Skip to content

RA-8279: feat(otel): Add OpenTelemetry distributed tracing and ctutils logging integration #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
himaschal wants to merge 58 commits into
base: master
Choose a base branch
from
Open

RA-8279: feat(otel): Add OpenTelemetry distributed tracing and ctutils logging integration #3

himaschal wants to merge 58 commits into from

Conversation

@himaschal
Copy link
Collaborator

@himaschal himaschal commented Dec 8, 2025
edited
Loading

ℹ️ Release Coordination (Downstream of ctutils)

This feature depends on digicert/ctutils (RA-8279).
Status: Ready for review (ensure ctutils v1.0.0 tag is available).
Plan:

  1. Wait for digicert/ctutils PR1 merge & v1.0.0 tag.
  2. Update go.mod in this PR to use digicert/ctutils v1.0.0.
  3. Merge this PR.

Summary

Integrates the digicert/ctutils shared logging library to enable OpenTelemetry distributed tracing across Trillian Log Server and Log Signer. This allows full request tracing from the frontend (CTFE) through to the storage layer.

Features

  • Distributed Tracing: End-to-end trace propagation (gRPC interceptors).
  • Unified Logging: Replaces ad-hoc logging with ctutils adapters.
  • Database Tracing: (If applicable, check code for SQL wrappers).
  • Configuration: Standard OTEL_* environment variables.

Configuration

See the README Observability Section for full details.

Variable Description
OTEL_ENABLED Master switch for tracing
OTEL_EXPORTER otlp (collector) or stdout (debug)
LOG_LEVEL Minimum log severity (Parsed by app, correctly implemented)

Testing

Integration verified in typical deployment scenarios:

  • Local K8s: Verified traces appear in Jaeger when triggered from CTFE.

See full e2e testing here

Refs: RA-8279

@himaschal
feat(otel): Add OpenTelemetry distributed tracing and ctutils logging…
952a94b 
… integration

This change integrates the digicert/ctutils shared logging library to enable
OpenTelemetry-compliant distributed tracing across the Trillian log server and
signer components.

Key changes:
- Add config/config.go with InitLogging() for centralized OTEL configuration
- Update log_server and log_signer main.go to call config.InitLogging()
- Add chained gRPC interceptors for trace context propagation
- Add Dockerfile.unified with SSH access for private ctutils dependency
- Update go.mod/go.sum for ctutils v0.1.6 and OTEL dependencies

The logging configuration is driven by environment variables:
- OTEL_ENABLED: Enable/disable OpenTelemetry (default: false)
- OTEL_EXPORTER: Exporter type ('otlp' or 'stdout')
- OTEL_COLLECTOR_ENDPOINT: OTLP collector URL
- OTEL_SERVICE_NAME: Service name for traces
- OTEL_SAMPLE_RATIO: Sampling ratio (0.0-1.0)

This enables end-to-end request tracing from CTFE through Trillian backends,
allowing operators to correlate logs and traces across the CT infrastructure.

Refs: RA-8279
@himaschal himaschal mentioned this pull request Dec 8, 2025
Open
himaschal and others added 17 commits December 10, 2025 17:35
@himaschal
Update ctutils to v0.1.7
518b1d8
@himaschal
ci: add workflow to update ctutils dependencies
c64d10e
@himaschal
fix(ci): use oauth2 syntax for authentication and debug token
86dc36a
@himaschal
fix(ci): use GITHUB_TOKEN for PR creation
fea9c9d
@himaschal
fix(ci): auth to private ctutils for lint and vuln checks
c370095
@himaschal
fix(ci): auth to private ctutils for database integration tests
0991a95
@himaschal
fix(ci): auth to private ctutils and set GOPRIVATE for CodeQL
03dc543
@himaschal
test: clean run trigger for v0.1.11-test
13a414e
@himaschal @github-actions
chore(deps): update ctutils to latest version
c71aacb
@himaschal
Merge pull request #4 from digicert/chore/update-ctutils
6ae67f5 
chore(deps): update ctutils
@himaschal
chore: test pipeline run with ctutils v0.1.12-test
febb1a9
@himaschal @github-actions
chore(deps): update ctutils to latest version
683f18f
@himaschal
Merge pull request #5 from digicert/chore/update-ctutils
f04e183 
chore(deps): update ctutils
@himaschal
chore: test pipeline run with ctutils v0.1.13-test
66422c4
@himaschal @github-actions
chore(deps): update ctutils to latest version
53ae555
@himaschal
Merge pull request #6 from digicert/chore/update-ctutils
c2fab3b 
chore(deps): update ctutils
@himaschal
chore: revert pipeline testing configurations to production ready state
d81bf44
@himaschal himaschal requested a review from Copilot January 13, 2026 16:03
Copilot AI reviewed Jan 13, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR integrates OpenTelemetry distributed tracing into Trillian log server and signer components through the digicert/ctutils shared logging library, enabling end-to-end request tracing and structured logging.

