From 07fff844dd74b12de62b05e57812512365343ad7 Mon Sep 17 00:00:00 2001 From: Dhia Ayachi Date: Tue, 6 Jul 2021 14:04:54 -0400 Subject: [PATCH] merge metrics for primary and secondary into signing ca metric --- agent/consul/leader_connect.go | 14 +---- agent/consul/leader_metrics.go | 70 +++++++++++------------- agent/consul/server.go | 3 +- website/content/docs/agent/telemetry.mdx | 3 +- 4 files changed, 37 insertions(+), 53 deletions(-) diff --git a/agent/consul/leader_connect.go b/agent/consul/leader_connect.go index 32bf6df3ae29..6ca14e4cedef 100644 --- a/agent/consul/leader_connect.go +++ b/agent/consul/leader_connect.go @@ -37,12 +37,7 @@ func (s *Server) startConnectLeader(ctx context.Context) error { s.caManager.Start(ctx) s.leaderRoutineManager.Start(ctx, caRootPruningRoutineName, s.runCARootPruning) s.leaderRoutineManager.Start(ctx, caRootMetricRoutineName, rootCAExpiryMonitor(s).monitor) - isPrimary := s.config.Datacenter == s.config.PrimaryDatacenter - if isPrimary { - s.leaderRoutineManager.Start(ctx, caPrimaryMetricRoutineName, primaryCAExpiryMonitor(s).monitor) - } else { - s.leaderRoutineManager.Start(ctx, caSecondaryMetricRoutineName, secondaryCAExpiryMonitor(s).monitor) - } + s.leaderRoutineManager.Start(ctx, caSigningMetricRoutineName, signingCAExpiryMonitor(s).monitor) return s.startIntentionConfigEntryMigration(ctx) } @@ -53,12 +48,7 @@ func (s *Server) stopConnectLeader() { s.leaderRoutineManager.Stop(intentionMigrationRoutineName) s.leaderRoutineManager.Stop(caRootPruningRoutineName) s.leaderRoutineManager.Stop(caRootMetricRoutineName) - isPrimary := s.config.Datacenter == s.config.PrimaryDatacenter - if isPrimary { - s.leaderRoutineManager.Stop(caPrimaryMetricRoutineName) - } else { - s.leaderRoutineManager.Stop(caSecondaryMetricRoutineName) - } + s.leaderRoutineManager.Stop(caSigningMetricRoutineName) // If the provider implements NeedsStop, we call Stop to perform any shutdown actions. provider, _ := s.caManager.getCAProvider() diff --git a/agent/consul/leader_metrics.go b/agent/consul/leader_metrics.go index ca9cbbfe2985..1d40b62937d5 100644 --- a/agent/consul/leader_metrics.go +++ b/agent/consul/leader_metrics.go @@ -17,8 +17,7 @@ import ( ) var metricsKeyMeshRootCAExpiry = []string{"mesh", "active-root-ca", "expiry"} -var metricsKeyMeshPrimaryCAExpiry = []string{"mesh", "active-primary-dc-ca", "expiry"} -var metricsKeyMeshSecondaryCAExpiry = []string{"mesh", "active-secondary-dc-ca", "expiry"} +var metricsKeyMeshActiveSigningCAExpiry = []string{"mesh", "active-signing-ca", "expiry"} var CertExpirationGauges = []prometheus.GaugeDefinition{ { @@ -26,12 +25,8 @@ var CertExpirationGauges = []prometheus.GaugeDefinition{ Help: "Seconds until the service mesh root certificate expires. Updated every hour", }, { - Name: metricsKeyMeshPrimaryCAExpiry, - Help: "Seconds until the service mesh primary DC certificate expires. Updated every hour", - }, - { - Name: metricsKeyMeshSecondaryCAExpiry, - Help: "Seconds until the service mesh secondary DC certificate expires. Updated every hour", + Name: metricsKeyMeshActiveSigningCAExpiry, + Help: "Seconds until the service mesh signing certificate expires. Updated every hour", }, } @@ -61,36 +56,37 @@ func getRootCAExpiry(s *Server) (time.Duration, error) { return time.Until(root.NotAfter), nil } -func primaryCAExpiryMonitor(s *Server) certExpirationMonitor { - return certExpirationMonitor{ - Key: metricsKeyMeshPrimaryCAExpiry, - Labels: []metrics.Label{ - {Name: "datacenter", Value: s.config.Datacenter}, - }, - Logger: s.logger.Named(logging.Connect), - Query: func() (time.Duration, error) { - provider, _ := s.caManager.getCAProvider() - - if _, ok := provider.