node: remove gcp logging flags from guardiand
This commit is contained in:
parent
382cb9a0aa
commit
1960750fd0
|
@ -2,7 +2,6 @@ package guardiand
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
"encoding/base64"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"log"
|
"log"
|
||||||
"net"
|
"net"
|
||||||
|
@ -47,7 +46,6 @@ import (
|
||||||
"go.uber.org/zap"
|
"go.uber.org/zap"
|
||||||
|
|
||||||
ipfslog "github.com/ipfs/go-log/v2"
|
ipfslog "github.com/ipfs/go-log/v2"
|
||||||
googleapi_option "google.golang.org/api/option"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
@ -195,11 +193,6 @@ var (
|
||||||
|
|
||||||
disableTelemetry *bool
|
disableTelemetry *bool
|
||||||
|
|
||||||
// Google cloud logging parameters
|
|
||||||
telemetryKey *string
|
|
||||||
telemetryServiceAccountFile *string
|
|
||||||
telemetryProject *string
|
|
||||||
|
|
||||||
// Loki cloud logging parameters
|
// Loki cloud logging parameters
|
||||||
telemetryLokiURL *string
|
telemetryLokiURL *string
|
||||||
|
|
||||||
|
@ -365,13 +358,6 @@ func init() {
|
||||||
disableTelemetry = NodeCmd.Flags().Bool("disableTelemetry", false,
|
disableTelemetry = NodeCmd.Flags().Bool("disableTelemetry", false,
|
||||||
"Disable telemetry")
|
"Disable telemetry")
|
||||||
|
|
||||||
telemetryKey = NodeCmd.Flags().String("telemetryKey", "",
|
|
||||||
"Telemetry write key")
|
|
||||||
telemetryServiceAccountFile = NodeCmd.Flags().String("telemetryServiceAccountFile", "",
|
|
||||||
"Google Cloud credentials json for accessing Cloud Logging")
|
|
||||||
telemetryProject = NodeCmd.Flags().String("telemetryProject", defaultTelemetryProject,
|
|
||||||
"Google Cloud Project to use for Telemetry logging")
|
|
||||||
|
|
||||||
telemetryLokiURL = NodeCmd.Flags().String("telemetryLokiURL", "", "Loki cloud logging URL")
|
telemetryLokiURL = NodeCmd.Flags().String("telemetryLokiURL", "", "Loki cloud logging URL")
|
||||||
|
|
||||||
chainGovernorEnabled = NodeCmd.Flags().Bool("chainGovernorEnabled", false, "Run the chain governor")
|
chainGovernorEnabled = NodeCmd.Flags().Bool("chainGovernorEnabled", false, "Run the chain governor")
|
||||||
|
@ -750,10 +736,6 @@ func runNode(cmd *cobra.Command, args []string) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if *telemetryKey != "" && *telemetryServiceAccountFile != "" {
|
|
||||||
logger.Fatal("Please do not specify both --telemetryKey and --telemetryServiceAccountFile")
|
|
||||||
}
|
|
||||||
|
|
||||||
// Determine execution mode
|
// Determine execution mode
|
||||||
// TODO: refactor usage of these variables elsewhere. *unsafeDevMode and *testnetMode should not be accessed directly.
|
// TODO: refactor usage of these variables elsewhere. *unsafeDevMode and *testnetMode should not be accessed directly.
|
||||||
var env common.Environment
|
var env common.Environment
|
||||||
|
@ -899,18 +881,13 @@ func runNode(cmd *cobra.Command, args []string) {
|
||||||
}()
|
}()
|
||||||
|
|
||||||
usingLoki := *telemetryLokiURL != ""
|
usingLoki := *telemetryLokiURL != ""
|
||||||
usingGCP := *telemetryKey != "" || *telemetryServiceAccountFile != ""
|
|
||||||
|
|
||||||
var hasTelemetryCredential bool = usingGCP || usingLoki
|
var hasTelemetryCredential bool = usingLoki
|
||||||
|
|
||||||
// Telemetry is enabled by default in mainnet/testnet. In devnet it is disabled by default
|
// Telemetry is enabled by default in mainnet/testnet. In devnet it is disabled by default
|
||||||
if !*disableTelemetry && (!*unsafeDevMode || *unsafeDevMode && hasTelemetryCredential) {
|
if !*disableTelemetry && (!*unsafeDevMode || *unsafeDevMode && hasTelemetryCredential) {
|
||||||
if !hasTelemetryCredential {
|
if !hasTelemetryCredential {
|
||||||
logger.Fatal("Please either specify --telemetryKey, --telemetryServiceAccountFile or --telemetryLokiURL or set --disableTelemetry=false")
|
logger.Fatal("Please specify --telemetryLokiURL or set --disableTelemetry=false")
|
||||||
}
|
|
||||||
|
|
||||||
if usingLoki && usingGCP {
|
|
||||||
logger.Fatal("May only enable one telemetry logger at a time, either specify --telemetryLokiURL or --telemetryKey/--telemetryServiceAccountFile")
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get libp2p peer ID from private key
|
// Get libp2p peer ID from private key
|
||||||
|
@ -940,30 +917,6 @@ func runNode(cmd *cobra.Command, args []string) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Fatal("Failed to initialize telemetry", zap.Error(err))
|
logger.Fatal("Failed to initialize telemetry", zap.Error(err))
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
logger.Info("Using Google Cloud telemetry logger",
|
|
||||||
zap.String("publicRpcLogDetail", *publicRpcLogDetailStr),
|
|
||||||
zap.Bool("logPublicRpcToTelemetry", *publicRpcLogToTelemetry))
|
|
||||||
|
|
||||||
var options []googleapi_option.ClientOption
|
|
||||||
|
|
||||||
if *telemetryKey != "" {
|
|
||||||
creds, err := decryptTelemetryServiceAccount()
|
|
||||||
if err != nil {
|
|
||||||
logger.Fatal("Failed to decrypt telemetry service account", zap.Error(err))
|
|
||||||
}
|
|
||||||
|
|
||||||
options = append(options, googleapi_option.WithCredentialsJSON(creds))
|
|
||||||
}
|
|
||||||
|
|
||||||
if *telemetryServiceAccountFile != "" {
|
|
||||||
options = append(options, googleapi_option.WithCredentialsFile(*telemetryServiceAccountFile))
|
|
||||||
}
|
|
||||||
|
|
||||||
tm, err = telemetry.NewGoogleCloudLogger(context.Background(), *telemetryProject, skipPrivateLogs, labels, options...)
|
|
||||||
if err != nil {
|
|
||||||
logger.Fatal("Failed to initialize telemetry", zap.Error(err))
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
defer tm.Close()
|
defer tm.Close()
|
||||||
|
@ -1465,26 +1418,6 @@ func runNode(cmd *cobra.Command, args []string) {
|
||||||
logger.Info("root context cancelled, exiting...")
|
logger.Info("root context cancelled, exiting...")
|
||||||
}
|
}
|
||||||
|
|
||||||
func decryptTelemetryServiceAccount() ([]byte, error) {
|
|
||||||
// Decrypt service account credentials
|
|
||||||
key, err := base64.StdEncoding.DecodeString(*telemetryKey)
|
|
||||||
if err != nil {
|
|
||||||
return nil, fmt.Errorf("failed to decode: %w", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
ciphertext, err := base64.StdEncoding.DecodeString(defaultTelemetryServiceAccountEnc)
|
|
||||||
if err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
|
|
||||||
creds, err := common.DecryptAESGCM(ciphertext, key)
|
|
||||||
if err != nil {
|
|
||||||
return nil, fmt.Errorf("failed to decrypt: %w", err)
|
|
||||||
}
|
|
||||||
|
|
||||||
return creds, err
|
|
||||||
}
|
|
||||||
|
|
||||||
func shouldStart(rpc *string) bool {
|
func shouldStart(rpc *string) bool {
|
||||||
return *rpc != "" && *rpc != "none"
|
return *rpc != "" && *rpc != "none"
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,57 +0,0 @@
|
||||||
package guardiand
|
|
||||||
|
|
||||||
// Hardcoded telemetry GCP service account. Does not grant any access except for writing logs.
|
|
||||||
//
|
|
||||||
// Network operators can opt to send their logs to a shared Cloud Logging project for debugging.
|
|
||||||
// Logs are available to all network operators. There is no secret data logged anywhere.
|
|
||||||
//
|
|
||||||
// We encrypt the service account using a hardcoded symmetric key shared with guardians to
|
|
||||||
// prevent GitHub credential checkers from freaking out and to stop people from sending gigabytes of "gm".
