2016-08-29 09:48:20 -07:00
|
|
|
// Copyright 2016 The Prometheus Authors
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
|
|
package remote
|
|
|
|
|
|
|
|
import (
|
2017-05-31 05:46:08 -07:00
|
|
|
"bufio"
|
Switch back to protos over HTTP, instead of GRPC.
My aim is to support the new grpc generic write path in Frankenstein. On the surface this seems easy - however I've hit a number of problems that make me think it might be better to not use grpc just yet.
The explanation of the problems requires a little background. At weave, traffic to frankenstein need to go through a couple of services first, for SSL and to be authenticated. So traffic goes:
internet -> frontend -> authfe -> frankenstein
- The frontend is Nginx, and adds/removes SSL. Its done this way for legacy reasons, so the certs can be managed in one place, although eventually we imagine we'll merge it with authfe. All traffic from frontend is sent to authfe.
- Authfe checks the auth tokens / cookie etc and then picks the service to forward the RPC to.
- Frankenstein accepts the reads and does the right thing with them.
First problem I hit was Nginx won't proxy http2 requests - it can accept them, but all calls downstream are http1 (see https://trac.nginx.org/nginx/ticket/923). This wasn't such a big deal, so it now looks like:
internet --(grpc/http2)--> frontend --(grpc/http1)--> authfe --(grpc/http1)--> frankenstein
Next problem was golang grpc server won't accept http1 requests (see https://groups.google.com/forum/#!topic/grpc-io/JnjCYGPMUms). It is possible to link a grpc server in with a normal go http mux, as long as the mux server is serving over SSL, as the golang http client & server won't do http2 over anything other than an SSL connection. This would require making all our service to service comms SSL. So I had a go a writing a grpc http1 server, and got pretty far. But is was a bit of a mess.
So finally I thought I'd make a separate grpc frontend for this, running in parallel with the frontend/authfe combo on a different port - and first up I'd need a grpc reverse proxy. Ideally we'd have some nice, generic reverse proxy that only knew about a map from service names -> downstream service, and didn't need to decode & re-encode every request as it went through. It seems like this can't be done with golang's grpc library - see https://github.com/mwitkow/grpc-proxy/issues/1.
And then I was surprised to find you can't do grpc from browsers! See http://www.grpc.io/faq/ - not important to us, but I'm starting to question why we decided to use grpc in the first place?
It would seem we could have most of the benefits of grpc with protos over HTTP, and this wouldn't preclude moving to grpc when its a bit more mature? In fact, the grcp FAQ even admits as much:
> Why is gRPC better than any binary blob over HTTP/2?
> This is largely what gRPC is on the wire.
2016-09-15 15:16:03 -07:00
|
|
|
"bytes"
|
|
|
|
"fmt"
|
2017-06-01 03:21:48 -07:00
|
|
|
"io"
|
2017-03-10 03:53:27 -08:00
|
|
|
"io/ioutil"
|
Switch back to protos over HTTP, instead of GRPC.
My aim is to support the new grpc generic write path in Frankenstein. On the surface this seems easy - however I've hit a number of problems that make me think it might be better to not use grpc just yet.
The explanation of the problems requires a little background. At weave, traffic to frankenstein need to go through a couple of services first, for SSL and to be authenticated. So traffic goes:
internet -> frontend -> authfe -> frankenstein
- The frontend is Nginx, and adds/removes SSL. Its done this way for legacy reasons, so the certs can be managed in one place, although eventually we imagine we'll merge it with authfe. All traffic from frontend is sent to authfe.
- Authfe checks the auth tokens / cookie etc and then picks the service to forward the RPC to.
- Frankenstein accepts the reads and does the right thing with them.
First problem I hit was Nginx won't proxy http2 requests - it can accept them, but all calls downstream are http1 (see https://trac.nginx.org/nginx/ticket/923). This wasn't such a big deal, so it now looks like:
internet --(grpc/http2)--> frontend --(grpc/http1)--> authfe --(grpc/http1)--> frankenstein
Next problem was golang grpc server won't accept http1 requests (see https://groups.google.com/forum/#!topic/grpc-io/JnjCYGPMUms). It is possible to link a grpc server in with a normal go http mux, as long as the mux server is serving over SSL, as the golang http client & server won't do http2 over anything other than an SSL connection. This would require making all our service to service comms SSL. So I had a go a writing a grpc http1 server, and got pretty far. But is was a bit of a mess.
