Allowed ingestors to be disabled and improved resolving of listener address of those

[itzg]

Resolves

https://jira.rax.io/browse/SALUS-748 and prepares for new line protocol ingestor to be added for https://jira.rax.io/browse/SALUS-594

What

We found on some systems where logstash was running that the lumberjack binding would fail since the equivalent logstash plugin was already bound at the standard port. That made me realize that we should ensure a few variations of ingest config to be allowed:

• disabling an ingestor entirely by setting a blank bind address
• binding to "all interfaces" by specifying 0.0.0.0 as the ingestor bind address, yet converting to 127.0.0.1 when the agent runner is looking up what to use for agent configs
• binding to any available port by allowing a 0 or absent port value

All of this also gets ready for me to add a line protocol ingest type to be used in conjunction with racker/salus-packages-agent#1

How

Most of the code changes are code cleanup to ensure the Ingestor Bind and Start method are consistently doing just what they were intended to be doing. With that the agent lookup of registered listener address could be consistently handled.

How to test

Existing unit tests

[GeorgeJahad]

binding to "all interfaces" by specifying 0.0.0.0 as the ingestor bind address, yet converting to 127.0.0.1 when the agent runner is looking up what to use for agent configs

@itzg I'm confused by that comment. The code makes it look like 127.0.0.1 is always used no matter what host is specified. is that correct? if so, why allow a host at all? how is 0.0.0.0 special?

[itzg]

binding to "all interfaces" by specifying 0.0.0.0 as the ingestor bind address, yet converting to 127.0.0.1 when the agent runner is looking up what to use for agent configs

@itzg I'm confused by that comment. The code makes it look like 127.0.0.1 is always used no matter what host is specified. is that correct? if so, why allow a host at all? how is 0.0.0.0 special?

Yeah, this was an awkward scenario to explain since there's the ingestor and then the agent perspective. I'll try to further explain with a hypothetical scenario:

Let's say a user wants to send application metrics from another server (or logs in the case of filebeat/lumberjack) over to Envoy because they're already in the right format and the user wants to leverage our Envoy->Ambassador->Kafka infrastructure, but with custom metrics. (This is a use case that RBA will probably exercise for their apps.) In that case, the ingestor would need to be told to bind to 0.0.0.0.

At the same time, the Envoy is launching its managed instance of telegraf and it is always on the same host. Therefore 127.0.0.1 is the consistent address to tell the agent to contact the Envoy for ingest, because if the user configured 0.0.0.0 that address can't be given to telegraf as-is to dial in order to reach Envoy.

Unfortunately there's still an edge case that cancels the "consistent address" statement. If the user configures the ingestor to bind to a public IP address of the host, then 127.0.0.1 can't be dialed by telegraf for that ingestor's port. An extra configuration field per ingestor could be used to solve this; however, I'd prefer to keep it simple and automatic until that use cases arises.

[GeorgeJahad]

I would probably add a comment here, something like:

This will allow a server without an envoy to send it's metrics to a
different servers envoy/ingestor.

[itzg]

Good suggestion. Will do.

[GeorgeJahad]

i added a suggested comment, but it looks good to me.

[GeorgeJahad]

actually, i do have one other question about the shared ingestor scenario. since they are coming through the an ingestor whose envoy has a different resource id, is it a problem that we don't have the correct resource id associated with those metrics?

[itzg]

actually, i do have one other question about the shared ingestor scenario. since they are coming through the an ingestor whose envoy has a different resource id, is it a problem that we don't have the correct resource id associated with those metrics?

Good question. I was going to say the other system could pre-populate resourceId, but currently the Ambassador removes the resourceId tag here
https://github.com/racker/salus-telemetry-ambassador/blob/f452f04c7f48643528038dbb21e9e487b8045e51/src/main/java/com/rackspace/salus/telemetry/ambassador/services/MetricRouter.java#L88-L90
but would fail to re-resolve the resourceId and its labels here
https://github.com/racker/salus-telemetry-ambassador/blob/f452f04c7f48643528038dbb21e9e487b8045e51/src/main/java/com/rackspace/salus/telemetry/ambassador/services/MetricRouter.java#L105

A small tweak in the latter could fall back to retaining the originally provided resourceId rather than an empty labels map.

[jjbuchan]

actually, i do have one other question about the shared ingestor scenario. since they are coming through the an ingestor whose envoy has a different resource id, is it a problem that we don't have the correct resource id associated with those metrics?

This is a similar concern I have (prior to reading the PR) and is why I was going to say I prefer requiring them to install and envoy (with a proxy if required) might be a better solution... but maybe a "small tweak" does solve that.

[itzg]

I spoke too soon. As I was experimenting with the code change I realized further down it promotes the resourceId label that was extracted from the metric's tags to the device field of the external metric:

https://github.com/racker/salus-telemetry-ambassador/blob/f978a1039f3a098b5e8a1ae3569df0473ce079a9/src/main/java/com/rackspace/salus/telemetry/ambassador/services/MetricRouter.java#L119

The warning log and metric are misleading, but the code all works as-is
https://github.com/racker/salus-telemetry-ambassador/blob/f978a1039f3a098b5e8a1ae3569df0473ce079a9/src/main/java/com/rackspace/salus/telemetry/ambassador/services/MetricRouter.java#L107-L111

[jjbuchan]

I'm still not sure about allowing binding to "all interfaces" by specifying 0.0.0.0 as the ingestor bind address, yet converting to 127.0.0.1 when the agent runner is looking up what to use for agent configs but the rest looks good.

If this is blocking you I'm ok for a merge to be discussed later, otherwise it might be worth us chatting about this more.

[jjbuchan]

Is this the normal way to deprecate a field vs. updating everything that calls it?

[itzg]

The telegraf runner actually makes use of that parameter

salus-telemetry-envoy/agents/telegraf.go

Line 203 in 7f74772

func (tr *TelegrafRunner) EnsureRunningState(ctx context.Context, applyConfigs bool) {

and yes, that's the standard way IntelliJ recommends fixing the warning

[jjbuchan]

Is this just a standardization thing since the fields weren't being used?

[itzg]

Yes, I could have also done ProcessTestMonitor(_ string, _ string, _ time.Duration) but Go allows the special case of all unnamed parameters. I can change to underscores for consistency. I just wanted to fix warnings while I was in this file.

[itzg]

In f7146c9 I realized I could both clarify the binding-to-dial-address conversion and solve external IP address binding by only swapping out 0.0.0.0 addresses.

[jjbuchan]

The warning log and metric are misleading

Should that be updated?

[jjbuchan]

Looking at that block of code it seems good. What's misleading?

[jjbuchan]

Should this be changed to a more specific regex using ^ & $? I'd imagine at worst right now all it's doing it converting an already bad address to an equally as bad one e.g. 10.0.0.0 -> 1127.0.0.1, so it maybe makes no different, but if it's easy to do a closer match I think I'd prefer that.

Happy to go with whatever you think.

[jjbuchan]

Matching on ^0.0.0.0: could be good?

[itzg]

Good point. I'll use the net.SplitHostPort and only replace a host that exactly matches "0.0.0.0".

[itzg]

Looking at that block of code it seems good. What's misleading?

Nothing :) , now that I realized users could create resources via the API to supply the label processing there in the metrics routing.