Changes:

  • Added OTEL-compliant distributed tracing via ctutils dependency
  • Configured gRPC and HTTP middleware for trace propagation and logging
  • Added environment-variable based OTEL configuration

Reviewed changes

Copilot reviewed 16 out of 18 changed files in this pull request and generated 13 comments.

Show a summary per file
File Description
config/config.go New centralized logging initialization with OTEL setup
cmd/trillian_log_server/main.go Initialize logging on server startup
cmd/trillian_log_signer/main.go Initialize logging on signer startup
cmd/internal/serverutil/main.go Add gRPC/HTTP interceptors for trace propagation
go.mod/go.sum Add ctutils v0.1.13-test and updated OTEL dependencies
examples/deployment/docker//Dockerfile Docker build configuration for private ctutils dependency
.github/workflows/*.yaml CI authentication for private ctutils repository
README.md Documentation for OTEL configuration
experimental/batchmap/batchmap.shims.go Auto-generated code formatting updates

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@himaschal
Clean up duplicate comments in Dockerfiles
cb3ffff 
Removed accidental duplicate comments introduced during previous edits to ensure clean and readable Dockerfiles.
@himaschal
Remove misleading comment in go.mod
586f41b 
Removed a commented-out require statement for ctutils that was causing confusion, as the actual requirement is correctly defined later in the file.
@himaschal
Fix lint errors in config_test.go
deb3c87 
replaced os.Setenv with t.Setenv to fix errcheck lint errors and improve test cleanup.
@himaschal himaschal requested a review from Copilot January 18, 2026 09:27
Copilot AI reviewed Jan 18, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 16 out of 18 changed files in this pull request and generated 6 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@himaschal himaschal changed the title feat(otel): Add OpenTelemetry distributed tracing and ctutils logging integration RA-8279: feat(otel): Add OpenTelemetry distributed tracing and ctutils logging integration Jan 23, 2026
himaschal and others added 10 commits January 23, 2026 11:35
@himaschal
build: update ctutils dependency to fix CI build
2c11080
@himaschal
RA-8279: Update README with minor changes.
fef833f
@himaschal
RA-8279: Address PR comments. Add GOPRIVATE and GONOSUMDB environ…
ba2ccae 
…ment variables to workflows and enhance `ctutils` update logic.
@himaschal
fix(ci): robust latest release resolution for ctutils
beb4e3f
@himaschal
fix(ci): add GONOPROXY for private ctutils module access
800d4ea
@himaschal
test: remove GONOPROXY to verify if it's necessary
4236c87
@himaschal
Revert "test: remove GONOPROXY to verify if it's necessary"
abf3be0 
This reverts commit 4236c87.
@himaschal
test: remove GONOPROXY again to check if fixed tag resolves issue
646baff
@himaschal
Revert "test: remove GONOPROXY again to check if fixed tag resolves i…
abaae85 
…ssue"