So finally I thought I'd make a separate grpc frontend for this, running in parallel with the frontend/authfe combo on a different port - and first up I'd need a grpc reverse proxy. Ideally we'd have some nice, generic reverse proxy that only knew about a map from service names -> downstream service, and didn't need to decode & re-encode every request as it went through. It seems like this can't be done with golang's grpc library - see https://github.com/mwitkow/grpc-proxy/issues/1.
And then I was surprised to find you can't do grpc from browsers! See http://www.grpc.io/faq/ - not important to us, but I'm starting to question why we decided to use grpc in the first place?
It would seem we could have most of the benefits of grpc with protos over HTTP, and this wouldn't preclude moving to grpc when its a bit more mature? In fact, the grcp FAQ even admits as much:
> Why is gRPC better than any binary blob over HTTP/2?
> This is largely what gRPC is on the wire.
2016-09-15 15:16:03 -07:00
|
|
|
"net/http"
|
2016-08-29 09:48:20 -07:00
|
|
|
"time"
|
|
|
|
|
Switch back to protos over HTTP, instead of GRPC.
My aim is to support the new grpc generic write path in Frankenstein. On the surface this seems easy - however I've hit a number of problems that make me think it might be better to not use grpc just yet.
The explanation of the problems requires a little background. At weave, traffic to frankenstein need to go through a couple of services first, for SSL and to be authenticated. So traffic goes:
internet -> frontend -> authfe -> frankenstein
- The frontend is Nginx, and adds/removes SSL. Its done this way for legacy reasons, so the certs can be managed in one place, although eventually we imagine we'll merge it with authfe. All traffic from frontend is sent to authfe.
- Authfe checks the auth tokens / cookie etc and then picks the service to forward the RPC to.
- Frankenstein accepts the reads and does the right thing with them.
First problem I hit was Nginx won't proxy http2 requests - it can accept them, but all calls downstream are http1 (see https://trac.nginx.org/nginx/ticket/923). This wasn't such a big deal, so it now looks like:
internet --(grpc/http2)--> frontend --(grpc/http1)--> authfe --(grpc/http1)--> frankenstein
Next problem was golang grpc server won't accept http1 requests (see https://groups.google.com/forum/#!topic/grpc-io/JnjCYGPMUms). It is possible to link a grpc server in with a normal go http mux, as long as the mux server is serving over SSL, as the golang http client & server won't do http2 over anything other than an SSL connection. This would require making all our service to service comms SSL. So I had a go a writing a grpc http1 server, and got pretty far. But is was a bit of a mess.
So finally I thought I'd make a separate grpc frontend for this, running in parallel with the frontend/authfe combo on a different port - and first up I'd need a grpc reverse proxy. Ideally we'd have some nice, generic reverse proxy that only knew about a map from service names -> downstream service, and didn't need to decode & re-encode every request as it went through. It seems like this can't be done with golang's grpc library - see https://github.com/mwitkow/grpc-proxy/issues/1.
And then I was surprised to find you can't do grpc from browsers! See http://www.grpc.io/faq/ - not important to us, but I'm starting to question why we decided to use grpc in the first place?
It would seem we could have most of the benefits of grpc with protos over HTTP, and this wouldn't preclude moving to grpc when its a bit more mature? In fact, the grcp FAQ even admits as much:
> Why is gRPC better than any binary blob over HTTP/2?
> This is largely what gRPC is on the wire.
2016-09-15 15:16:03 -07:00
|
|
|
"github.com/golang/protobuf/proto"
|
|
|
|
"github.com/golang/snappy"
|
2016-09-19 13:47:51 -07:00
|
|
|
"golang.org/x/net/context"
|
|
|
|
"golang.org/x/net/context/ctxhttp"
|
|
|
|
|
2016-08-29 09:48:20 -07:00
|
|
|
"github.com/prometheus/common/model"
|
2016-09-19 13:47:51 -07:00
|
|
|
"github.com/prometheus/prometheus/config"
|
2017-03-10 03:53:27 -08:00
|
|
|
"github.com/prometheus/prometheus/storage/metric"
|
2017-03-20 06:17:04 -07:00
|
|
|
"github.com/prometheus/prometheus/util/httputil"
|
2016-08-29 09:48:20 -07:00
|
|
|
)
|
|
|
|
|
2017-06-01 03:21:48 -07:00
|
|
|
const maxErrMsgLen = 256
|
|
|
|
|
2017-03-10 03:53:27 -08:00
|
|
|
// Client allows reading and writing from/to a remote HTTP endpoint.
|
2016-08-29 09:48:20 -07:00
|
|
|
type Client struct {
|
2017-02-13 12:43:20 -08:00
|
|
|
index int // Used to differentiate metrics.
|
2017-03-10 03:53:27 -08:00
|
|
|
url *config.URL
|
2016-09-19 13:47:51 -07:00
|
|
|
client *http.Client
|
|
|
|
timeout time.Duration
|
2016-08-29 09:48:20 -07:00
|
|
|
}
|
|
|
|
|
2017-09-14 06:25:09 -07:00
|
|
|
// ClientConfig configures a Client.
|
|
|
|
type ClientConfig struct {
|
|
|
|
URL *config.URL
|
|
|
|
Timeout model.Duration
|
|
|
|
HTTPClientConfig config.HTTPClientConfig
|
2017-03-10 03:53:27 -08:00
|
|
|
}
|
|
|
|
|
2016-08-29 09:48:20 -07:00
|
|
|
// NewClient creates a new Client.
|
2017-09-14 06:25:09 -07:00
|
|
|
func NewClient(index int, conf *ClientConfig) (*Client, error) {
|
2017-09-11 02:08:26 -07:00
|
|
|
// If not specified in config, allow HTTP connections for remote API to use keep-alive
|
2017-09-14 06:25:09 -07:00
|
|
|
if conf.HTTPClientConfig.KeepAlive == nil {
|
2017-09-11 02:08:26 -07:00
|
|
|
val := true
|
2017-09-14 06:25:09 -07:00
|
|
|
conf.HTTPClientConfig.KeepAlive = &val
|
2017-09-11 02:08:26 -07:00
|
|
|
}
|
2017-09-14 06:25:09 -07:00
|
|
|
httpClient, err := httputil.NewClientFromConfig(conf.HTTPClientConfig)
|
2016-09-19 13:47:51 -07:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2016-08-29 09:48:20 -07:00
|
|
|
return &Client{
|
2017-02-13 12:43:20 -08:00
|
|
|
index: index,
|
2017-09-14 06:25:09 -07:00
|
|
|
url: conf.URL,
|
2017-03-20 05:37:50 -07:00
|
|
|
client: httpClient,
|
2017-09-14 06:25:09 -07:00
|
|
|
timeout: time.Duration(conf.Timeout),
|
2016-08-29 09:48:20 -07:00
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
2017-04-06 15:15:41 -07:00
|
|
|
type recoverableError struct {
|
|
|
|
error
|
|
|
|
}
|
|
|
|
|
2016-08-29 09:48:20 -07:00
|
|
|
// Store sends a batch of samples to the HTTP endpoint.
|
|
|
|
func (c *Client) Store(samples model.Samples) error {
|
2017-08-03 13:03:19 -07:00
|
|
|
req := ToWriteRequest(samples)
|
Switch back to protos over HTTP, instead of GRPC.
My aim is to support the new grpc generic write path in Frankenstein. On the surface this seems easy - however I've hit a number of problems that make me think it might be better to not use grpc just yet.
The explanation of the problems requires a little background. At weave, traffic to frankenstein need to go through a couple of services first, for SSL and to be authenticated. So traffic goes:
internet -> frontend -> authfe -> frankenstein
- The frontend is Nginx, and adds/removes SSL. Its done this way for legacy reasons, so the certs can be managed in one place, although eventually we imagine we'll merge it with authfe. All traffic from frontend is sent to authfe.
