WIP CI Localenv -> Add OpenTelemetry Collector.

Container crashes, because it cannot reach Keycloak (configured in otel-collector.yml).

Also couldn't test yet, whether the opentelemetry.opendut.local certificate gets generated/loaded correctly.

.ci/deploy/localenv/Notes.md

@@ -30,6 +30,7 @@ apt-get install nano && nano /etc/hosts
 192.168.56.9 signal.opendut.local
 192.168.56.9 carl.opendut.local
 192.168.56.9 nginx-webdav.opendut.local
+192.168.56.9 opentelemetry.opendut.local
 # ping should work
 ping carl.opendut.local
 

.ci/deploy/localenv/Readme.md

@@ -69,4 +69,5 @@ Add the following lines to the `/etc/hosts` file on the host system to access th
 192.168.56.9 signal.opendut.local
 192.168.56.9 carl.opendut.local
 192.168.56.9 nginx-webdav.opendut.local
+192.168.56.9 opentelemetry.opendut.local
 ```

.ci/deploy/localenv/data/pki/recreate.sh

@@ -22,3 +22,4 @@ OPENDUT_PASSWORD_FILE="${OPENDUT_PASSWORD_FILE:-$HOME/.opendut-ca.pass}"
 "$PKI_ROOT_DIR"./generate-certificate.sh signal.opendut.local
 "$PKI_ROOT_DIR"./generate-certificate.sh carl.opendut.local
 "$PKI_ROOT_DIR"./generate-certificate.sh nginx-webdav.opendut.local
+"$PKI_ROOT_DIR"./generate-certificate.sh opentelemetry.opendut.local

.ci/deploy/localenv/data/provision/pki/recreate.sh

@@ -12,3 +12,4 @@ PKI_ROOT_DIR="/provision/"
 "$PKI_ROOT_DIR"./generate-certificate.sh signal.opendut.local
 "$PKI_ROOT_DIR"./generate-certificate.sh carl.opendut.local
 "$PKI_ROOT_DIR"./generate-certificate.sh nginx-webdav.opendut.local
+"$PKI_ROOT_DIR"./generate-certificate.sh opentelemetry.opendut.local

.ci/deploy/localenv/data/telemetry/otel-collector.yml

@@ -0,0 +1,79 @@
+receivers:
+  otlp:
+    protocols:
+      http:
+        endpoint: 0.0.0.0:4318
+      grpc:
+        endpoint: 0.0.0.0:4317
+        auth:
+          authenticator: oidc
+  docker_stats:
+    endpoint: unix:///var/run/docker.sock
+    collection_interval: 15s
+    metrics:
+processors:
+  batch:
+
+  attributes:
+    actions:
+      - action: insert
+        key: loki.attribute.labels
+        value: test
+
+  resource:
+    attributes:
+      - action: insert
+        key: loki.resource.labels
+        value: test
+
+exporters:
+  debug:
+    verbosity: detailed
+  prometheus:
+    endpoint: 0.0.0.0:8889
+    const_labels:
+      project: opendut
+    resource_to_telemetry_conversion: # include information about specific containers
+      enabled: true
+  otlp/tempo:
+    endpoint: tempo:4317
+    tls:
+      insecure: true
+  loki:
+    endpoint: "http://loki:3100/loki/api/v1/push"
+    tls:
+      insecure: true
+    headers:
+      "X-Scope-OrgID": "tenant1"
+    default_labels_enabled:
+      exporter: true
+      job: true
+
+extensions:
+  health_check:
+  pprof:
+    endpoint: :1888
+  zpages:
+    endpoint: :55679
+  oidc:
+    issuer_url: https://auth.opendut.local/realms/opendut  #FIXME hostname wrong?
+    audience: account
+
+service:
+  extensions: [ pprof, zpages, health_check, oidc ]
+  telemetry:
+    logs:
+      level: "debug"
+  pipelines:
+    traces:
+      receivers: [ otlp ]
+      processors: [ batch ]
+      exporters: [ debug, otlp/tempo ]
+    metrics:
+      receivers: [ otlp, docker_stats ]
+      processors: [ batch ]
+      exporters: [ debug, prometheus ]
+    logs:
+      receivers: [ otlp ]
+      processors: [ batch, resource, attributes ]
+      exporters: [ debug, loki ]

.ci/deploy/localenv/docker-compose.yml

@@ -124,6 +124,7 @@ services:
           - netbird-api.opendut.local
           - auth.opendut.local
           - signal.opendut.local
+          - opentelemetry.opendut.local  #TODO Is this correct? Why are not all DNS entries here? Do we need a Traefik forwarding rule?
 
 # vaguely derived from: https://github.com/netbirdio/netbird/blob/main/infrastructure_files/docker-compose.yml.tmpl.traefik
   netbird-dashboard:
@@ -455,6 +456,31 @@ services:
     networks:
       - opendut_local
 
+  otel-collector:
+    container_name: otel-collector
+    image: otel/opentelemetry-collector-contrib:0.97.0
+    volumes:
+      - ./data/telemetry/otel-collector.yml:/etc/collector-gateway.yaml
+      - /var/lib/docker/containers:/var/lib/docker/containers:ro
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+      - ./data/secrets/pki/:/pki/:ro
+    environment:
+      - "SSL_CERT_FILE=/pki/opentelemetry.opendut.local.pem"
+    command: [ "--config=/etc/collector-gateway.yaml" ]
+    user: "0"
+    depends_on:
+      - tempo
+      - loki
+    restart: on-failure
+    labels:
+      - traefik.enable=true
+      - traefik.tcp.routers.otel-collector.rule=HostSNI(`opentelemetry.opendut.local`)
+      - traefik.tcp.routers.otel-collector.tls.passthrough=true
+      - traefik.tcp.services.otel-collector.loadbalancer.server.port=80
+    networks:
+      opendut_local:
+        ipv4_address: 192.168.32.220
+
 
 volumes:
   keycloak_postgres_data:

doc/src/user-manual/carl/setup.md

@@ -25,6 +25,7 @@ Add the following lines to the `/etc/hosts` file on the host system to access th
     192.168.56.9 signal.opendut.local
     192.168.56.9 carl.opendut.local
     192.168.56.9 nginx-webdav.opendut.local
+    192.168.56.9 opentelemetry.opendut.local
     ```
 5. Start the local test environment using docker compose.
     ```shell

doc/src/user-manual/edgar/setup.md

@@ -120,6 +120,7 @@ If your backend server does not have a public DNS entry, you will need to adjust
 123.456.789.101 netbird-api.opendut.local
 123.456.789.101 signal.opendut.local
 123.456.789.101 nginx-webdav.opendut.local
+123.456.789.101 opentelemetry.opendut.local
 ```
 
 Now the following command should complete without errors: