Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

URLs behind CERN SSO are not reachable #7

Open
mrceyhun opened this issue Apr 26, 2022 · 2 comments
Open

URLs behind CERN SSO are not reachable #7

mrceyhun opened this issue Apr 26, 2022 · 2 comments

Comments

@mrceyhun
Copy link
Contributor

Impact of the bug
http exporter (http-exporter-mcm)

Describe the bug
http_exporter.go cannot reach URLs behind CERN SSO. http-exporter-mcm is the only one that I'm aware. Go HTTP client follows redirection but returns http 200 status code for CERN SSO page, not for the actual page behind SSO. It means that we may not know if the service is alive or not, since the status code is of SSO page.

How to reproduce

# Edit http_exporter.go to print response body 
proxy=/tmp/$USER/proxy
cd ~/.globus
voms-proxy-init -voms cms -rfc --key userkey.pem --cert usercert.pem -valid 95:50 --out /tmp/$USER/proxy
go run http_exporter.go -uri https://cms-pdmv.cern.ch/mcm/ -proxyfile /tmp/$USER/proxy -namespace ceyhun -port :18006 -agent test  -verbose
# another terminal
curl http://localhost:18006/metrics

Additional context and error message
I tried CheckRedirect that has an example here, but SSO is not related with redirection it seems, it did not work. @vkuznet any suggestions?

fyi @brij01 @leggerf
@vkuznet
Copy link
Collaborator

vkuznet commented Apr 29, 2022

@mrceyhun one way to solve this problem is in reverse order. You will need to expand http exporter to use pushgateway and install it locally on McM server such that it will query McM localhost (no SSO is required for that I bet) and push metrics to Prometheus of your choice. Can you take this challenge and add necessary changes to http exporter? Look at this example I took it from here. The only downside I see is that http exporter will depend on Prometheus package. As such, you may basically clone http exporter and call it http_exporter_push.go such that we'll have dedicated exporter for this use-case. In fact, this use-case can be useful if we'll ever want to scrape remote (non CERN) nodes/services (I think we had this discussion before).

@mrceyhun
Copy link
Contributor Author

mrceyhun commented May 2, 2022

Thanks @vkuznet . Your solution makes sense and I can take this challenge. Before implementing this, I would like to try querying URL behind SSO. (For me) In theory, it should not be hard to implement it. I opened a ticket to CERN SSO team about implementing it (more clearly: sending request to service behind SSO and getting response). I would like to decide according to their answer. In any case, I'll take this challenge.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vkuznet @mrceyhun