- Authfe checks the auth tokens / cookie etc and then picks the service to forward the RPC to.
- Frankenstein accepts the reads and does the right thing with them.
First problem I hit was Nginx won't proxy http2 requests - it can accept them, but all calls downstream are http1 (see https://trac.nginx.org/nginx/ticket/923). This wasn't such a big deal, so it now looks like:
internet --(grpc/http2)--> frontend --(grpc/http1)--> authfe --(grpc/http1)--> frankenstein
Next problem was golang grpc server won't accept http1 requests (see https://groups.google.com/forum/#!topic/grpc-io/JnjCYGPMUms). It is possible to link a grpc server in with a normal go http mux, as long as the mux server is serving over SSL, as the golang http client & server won't do http2 over anything other than an SSL connection. This would require making all our service to service comms SSL. So I had a go a writing a grpc http1 server, and got pretty far. But is was a bit of a mess.
So finally I thought I'd make a separate grpc frontend for this, running in parallel with the frontend/authfe combo on a different port - and first up I'd need a grpc reverse proxy. Ideally we'd have some nice, generic reverse proxy that only knew about a map from service names -> downstream service, and didn't need to decode & re-encode every request as it went through. It seems like this can't be done with golang's grpc library - see https://github.com/mwitkow/grpc-proxy/issues/1.
And then I was surprised to find you can't do grpc from browsers! See http://www.grpc.io/faq/ - not important to us, but I'm starting to question why we decided to use grpc in the first place?
It would seem we could have most of the benefits of grpc with protos over HTTP, and this wouldn't preclude moving to grpc when its a bit more mature? In fact, the grcp FAQ even admits as much:
> Why is gRPC better than any binary blob over HTTP/2?
> This is largely what gRPC is on the wire.
2016-09-15 15:16:03 -07:00
|
|
|
data, err := proto.Marshal(req)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2016-08-29 09:48:20 -07:00
|
|
|
|
2017-05-10 07:42:59 -07:00
|
|
|
compressed := snappy.Encode(nil, data)
|
|
|
|
httpReq, err := http.NewRequest("POST", c.url.String(), bytes.NewBuffer(compressed))
|
Switch back to protos over HTTP, instead of GRPC.
My aim is to support the new grpc generic write path in Frankenstein. On the surface this seems easy - however I've hit a number of problems that make me think it might be better to not use grpc just yet.
The explanation of the problems requires a little background. At weave, traffic to frankenstein need to go through a couple of services first, for SSL and to be authenticated. So traffic goes:
internet -> frontend -> authfe -> frankenstein
- The frontend is Nginx, and adds/removes SSL. Its done this way for legacy reasons, so the certs can be managed in one place, although eventually we imagine we'll merge it with authfe. All traffic from frontend is sent to authfe.
- Authfe checks the auth tokens / cookie etc and then picks the service to forward the RPC to.
- Frankenstein accepts the reads and does the right thing with them.
First problem I hit was Nginx won't proxy http2 requests - it can accept them, but all calls downstream are http1 (see https://trac.nginx.org/nginx/ticket/923). This wasn't such a big deal, so it now looks like:
internet --(grpc/http2)--> frontend --(grpc/http1)--> authfe --(grpc/http1)--> frankenstein
Next problem was golang grpc server won't accept http1 requests (see https://groups.google.com/forum/#!topic/grpc-io/JnjCYGPMUms). It is possible to link a grpc server in with a normal go http mux, as long as the mux server is serving over SSL, as the golang http client & server won't do http2 over anything other than an SSL connection. This would require making all our service to service comms SSL. So I had a go a writing a grpc http1 server, and got pretty far. But is was a bit of a mess.
So finally I thought I'd make a separate grpc frontend for this, running in parallel with the frontend/authfe combo on a different port - and first up I'd need a grpc reverse proxy. Ideally we'd have some nice, generic reverse proxy that only knew about a map from service names -> downstream service, and didn't need to decode & re-encode every request as it went through. It seems like this can't be done with golang's grpc library - see https://github.com/mwitkow/grpc-proxy/issues/1.