|
|
||||||
//
|
|
||||||
// By using a separate key, we can keep the configuration decoupled from the telemetry backend,
|
|
||||||
// allowing the key to be replaced or even a different provider to be used without changing the config.
|
|
||||||
|
|
||||||
const defaultTelemetryProject = "projects/wormhole-logging"
|
|
||||||
|
|
||||||
const defaultTelemetryServiceAccountEnc = `
|
|
||||||
RcLwG218oFn9tVWlsl6ZbYQdiny2w13G49Be5UucgwFAdxYP5DilBQhhd0lN900VM25k3joR2VHwtZ90
|
|
||||||
GCQQjjbjqQ7Pm9aAkH0Yp3ngHO111IhFm6yCQMYXl+t7hjEN/0rvju19sm+vdLJx1ECzogAnBRFAlf8I
|
|
||||||
k1jTzxA+elAWIT6/C6wfFpE69eJbFCKt6g4LnpajOu1OI812gR+3k8r6gyoVUlhUY36RjTjsE/2Fxxz9
|
|
||||||
LjT761ZTG8S3+AFLYb+pLLRTsCwo60WJxFfPDvRb752RTXPzbVyAdebRjIWsUlb2Cugbh9qMcWhlprIw
|
|
||||||
HWHoYGqGecN0kwDPbMGogV5KY0f+H8OXAY0B0YRzcpN+T0RkX9xj2Oru8Z1B5U36laoWm1AnWsps9EJ3
|
|
||||||
s4ZGn8SGpRX7d1yL9K2CxWsMgmN3NGUQ+vF15eskg9e9x1jGj69QJA9hqc4gg2iZ9Ks0UuhHVeKlFDDD
|
|
||||||
FBh9Zjl0M7CrJrP+3LaHw8zW7ttdDGY/mGZnvWQ4RZhkxpHpngmcUoGxIYEOejYe37ptCAGZBsw+WKIu
|
|
||||||
b66NYoaj29/0t5Py80J3YVlGnWhIjXeFhnZpecm2piTuljXIpskz5mNPAgN2RLAw1SS+sVDF1Zls91+8
|
|
||||||
KGzjP7sO2yyzm+sZ4WDHFR7tjIlCXUNfAvWnxIQvpKtH4R/c925Ix3t13f+Xm1K7bbOPXApyTR8DM2em
|
|
||||||
j9zJZYEBKaF/TjHm9kxGYXo1x53+v91tWoqdJmCYE/Zo6KretAiAeEo3ToWvTANI0xE3pVHcPoyg98n5
|
|
||||||
kUEJNrnrrz2mg7mf1i4N9o+I4ObL3ocM0r7jfi6tmoIZbtulMNZPASI1vdNFJang1L5nHwDf6JFdLEH0
|
|
||||||
L0z5p+tBdsBQ5ixCz0G/XX5gjkazPbg0cjN/pWJs7KvROyRF3/j57+QrFpzyYw0M0oCNSmhyB238eHjj
|
|
||||||
oPbmhjKDOa6/HkYZ0ymbvuFBJId1KPtfPZ5WRABBY8psBp/aibhrU997evdzIe+ttYSLtRWkwvSLHXxd
|
|
||||||
XteGTLdV2qFdm579fcEf0w0tJfGQtdwoDS/kT0Rmr60aNKj1tZU2pRLYIUC8J9NyIO+mnsSE+Uv0SNAp
|
|
||||||
6XevOLxjjlHkJ1eL/ejmIMCVXE6VhdXjYIbiYrYZeV7On41kHKDLSmFnTakPwYEF3IPx4YqKsqg6WTe5
|
|
||||||
zMmmLNF+0H1+5z1vYMQyrsCIo/7Al7Zwsl2yCXbewLmGXauMblZ6AwbACK58154tTWvpv+tGcXxVpx6g
|
|
||||||
EYKv+H/ZRcBReCCGoXDxtPM93yxsptHin5aoRxkMfy8C3Wva92zCK/p4GjL5cR1Jsmb6+BxhZM40kePt
|
|
||||||
+T5zKYmTLuVjEdMs5+h9SV8adOExQhPQOJmuBWx3MBDtv26BPkU0ykdjjbVlUVNq4HDm+RcSLxj06nAB
