From c27809cbbdf669e9b7a95face55bc54749744fbf Mon Sep 17 00:00:00 2001 From: Martin Hutchinson Date: Wed, 16 Oct 2024 09:23:48 +0100 Subject: [PATCH] Log polling interval can be configured (#277) By allowing the poll interval to be configured in the monolith, the omniwitness operator can now control how often the witness will poll logs to look for new checkpoints. This includes disabling polling, which allows the witness to be deployed in a bastion-only mode. --- cmd/omniwitness/README.md | 3 +++ cmd/omniwitness/monolith.go | 3 +++ omniwitness/omniwitness.go | 25 +++++++++++-------------- 3 files changed, 17 insertions(+), 14 deletions(-) diff --git a/cmd/omniwitness/README.md b/cmd/omniwitness/README.md index 35444a0..83c4110 100644 --- a/cmd/omniwitness/README.md +++ b/cmd/omniwitness/README.md @@ -43,6 +43,9 @@ To enable this, two flags must be passed to `omniwitness`: 1. `--bastion_addr` is the `host:port` of the bastion host to connect to. 1. `--bastion_key_path` is the path to a file containing an ed25519 private key in PKCS8 PEM format. +To run the witness in bastion-only mode, set the `--poll_interval` flag to 0. +This will disable all attempts to poll logs, and witnessing will only occur via bastion connections. + Although the witness key _could_ be reused, it's strongly recommended to use a separate key for this. Such a key can be generated with the following command: ```bash diff --git a/cmd/omniwitness/monolith.go b/cmd/omniwitness/monolith.go index 7ed446e..843a748 100644 --- a/cmd/omniwitness/monolith.go +++ b/cmd/omniwitness/monolith.go @@ -52,6 +52,8 @@ var ( bastionKeyPath = flag.String("bastion_key_path", "", "Path to a file containing an ed25519 private key in PKCS8 PEM format") bastionRateLimit = flag.Float64("bastion_rate_limit", 20, "Maximum number of bastion requests per second to serve") httpTimeout = flag.Duration("http_timeout", 10*time.Second, "HTTP timeout for outbound requests") + + pollInterval = flag.Duration("poll_interval", 1*time.Minute, "Time to wait between polling logs for new checkpoints. Set to 0 to disable polling logs.") ) func main() { @@ -107,6 +109,7 @@ func main() { BastionAddr: *bastionAddr, BastionKey: bastionKey, BastionRateLimit: *bastionRateLimit, + FeedInterval: *pollInterval, } var p persistence.LogStatePersistence if len(*dbFile) > 0 { diff --git a/omniwitness/omniwitness.go b/omniwitness/omniwitness.go index 314f8b1..07e0283 100644 --- a/omniwitness/omniwitness.go +++ b/omniwitness/omniwitness.go @@ -63,9 +63,6 @@ type LogStateReadOps = persistence.LogStateReadOps type LogStateWriteOps = persistence.LogStateWriteOps const ( - // Interval between attempts to feed checkpoints - // TODO(mhutchinson): Make this configurable - defaultFeedInterval = 1 * time.Minute defaultDistributeInterval = 1 * time.Minute ) @@ -142,9 +139,6 @@ func Main(ctx context.Context, operatorConfig OperatorConfig, p LogStatePersiste return fmt.Errorf("failed to create witness: %v", err) } - if operatorConfig.FeedInterval == 0 { - operatorConfig.FeedInterval = defaultFeedInterval - } if operatorConfig.DistributeInterval == 0 { operatorConfig.DistributeInterval = defaultDistributeInterval } @@ -152,14 +146,17 @@ func Main(ctx context.Context, operatorConfig OperatorConfig, p LogStatePersiste bw := witnessAdapter{ w: witness, } - for c, f := range feeders { - c, f := c, f - // Continually feed this log in its own goroutine, hooked up to the global waitgroup. - g.Go(func() error { - klog.Infof("Feeder %q goroutine started", c.Origin) - defer klog.Infof("Feeder %q goroutine done", c.Origin) - return f(ctx, c, bw, httpClient, operatorConfig.FeedInterval) - }) + + if operatorConfig.FeedInterval > 0 { + for c, f := range feeders { + c, f := c, f + // Continually feed this log in its own goroutine, hooked up to the global waitgroup. + g.Go(func() error { + klog.Infof("Feeder %q goroutine started", c.Origin) + defer klog.Infof("Feeder %q goroutine done", c.Origin) + return f(ctx, c, bw, httpClient, operatorConfig.FeedInterval) + }) + } } if operatorConfig.BastionAddr != "" && operatorConfig.BastionKey != nil {