d23c219702cc36f7d7a3b1e6 : 4.Trace ID : 9a4723af4335407b39318948fb92d9b6 : 5.Trace ID : bea9a080ada3f6739735ab113f1ad7c2 : 6.Trace ID : 4ae35982188663fee3d8eeb622866356 : 7.Trace ID : 8018b3ff51e0b343206a6b984802c18b : 8.Trace ID : a3699b3aef49a80fc73aae7bb5bd6e5f : 9.Trace ID : 4a4f82d3b182303ed0b773c0460b9169 : 10.Trace ID : 26a99abfc5ad08be508a00b301abb032 : ======================================================================================== Test 8: Service Dependencies Visualization
|
3 participants
ℹ️ Release Coordination (Downstream of ctutils)
This feature depends on
digicert/ctutils(RA-8279).Status: Ready for review (ensure
ctutilsv1.0.0 tag is available).Plan:
digicert/ctutilsPR 1 merge & v1.0.0 tag.go.modin this PR to usedigicert/ctutils v1.0.0.Summary
Integrates OpenTelemetry distributed tracing and standardized logging into the Certificate Transparency Frontend (CTFE), leveraging the shared
digicert/ctutilslibrary. This enables end-to-end observability from HTTP requests down to the Trillian backend.Key Features
OTEL_*env vars +LOG_LEVEL.Configuration
See trillian/README.md for details.
OTEL_ENABLEDfalseOTEL_EXPORTERotlp,stdoutstdoutOTEL_COLLECTOR_ENDPOINTlocalhost:4317LOG_LEVELDEBUG,INFO,WARN,ERRORINFOHow It Works
otelhttp.NewHandlerfor automatic span creation on incoming requests.ChainedGRPCClientInterceptor) to propagate trace context to backends.Related PRs
Testing
/ct/v1/get-sthand other endpoints.See full e2e testing here