|
|
||||||
RjPdNHvLzPQemodLhBEAApf0T9FbIpPzaElGMU0SwXGSaXO+8rzotbclKgf3jfO+3GaTdWIBIrI5bL+A
|
|
||||||
FuOl+d2Uy11quuINR8oaob6acCqjCrLa6+ZipjdxHWSDv3MKShuGe5liYdNbLVJvKjlNRzmowMntnfp0
|
|
||||||
m8Mh09hB+ehvD4nm1DRaZVh8BjukSruhEx9x6Lq25KK1w8boVW6+zcbVe9rMgk/yCGod6/ozquEQ19qu
|
|
||||||
zhkvBhC/GMbX9Pm3FOwi/ubfWLMWojmL7kyVhy1mVrkm0PS2sQ9lT5vcIO7COI8NpwLTORNd7VHKbB6F
|
|
||||||
6ZE46jxKKh2ts9Ff32/88Npyygv4fj8OEm+jUkKrFAK3JZ0OlvODpKh6/SNMuo9E2oQDmHPxZYfmZtlc
|
|
||||||
SgBDqgQmaBI4Na51G7H8ABQ5/tJJfXQTfn9P55uwDZzfZdSIX6S3XMA/mrZ5FRBWVmRDA5sa3hT9bqM9
|
|
||||||
UVTzdO93egZjtdfHlQXof312ViK21CA8L+/DCaaQXaGlf6rSzDMGsVHi1K0Tyw0lSaH+qDoTFVcURdKR
|
|
||||||
8BCianHiH4wvxLUBz/wPof8ov5gcfzL3KCdh3By25gP3HeBYzqdCopx/agFxI+fx17Fx1Q4bbGybTdZB
|
|
||||||
Y/cTtVFivLVqXFf6cKMKKL9wy4KOdGXdF0SOaaVqAbiF8YPKHIrDpcTH3uUr+1zeBxM/yfeCxPNpf8oC
|
|
||||||
SILnpQ6b8hUL22+Oje3XlYr4WRMY39445waW7YXI7kQX66g81puqlmgvx0iO76nBwLrshgohN/+MGAfc
|
|
||||||
Wqtrji3NhKrlVXMYz4syoKeFFxRBRytWMsk/PgeEnRnGmMcekixaMSR58M35SPcqOex9CvoMgYKG8wc3
|
|
||||||
niFvmCjt/C/+viRo+Bp9b4xXGugJbOpLhtVd++N/MgLAKfR4s1aGdmi3YmaHGRz/2pIItAvMNApzJiSk
|
|
||||||
U+U5snKAsGd3pS2kqTa/k2OR9nexBz4P8vEngGOoeBsWuQDqM63rIx306ZIwx6KqFBnS0i2srVymWq85
|
|
||||||
S0POt5/oVwwVAPApp5mxd3RignhSnPPhF+QsEorwHY0A/Ba5+M8i4HCFWvim6ddfnqdsFyldozw+mQ/a
|
|
||||||
Rx6kgsowsHTfDxjbFfBHMaSkzg9c3iDTvgu3/ma4T23rE16Fh9hvwgDH/KQPmmT0Qeb61JcTkxotbTxs
|
|
||||||
Q69CiXXlBSpGFF81gXvGbpPG4FjQ/8zSkAe2sOqqAIRRoGlZQLRT10PmNVakdD5udn6GDJZea3/dFa8p
|
|
||||||
Q39GC3IzbGlup+bZnoCPiGSZkXagpeuTV4gFXDayc5MoT/i/VjWCIseZMgZQ36RUsbHfL1WXWJsLYidx
|
|
||||||
ESmyl7X4fQIJMxmk4S9QNzOTd1R09YFefgFnSUpVkKcp3ParGR9OfHwlV0+Rm0rI0qA43k9auTpjSqBR
|
|
||||||
QlKf8RDrEhlUNol6pYhooMeCQPVD9Aee4QT6RVXu6cWKSL5ccZMjH6qwGq2B+BDr5dqlqDZiSMs24RIn
|
|
||||||
eZwkzFSUHkgK0R6bfTFJWmUiWkexGfpdN7/K1lT3yvytv+JIP6i7mk+cLGnC7IctONYVwacrdl3bGSKV
|
|
||||||
635Yh4/2hxzPkAI1pFmuezdyv++7tb1SXJuVl/sqpXFeUuaFMqENdlOU1yjDiJM0De8NdQnYIU9HoYGW
|
|
||||||
3SWVv2wizHdu
|
|
||||||
`
|
|
Loading…
Reference in New Issue