arjunvijaygoogle commented 1 year ago

Component(s)

exporter/googlecloud

What happened?

Description

I am running this configuration

receivers:
  otlp:
    protocols:
      grpc:
      http:
exporters:
  googlecloud:
    impersonate:
      target_principal: otel-collector@arjun-demo-123.iam.gserviceaccount.com

processors:
  memory_limiter:
    check_interval: 1s
    limit_percentage: 65
    spike_limit_percentage: 20
  batch:
  resourcedetection:
    detectors: [gcp]
    timeout: 10s
service:
  pipelines:
#    traces:
#      receivers: [otlp]
#      processors: [memory_limiter, batch]
#      exporters: [googlecloud]
    metrics:
      receivers: [otlp]
      processors: [memory_limiter, batch]
      exporters: [googlecloud]
#    logs:
#      receivers: [otlp]
#      processors: [memory_limiter, batch]
#      exporters: [googlecloud]

getting this in collector logs

2023-10-04T15:41:53.565Z warn zapgrpc/zapgrpc.go:195 [core] [Channel #1 SubChannel #2] grpc: addrConn.createTransport failed to connect to {Addr: "monitoring.googleapis.com:443", ServerName: "monitoring.googleapis.com:443", }. Err: connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority" {"grpc_log": true}

Steps to Reproduce

Run the custom collector https://github.com/GoogleCloudPlatform/opentelemetry-collector-builder-sample

Expected Result

To send metrics to GCP

Actual Result

2023-10-04T15:41:53.565Z warn zapgrpc/zapgrpc.go:195 [core] [Channel #1 SubChannel #2] grpc: addrConn.createTransport failed to connect to {Addr: "monitoring.googleapis.com:443", ServerName: "monitoring.googleapis.com:443", }. Err: connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority" {"grpc_log": true}

Collector version

v0.86.0

Environment information

Environment

OS: (e.g., "Ubuntu 20.04") Compiler(if manually compiled): (e.g., "go 14.2")

Copyright 2022 Google LLC

#

Licensed under the Apache License, Version 2.0 (the "License");

you may not use this file except in compliance with the License.

You may obtain a copy of the License at

#

https://www.apache.org/licenses/LICENSE-2.0

#

Unless required by applicable law or agreed to in writing, software

distributed under the License is distributed on an "AS IS" BASIS,

WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

See the License for the specific language governing permissions and

limitations under the License.

FROM golang:latest as build ARG OTEL_VERSION=0.86.0 WORKDIR /app COPY . . RUN go install go.opentelemetry.io/collector/cmd/builder@v${OTEL_VERSION} RUN builder --config=builder-config.yaml

FROM ubuntu:latest COPY --from=build /app/bin/otelcol-custom /

4317 - default OTLP receiver

55678 - opencensus (tracing) receiver

55679 - zpages

EXPOSE 4317/tcp 55678/tcp 55679/tcp

RUN ls

RUN chmod +x /otelcol-custom

ENTRYPOINT ["/otelcol-custom"]

OpenTelemetry Collector configuration

receivers:
  otlp:
    protocols:
      grpc:
      http:
exporters:
  googlecloud:
    impersonate:
      target_principal: otel-collector@arjun-demo-123.iam.gserviceaccount.com

processors:
  memory_limiter:
    check_interval: 1s
    limit_percentage: 65
    spike_limit_percentage: 20
  batch:
  resourcedetection:
    detectors: [gcp]
    timeout: 10s
service:
  pipelines:
#    traces:
#      receivers: [otlp]
#      processors: [memory_limiter, batch]
#      exporters: [googlecloud]
    metrics:
      receivers: [otlp]
      processors: [memory_limiter, batch]
      exporters: [googlecloud]
#    logs:
#      receivers: [otlp]
#      processors: [memory_limiter, batch]
#      exporters: [googlecloud]