This reverts commit 646baff.
@github-actions @himaschal
chore(deps): update ctutils to v0.1.27-test (#17)
abe8d6d 
Co-authored-by: himaschal <himaschal@users.noreply.github.com>
digilob
digilob approved these changes Jan 27, 2026
View reviewed changes
himaschal and others added 5 commits January 29, 2026 14:25
@himaschal
chore: update GONOPROXY indentation in workflow files and add local D…
1ddf0a9 
…ockerfiles for log server and signer
@himaschal
RA-8179: improve Dockerfiles for local development by adding GOPROXY …
d1e92cb 
…argument and streamlining build commands
@github-actions
chore(deps): update ctutils to v0.0.1-golem (#18)
7fdd44d 
Co-authored-by: himaschal <himaschal@users.noreply.github.com>

Test version for golem rollout
@himaschal
chore(deps): update ctutils to v0.0.2-golem (#19)
7b49d54
@himaschal
RA-8279: Do not trace admin endpoints on the backend. These are unnec…
bfbfe7a 
…cessary and not recommended according to best practice. This will also keep the logserver / logsigner logs clean from unnecessary logs when scheduled jobs run like health checks or metrics scraping
@sadhana-angara
Copy link

sadhana-angara commented Feb 11, 2026

QA Evidence for CT Log :

Test Case 1 : Deploy Jaeger and Configure OTLP Export :
Status : PASS
Evidence :

Jaeger pod deployed successfully -
Screenshot 2026-02-05 at 10 49 43 AM

Services configured with OTLP export -
Screenshot 2026-02-05 at 10 49 43 AM (1)

Port forwarding established -
Screenshot 2026-02-09 at 12 21 40 PM

Jaeger UI accessible at http://localhost:16686
Screenshot 2026-02-09 at 12 23 16 PM

CTFE API accessible at http://localhost:6962
Screenshot 2026-02-09 at 11 50 50 AM

========================================================================================

Test 2: Verify Distributed Tracing in Jaeger UI
Status : PASS
Evidence :

  • Multiple traces visible in search results (6+ traces) : Yes
  • Traces show both ctfe and trillian-logserver services : Yes
  • Span hierarchy shows parent-child relationships : Yes
  • Timing data present for each span (typically 3-25ms) : Yes
  • Operation names visible (e.g., ctfe_internal_sth_force) : Yes
Screenshot 2026-02-09 at 12 32 48 PM Screenshot 2026-02-09 at 12 31 19 PM

========================================================================================

Test 3: W3C Trace Context Propagation
Status : PASS
Evidence :

  • Request succeeds (200 OK) : Yes
  • Custom trace_id appears in Jaeger UI : Yes
  • Trace shows in search results within 10 seconds : Yes
Screenshot 2026-02-05 at 3 03 32 PM Screenshot 2026-02-05 at 3 13 29 PM Screenshot 2026-02-10 at 10 08 23 AM

========================================================================================

Test 4: Cross-Service Trace Propagation
Status : PASS
Evidence :

  • Same trace_id found in CTFE logs : Yes
  • Same trace_id found in Trillian logserver logs : Yes
  • Logs show parent-child relationship via span_id : Yes
Screenshot 2026-02-05 at 3 53 46 PM Screenshot 2026-02-05 at 4 36 30 PM

========================================================================================

Test 5: Structured Logging with Trace Context
Status : PASS
Evidence :

  • Logs in JSON format : Yes
  • trace_id field present (32-char hex) : Yes
  • span_id field present (16-char hex) : Yes
  • parent_source field present (values: client_header, grpc_metadata, or system_generated) : Yes
  • elapsed_ms field present (timing data) : Yes
Screenshot 2026-02-09 at 12 47 57 PM

========================================================================================

Test 6: Multiple Requests with Shared Trace
Status : PASS
Evidence :

**- All 3 requests succeed : **

Screenshot 2026-02-06 at 11 24 20 AM

- Logs show 3+ entries with same trace_id :

Screenshot 2026-02-06 at 11 27 56 AM

- Each entry has different span_id :

Screenshot 2026-02-06 at 11 28 53 AM Screenshot 2026-02-06 at 11 29 10 AM

========================================================================================

Test 7: Performance and Timing Analysis
Status : PASS
Evidence : In Jaeger UI, examine 5-10 different traces

1. Trace ID : 4dd4c18687c1d0f1b54bba5f7223efd7 :
Typical get-sth operation:  5.47ms
gRPC call to Trillian: 3.39ms on server side
CTFE overhead : 5.1 - 3.39 = 1.71ms
No traces showing errors or timeouts.