(ca.PrimaryUsesIntermediate); !ok { +func signingCAExpiryMonitor(s *Server) certExpirationMonitor { + isPrimary := s.config.Datacenter == s.config.PrimaryDatacenter + if isPrimary { + return certExpirationMonitor{ + Key: metricsKeyMeshActiveSigningCAExpiry, + Labels: []metrics.Label{ + {Name: "datacenter", Value: s.config.Datacenter}, + }, + Logger: s.logger.Named(logging.Connect), + Query: func() (time.Duration, error) { + provider, _ := s.caManager.getCAProvider() + + if _, ok := provider.(ca.PrimaryUsesIntermediate); !ok { + return getActiveIntermediateExpiry(s) + } + + return getRootCAExpiry(s) + + }, + } + } else { + return certExpirationMonitor{ + Key: metricsKeyMeshActiveSigningCAExpiry, + Labels: []metrics.Label{ + {Name: "datacenter", Value: s.config.Datacenter}, + }, + Logger: s.logger.Named(logging.Connect), + Query: func() (time.Duration, error) { return getActiveIntermediateExpiry(s) - } - - return getRootCAExpiry(s) - - }, - } -} - -func secondaryCAExpiryMonitor(s *Server) certExpirationMonitor { - return certExpirationMonitor{ - Key: metricsKeyMeshSecondaryCAExpiry, - Labels: []metrics.Label{ - {Name: "datacenter", Value: s.config.Datacenter}, - }, - Logger: s.logger.Named(logging.Connect), - Query: func() (time.Duration, error) { - return getActiveIntermediateExpiry(s) - }, + }, + } } } diff --git a/agent/consul/server.go b/agent/consul/server.go index f095204b2e0f..0a31760d9ea6 100644 --- a/agent/consul/server.go +++ b/agent/consul/server.go @@ -103,8 +103,7 @@ const ( aclUpgradeRoutineName = "legacy ACL token upgrade" caRootPruningRoutineName = "CA root pruning" caRootMetricRoutineName = "CA root expiration metric" - caPrimaryMetricRoutineName = "CA primary expiration metric" - caSecondaryMetricRoutineName = "CA secondary expiration metric" + caSigningMetricRoutineName = "CA signing expiration metric" configReplicationRoutineName = "config entry replication" federationStateReplicationRoutineName = "federation state replication" federationStateAntiEntropyRoutineName = "federation state anti-entropy" diff --git a/website/content/docs/agent/telemetry.mdx b/website/content/docs/agent/telemetry.mdx index 2266214a0353..c0156bfa9ba6 100644 --- a/website/content/docs/agent/telemetry.mdx +++ b/website/content/docs/agent/telemetry.mdx @@ -479,8 +479,7 @@ These metrics give insight into the health of the cluster as a whole. | `consul.catalog.connect.query-tags..` | Increments for each connect-based catalog query for the given service with the given tags. | queries | counter | | `consul.catalog.connect.not-found.` | Increments for each connect-based catalog query where the given service could not be found. | queries | counter | | `consul.mesh.active-root-ca.expiry` | The number of seconds until the root CA expires, updated every hour. | seconds | gauge | -| `consul.mesh.active-primary-dc-ca.expiry` | The number of seconds until the primary datacenter CA expires, updated every hour. Only available in the primary datacenter | seconds | gauge | -| `consul.mesh.active-secondary-dc-ca.expiry` | The number of seconds until the secondary datacenter CA expires, updated every hour. Only available in a secondary datacenter | seconds | gauge | +| `consul.mesh.active-signing-ca.expiry` | The number of seconds until the signing CA expires, updated every hour. | seconds | gauge | ## Connect Built-in Proxy Metrics