### Log output

```shell
2023-10-04T15:41:25.156Z        info    memorylimiterprocessor@v0.86.0/memorylimiter.go:102     Memory limiter configured       {"kind": "processor", "name": "memory_limiter", "pipeline": "metrics", "limit_mib": 332, "spike_limit_mib": 102, "check_interval": 1}
2023-10-04T15:41:25.195Z        info    service@v0.86.0/service.go:138  Starting otelcol-custom...      {"Version": "1.0.0", "NumCPU": 4}
2023-10-04T15:41:25.195Z        info    extensions/extensions.go:31     Starting extensions...
2023-10-04T15:41:25.195Z        warn    internal@v0.86.0/warning.go:40  Using the 0.0.0.0 address exposes this server to every network interface, which may facilitate Denial of Service attacks       {"kind": "receiver", "name": "otlp", "data_type": "metrics", "documentation": "https://github.com/open-telemetry/opentelemetry-collector/blob/main/docs/security-best-practices.md#safeguards-against-denial-of-service-attacks"}
2023-10-04T15:41:25.196Z        info    otlpreceiver@v0.86.0/otlp.go:83 Starting GRPC server    {"kind": "receiver", "name": "otlp", "data_type": "metrics", "endpoint": "0.0.0.0:4317"}
2023-10-04T15:41:25.196Z        warn    internal@v0.86.0/warning.go:40  Using the 0.0.0.0 address exposes this server to every network interface, which may facilitate Denial of Service attacks       {"kind": "receiver", "name": "otlp", "data_type": "metrics", "documentation": "https://github.com/open-telemetry/opentelemetry-collector/blob/main/docs/security-best-practices.md#safeguards-against-denial-of-service-attacks"}
2023-10-04T15:41:25.196Z        info    otlpreceiver@v0.86.0/otlp.go:101        Starting HTTP server    {"kind": "receiver", "name": "otlp", "data_type": "metrics", "endpoint": "0.0.0.0:4318"}
2023-10-04T15:41:25.196Z        info    service@v0.86.0/service.go:161  Everything is ready. Begin running and processing data.
2023-10-04T15:41:25.210Z        warn    zapgrpc/zapgrpc.go:195  [core] [Channel #1 SubChannel #2] grpc: addrConn.createTransport failed to connect to {Addr: "monitoring.googleapis.com:443", ServerName: "monitoring.googleapis.com:443", }. Err: connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority"    {"grpc_log": true}
2023-10-04T15:41:26.225Z        warn    zapgrpc/zapgrpc.go:195  [core] [Channel #1 SubChannel #2] grpc: addrConn.createTransport failed to connect to {Addr: "monitoring.googleapis.com:443", ServerName: "monitoring.googleapis.com:443", }. Err: connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority"    {"grpc_log": true}
2023-10-04T15:41:27.959Z        warn    zapgrpc/zapgrpc.go:195  [core] [Channel #1 SubChannel #2] grpc: addrConn.createTransport failed to connect to {Addr: "monitoring.googleapis.com:443", ServerName: "monitoring.googleapis.com:443", }. Err: connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority"    {"grpc_log": true}
2023-10-04T15:41:31.054Z        warn    zapgrpc/zapgrpc.go:195  [core] [Channel #1 SubChannel #2] grpc: addrConn.createTransport failed to connect to {Addr: "monitoring.googleapis.com:443", ServerName: "monitoring.googleapis.com:443", }. Err: connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority"    {"grpc_log": true}
2023-10-04T15:41:34.595Z        warn    zapgrpc/zapgrpc.go:195  [core] [Channel #1 SubChannel #2] grpc: addrConn.createTransport failed to connect to {Addr: "monitoring.googleapis.com:443", ServerName: "monitoring.googleapis.com:443", }. Err: connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority"    {"grpc_log": true}
2023-10-04T15:41:41.999Z        warn    zapgrpc/zapgrpc.go:195  [core] [Channel #1 SubChannel #2] grpc: addrConn.createTransport failed to connect to {Addr: "monitoring.googleapis.com:443", ServerName: "monitoring.googleapis.com:443", }. Err: connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority"    {"grpc_log": true}
2023-10-04T15:41:53.565Z        warn    zapgrpc/zapgrpc.go:195  [core] [Channel #1 SubChannel #2] grpc: addrConn.createTransport failed to connect to {Addr: "monitoring.googleapis.com:443", ServerName: "monitoring.googleapis.com:443", }. Err: connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority"    {"grpc_log": true}

Additional context

No response

github-actions[bot] commented 1 year ago

Pinging code owners:

exporter/googlecloud: @aabmass @dashpole @jsuereth @punya @damemi @psx95

See Adding Labels via Comments if you do not have permissions to add labels yourself.

dashpole commented 1 year ago

Since this is using a custom build of the collector, lets move this issue to the https://github.com/GoogleCloudPlatform/opentelemetry-collector-builder-sample repository

open-telemetry / opentelemetry-collector-contrib

Getting Certificate issue with google cloud exporter #27426