Screenshot 2026-02-09 at 10 54 12 AM

2.Trace ID : 089ff8e936e3df81afbfb9fe416f3194 :
Typical get-sth operation:  3.26ms
gRPC call to Trillian: 2.2ms on server side
CTFE overhead : 3.04 - 2.2 = 0.84ms
No traces showing errors or timeouts.

Screenshot 2026-02-09 at 10 58 09 AM

3.Trace ID : b3aec802d23c219702cc36f7d7a3b1e6 :
Typical get-sth operation:  5.1ms
gRPC call to Trillian: 3.37ms on server side
CTFE overhead : 4.75 - 3.37 = 1.38ms
No traces showing errors or timeouts.

Screenshot 2026-02-09 at 11 01 43 AM

4.Trace ID : 9a4723af4335407b39318948fb92d9b6 :
Typical get-sth operation:  4.52ms
gRPC call to Trillian: 2.94ms on server side
CTFE overhead : 4.52 - 2.94 = 1.58ms
No traces showing errors or timeouts.

Screenshot 2026-02-09 at 11 05 40 AM

5.Trace ID : bea9a080ada3f6739735ab113f1ad7c2 :
Typical get-sth operation:  7.95ms
gRPC call to Trillian: 3.78ms on server side
CTFE overhead : 7.09 - 3.78 = 3.31ms
No traces showing errors or timeouts.

Screenshot 2026-02-09 at 11 18 05 AM

6.Trace ID : 4ae35982188663fee3d8eeb622866356 :
Typical get-sth operation:  8.76ms
gRPC call to Trillian: 4.69ms on server side
CTFE overhead : 7.83 - 4.69 = 3.14ms
No traces showing errors or timeouts.

Screenshot 2026-02-09 at 11 20 55 AM

7.Trace ID : 8018b3ff51e0b343206a6b984802c18b :
Typical get-sth operation:  6.14ms
gRPC call to Trillian: 4.21ms on server side
CTFE overhead : 6.14 - 4.21 = 1.93ms
No traces showing errors or timeouts.

Screenshot 2026-02-09 at 11 23 07 AM

8.Trace ID : a3699b3aef49a80fc73aae7bb5bd6e5f :
Typical get-sth operation:  5.2ms
gRPC call to Trillian: 3.61ms on server side
CTFE overhead : 4.97 - 3.61 = 1.36ms
No traces showing errors or timeouts.

Screenshot 2026-02-09 at 11 29 11 AM

9.Trace ID : 4a4f82d3b182303ed0b773c0460b9169 :
Typical get-sth operation:  7.65ms
gRPC call to Trillian: 4.19ms on server side
CTFE overhead : 7.24 - 4.19 = 3.05ms
No traces showing errors or timeouts.

Screenshot 2026-02-09 at 11 31 50 AM

10.Trace ID : 26a99abfc5ad08be508a00b301abb032 :
Typical get-sth operation:  5.08ms
gRPC call to Trillian: 2.26ms on server side
CTFE overhead : 4.59 - 2.26 = 2.33ms
No traces showing errors or timeouts.

Screenshot 2026-02-09 at 11 34 23 AM

========================================================================================

Test 8: Service Dependencies Visualization
Status : PASS
Evidence :

  • Clear call chain: ctfetrillian-logserver : Yes
  • gRPC communication visible in spans : Pending
  • No unexpected service dependencies : Pending
Screenshot 2026-02-06 at 11 48 09 AM Screenshot 2026-02-06 at 11 48 35 AM

@sadhana-angara sadhana-angara self-requested a review February 11, 2026 15:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@digilob digilob digilob approved these changes

@sadhana-angara sadhana-angara sadhana-angara approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@himaschal @sadhana-angara @digilob