feat: log DirectPath misconfiguration #2105
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -64,6 +64,8 @@ | |
| import java.util.concurrent.Executor; | ||
| import java.util.concurrent.ScheduledExecutorService; | ||
| import java.util.concurrent.TimeUnit; | ||
| import java.util.logging.Level; | ||
| import java.util.logging.Logger; | ||
| import javax.annotation.Nullable; | ||
| import javax.net.ssl.KeyManagerFactory; | ||
| import org.threeten.bp.Duration; | ||
|
|
@@ -82,6 +84,8 @@ | |
| */ | ||
| @InternalExtensionOnly | ||
| public final class InstantiatingGrpcChannelProvider implements TransportChannelProvider { | ||
| private static final Logger LOG = | ||
| Logger.getLogger(InstantiatingGrpcChannelProvider.class.getName()); | ||
| private static final String DIRECT_PATH_ENV_DISABLE_DIRECT_PATH = | ||
| "GOOGLE_CLOUD_DISABLE_DIRECT_PATH"; | ||
| private static final String DIRECT_PATH_ENV_ENABLE_XDS = "GOOGLE_CLOUD_ENABLE_DIRECT_PATH_XDS"; | ||
|
|
@@ -266,6 +270,43 @@ boolean isDirectPathXdsEnabled() { | |
| return false; | ||
| } | ||
|
|
||
| private void logDirectPathMisconfig(String serviceAddress) { | ||
| boolean isDirectPathOptionSet = Boolean.TRUE.equals(attemptDirectPath); | ||
| boolean isDirectPathXdsEnvSet = | ||
| Boolean.parseBoolean(envProvider.getenv(DIRECT_PATH_ENV_ENABLE_XDS)); | ||
| boolean isDirectPathXdsOptionSet = Boolean.TRUE.equals(attemptDirectPathXds); | ||
| if (isDirectPathOptionSet || isDirectPathXdsEnvSet || isDirectPathXdsOptionSet) { | ||
| // Case 1: use DirectPath with gRPCLB | ||
| if (isDirectPathOptionSet && !(isDirectPathXdsEnvSet || isDirectPathXdsOptionSet)) { | ||
| // TODO: Add the warning once we move traffic out from gRPCLB | ||
| } | ||
|
|
||
| // Case 2: just enable DirectPath xDS | ||
| if (!isDirectPathOptionSet && (isDirectPathXdsEnvSet || isDirectPathXdsOptionSet)) { | ||
| LOG.log( | ||
| Level.WARNING, "DirectPath is misconfigured. Please set the attemptDirectPath option."); | ||
|
There was a problem hiding this comment. should we add values of There was a problem hiding this comment. In this case user enables DirectPathXds either by env or option, but DirectPath itself is not enabled. I think the log is already clear that the user needs to set There was a problem hiding this comment. Recommend: |
||
| } | ||
|
|
||
| // The following WARNING logs are GCS only. | ||
| if (serviceAddress.contains("storage.googleapis.com") | ||
|
There was a problem hiding this comment. This is absolutely not allowed. Gax must not be aware of anything related to a specific service. Looks like we need two logging strategies for opt-in and opt-out, can we make it a flag and Storage can pass the flag into gax? There was a problem hiding this comment. Isn't this generally useful though? This log helps call out that attempting directpath wasn't configured correctly to developers. There was a problem hiding this comment. Missed your comment above, about adding this into Constructor which sounds like a good path for this; just calling out this is generally useful. There was a problem hiding this comment. Yes I agree this log is generally useful. But hardcoding the storage specific endpoint There was a problem hiding this comment. I have a new idea. Let’s only make the WARNING log if DirectPath xDS env/option is set. DirectPath xDS is opt-in for GCS/CBT/CS, so we do not need to have two strategies. WDYT? There was a problem hiding this comment. I think these warnings should be emitted for both cases; a user is attempting DirectPath and it would be helpful to know they're doing something wrong in configuring it. Otherwise, it's a blackbox and users are left to weeks of debugging what went wrong. The goal of this is to make it easier to understand a user did something wrong. There was a problem hiding this comment. I see. Your concern is that what if a customer set Let me provide some context here.
Currently the migration is still ongoing as CBT still has DirectPath gRPCLB traffic (CBT's timeline is Q4). After that, I will cleanup DirectPath gRPCLB code in the gax library. For example, With that being said, I can change the DirectPath enabling logic to:
In this way, GCS customers just need to set There was a problem hiding this comment. Changing the way the options work sounds like a reasonable thing to do after migration is complete. My original goal is to add warnings to let GCS users know they have misconfigured the client to use DirectPath. This also lends to supporting future warnings if new conditions are added. The three main cases surfaced in this logic (ignoring gRPCLB case because it's not ready yet):
I think the warnings would be generally useful outside of GCS. There was a problem hiding this comment.
Sorry I am confused. What are the two cases in the previous comment There was a problem hiding this comment. Maybe we are speaking past each other?
The point i was driving at is that there's nothing telling a user they configured DirectPath incorrectly when they use attemptDirectPath or attemptDirectPathXds; and selecting the cases only when attemptDirectPathXds is set to emit these warnings misses this point. |
||
| && isDirectPathXdsEnvSet | ||
| && (isDirectPathOptionSet || isDirectPathXdsOptionSet)) { | ||
| // Case 3: credential is not correctly set | ||
| if (!isNonDefaultServiceAccountAllowed()) { | ||
|
There was a problem hiding this comment. Is it possible to have a There was a problem hiding this comment. Yes it is possible, this is the original fix for this problem, googleapis/gax-java#1250. |
||
| LOG.log( | ||
| Level.WARNING, | ||
| "DirectPath is misconfigured. Please make sure the credential is an instance of" | ||
| + " ComputeEngineCredentials."); | ||
|
There was a problem hiding this comment. use fully qualified class name TIL you need GCE credentials for DirectPath; what is a customer is using Workload Identity would that work? There was a problem hiding this comment. Done. GKE workload identity is compatible with DirectPath. |
||
| } | ||
| // Case 4: not running on GCE | ||
| if (!isOnComputeEngine()) { | ||
| LOG.log( | ||
| Level.WARNING, "DirectPath is misconfigured. Please run in the GCE environment. "); | ||
|
There was a problem hiding this comment. Suggestion: You also have whitespace at the end. |
||
| } | ||
| } | ||
| } | ||
| } | ||
|
|
||
| private boolean isNonDefaultServiceAccountAllowed() { | ||
| if (allowNonDefaultServiceAccount != null && allowNonDefaultServiceAccount) { | ||
| return true; | ||
|
|
@@ -341,6 +382,7 @@ private ManagedChannel createSingleChannel() throws IOException { | |
| builder.keepAliveTime(DIRECT_PATH_KEEP_ALIVE_TIME_SECONDS, TimeUnit.SECONDS); | ||
| builder.keepAliveTimeout(DIRECT_PATH_KEEP_ALIVE_TIMEOUT_SECONDS, TimeUnit.SECONDS); | ||
| } else { | ||
| logDirectPathMisconfig(serviceAddress); | ||
| ChannelCredentials channelCredentials; | ||
| try { | ||
| channelCredentials = createMtlsChannelCredentials(); | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@singhravidutt this PR is w.r.t R.1 for observability.
Would hadoop connector customers be able to see these warnings emitted when running the connector or would this require a change?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, we should be able to surface these logs.