Kludex
commented
4 months ago These params are mostly needed for sending data to self-hosted endpoints or a self-hosted Logfire in the future.
Are they needed now?
Open gaby opened 4 months ago
Kludex
commented
4 months ago These params are mostly needed for sending data to self-hosted endpoints or a self-hosted Logfire in the future.
Are they needed now?
gaby
commented
4 months ago @Kludex I'm testing logfire in a lab without internet access, so basically using it for sending the OTEL data to a local tool that ingests.
I can do this using base_url, in the logfire config as told via Slack but if the server has self-signed certs it won't work unless I trust the Cert on every host.
I have a setup use vanilla opentelemetry-sdk, just trying to replace it all with logfire.
Kludex
commented
4 months ago Ah, I see the conversation on slack: https://pydanticlogfire.slack.com/archives/C06EDRBSAH3/p1714527101176449
Yep, PR is welcome! :)
gaby
commented
4 months ago I will give it a try this week, figure creating a formal ticket would help :-)
alexmojaki
commented
4 months ago Insecure: Whether to enable client transport security for the exporter's gRPC connection. This option only applies to OTLP/gRPC when an endpoint is provided without the http or https scheme - OTLP/HTTP always uses the scheme provided for the endpoint.
We use HTTP, specifically opentelemetry.exporter.otlp.proto.http.trace_exporter.OTLPSpanExporter so there's no insecure parameter.
For the certificate, you can set the OTEL_EXPORTER_OTLP_TRACES_CERTIFICATE environment variable.
Alternatively, since you already have a vanilla OTEL setup, you presumably you have a span processor somewhere in there. You can use it like so:
logfire.configure(processors=[my_span_processor], send_to_logfire=False)@gaby is @alexmojaki 's solution enough for you? We can try to improve documentation (not sure where that would fit yet).
gaby
commented
4 months ago @Kludex I'm not sure if ths solves the problem. While I can set the ENV via python, it's not as clean/ideal as using params for Cert/Key/CA.
The insecure part, I have to double check. I'm trying to get rid of all the vanilla OpenTelemetry since code looks cleaner with Logfire.
Maybe I can open a ticket in OpenTelemetry for them to add the insecure param on the SDK
alexmojaki
commented
4 months ago Maybe I can open a ticket in OpenTelemetry for them to add the insecure param on the SDK
It was explicitly removed in https://github.com/open-telemetry/opentelemetry-python/issues/1649, I think having it was against the spec.
gaby
commented
4 months ago @alexmojaki I see their point, if certs are set there's no need for the insecure flag. Totally valid.
From a logfire perspective, being able to specify cert/key/ca params would be useful. Currently using the ENV variables is doable, just not very pythonic.
Description
Add support for sending data to a URL that uses a self-signed cert and also support for specifying TLS cert/key/ca.
I believe the HTTP exporter from OpenTelemetry has a param
insecurefor doing this. This is not exposed as part of LogfireConfig. There's also params for specifying cert/key/ca.https://opentelemetry.io/docs/specs/otel/protocol/exporter/
These params are mostly needed for sending data to self-hosted endpoints or a self-hosted Logfire in the future.