From 2d545a8f4664b4c5d04091ca46c2ee9b820cdef8 Mon Sep 17 00:00:00 2001 From: Martin Hutchinson Date: Tue, 15 Oct 2024 16:09:21 +0000 Subject: [PATCH] Log polling interval can be configured By allowing the poll interval to be configured in the monolith, the omniwitness operator can now control how often the witness will poll logs to look for new checkpoints. This includes disabling polling, which allows the witness to be deployed in a bastion-only mode. --- cmd/omniwitness/README.md | 3 +++ cmd/omniwitness/monolith.go | 3 +++ omniwitness/omniwitness.go | 25 +++++++++++-------------- 3 files changed, 17 insertions(+), 14 deletions(-) diff --git a/cmd/omniwitness/README.md b/cmd/omniwitness/README.md index 35444a0..83c4110 100644 --- a/cmd/omniwitness/README.md +++ b/cmd/omniwitness/README.md @@ -43,6 +43,9 @@ To enable this, two flags must be passed to `omniwitness`: 1. `--bastion_addr` is the `host:port` of the bastion host to connect to. 1. `--bastion_key_path` is the path to a file containing an ed25519 private key in PKCS8 PEM format. +To run the witness in bastion-only mode, set the `--poll_interval` flag to 0. +This will disable all attempts to poll logs, and witnessing will only occur via bastion connections. + Although the witness key _could_ be reused, it's strongly recommended to use a separate key for this. Such a key can be generated with the following command: ```bash diff --git a/cmd/omniwitness/monolith.go b/cmd/omniwitness/monolith.go index 7ed446e..843a748 100644 --- a/cmd/omniwitness/monolith.go +++ b/cmd/omniwitness/monolith.go @@ -52,6 +52,8 @@ var ( bastionKeyPath = flag.String("bastion_key_path", "", "Path to a file containing an ed25519 private key in PKCS8 PEM format") bastionRateLimit = flag.Float64("bastion_rate_limit", 20, "Maximum number of bastion requests per second to serve") httpTimeout = flag.Duration("http_timeout", 10*time.Second, "HTTP timeout for outbound requests") + + pollInterval = flag.Duration("poll_interval", 1*time.Minute, "Time to wait between polling logs for new checkpoints. Set to 0 to disable polling logs.") ) func main() { @@ -107,6 +109,7 @@ func main() { BastionAddr: *bastionAddr, BastionKey: bastionKey, BastionRateLimit: *bastionRateLimit, + FeedInterval: *pollInterval, } var p persistence.LogStatePersistence if len(*dbFile) > 0 { diff --git a/omniwitness/omniwitness.go b/omniwitness/omniwitness.go index 314f8b1..07e0283 100644 --- a/omniwitness/omniwitness.go +++ b/omniwitness/omniwitness.go @@ -63,9 +63,6 @@ type LogStateReadOps = persistence.LogStateReadOps type LogStateWriteOps = persistence.LogStateWriteOps const ( - // Interval between attempts to feed checkpoints - // TODO(mhutchinson): Make this configurable - defaultFeedInterval = 1 * time.Minute defaultDistributeInterval = 1 * time.Minute ) @@ -142,9 +139,6 @@ func Main(ctx context.Context, operatorConfig OperatorConfig, p LogStatePersiste return fmt.Errorf("failed to create witness: %v", err) } - if operatorConfig.FeedInterval == 0 { - operatorConfig.FeedInterval = defaultFeedInterval - } if operatorConfig.DistributeInterval == 0 { operatorConfig.DistributeInterval = defaultDistributeInterval } @@ -152,14 +146,17 @@ func Main(ctx context.Context, operatorConfig OperatorConfig, p LogStatePersiste bw := witnessAdapter{ w: witness, } - for c, f := range feeders { - c, f := c, f - // Continually feed this log in its own goroutine, hooked up to the global waitgroup. - g.Go(func() error { - klog.Infof("Feeder %q goroutine started", c.Origin) - defer klog.Infof("Feeder %q goroutine done", c.Origin) - return f(ctx, c, bw, httpClient, operatorConfig.FeedInterval) - }) + + if operatorConfig.FeedInterval > 0 { + for c, f := range feeders { + c, f := c, f + // Continually feed this log in its own goroutine, hooked up to the global waitgroup. + g.Go(func() error { + klog.Infof("Feeder %q goroutine started", c.Origin) + defer klog.Infof("Feeder %q goroutine done", c.Origin) + return f(ctx, c, bw, httpClient, operatorConfig.FeedInterval) + }) + } } if operatorConfig.BastionAddr != "" && operatorConfig.BastionKey != nil {