And then I was surprised to find you can't do grpc from browsers! See http://www.grpc.io/faq/ - not important to us, but I'm starting to question why we decided to use grpc in the first place?
It would seem we could have most of the benefits of grpc with protos over HTTP, and this wouldn't preclude moving to grpc when its a bit more mature? In fact, the grcp FAQ even admits as much:
> Why is gRPC better than any binary blob over HTTP/2?
> This is largely what gRPC is on the wire.
2016-09-15 15:16:03 -07:00
|
|
|
if err != nil {
|
2017-04-06 15:15:41 -07:00
|
|
|
// Errors from NewRequest are from unparseable URLs, so are not
|
|
|
|
// recoverable.
|
Switch back to protos over HTTP, instead of GRPC.
My aim is to support the new grpc generic write path in Frankenstein. On the surface this seems easy - however I've hit a number of problems that make me think it might be better to not use grpc just yet.
The explanation of the problems requires a little background. At weave, traffic to frankenstein need to go through a couple of services first, for SSL and to be authenticated. So traffic goes:
internet -> frontend -> authfe -> frankenstein
- The frontend is Nginx, and adds/removes SSL. Its done this way for legacy reasons, so the certs can be managed in one place, although eventually we imagine we'll merge it with authfe. All traffic from frontend is sent to authfe.
- Authfe checks the auth tokens / cookie etc and then picks the service to forward the RPC to.
- Frankenstein accepts the reads and does the right thing with them.
First problem I hit was Nginx won't proxy http2 requests - it can accept them, but all calls downstream are http1 (see https://trac.nginx.org/nginx/ticket/923). This wasn't such a big deal, so it now looks like:
internet --(grpc/http2)--> frontend --(grpc/http1)--> authfe --(grpc/http1)--> frankenstein
Next problem was golang grpc server won't accept http1 requests (see https://groups.google.com/forum/#!topic/grpc-io/JnjCYGPMUms). It is possible to link a grpc server in with a normal go http mux, as long as the mux server is serving over SSL, as the golang http client & server won't do http2 over anything other than an SSL connection. This would require making all our service to service comms SSL. So I had a go a writing a grpc http1 server, and got pretty far. But is was a bit of a mess.
So finally I thought I'd make a separate grpc frontend for this, running in parallel with the frontend/authfe combo on a different port - and first up I'd need a grpc reverse proxy. Ideally we'd have some nice, generic reverse proxy that only knew about a map from service names -> downstream service, and didn't need to decode & re-encode every request as it went through. It seems like this can't be done with golang's grpc library - see https://github.com/mwitkow/grpc-proxy/issues/1.
And then I was surprised to find you can't do grpc from browsers! See http://www.grpc.io/faq/ - not important to us, but I'm starting to question why we decided to use grpc in the first place?
It would seem we could have most of the benefits of grpc with protos over HTTP, and this wouldn't preclude moving to grpc when its a bit more mature? In fact, the grcp FAQ even admits as much:
> Why is gRPC better than any binary blob over HTTP/2?
> This is largely what gRPC is on the wire.
2016-09-15 15:16:03 -07:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
httpReq.Header.Add("Content-Encoding", "snappy")
|
2017-03-24 09:39:51 -07:00
|
|
|
httpReq.Header.Set("Content-Type", "application/x-protobuf")
|
2017-05-10 07:42:59 -07:00
|
|
|
httpReq.Header.Set("X-Prometheus-Remote-Write-Version", "0.1.0")
|
2016-09-19 13:47:51 -07:00
|
|
|
|
2017-03-20 06:17:06 -07:00
|
|
|
ctx, cancel := context.WithTimeout(context.Background(), c.timeout)
|
|
|
|
defer cancel()
|
|
|
|
|
2016-09-19 13:47:51 -07:00
|
|
|
httpResp, err := ctxhttp.Do(ctx, c.client, httpReq)
|
2016-08-29 09:48:20 -07:00
|
|
|
if err != nil {
|
2017-04-06 15:15:41 -07:00
|
|
|
// Errors from client.Do are from (for example) network errors, so are
|
|
|
|
// recoverable.
|
|
|
|
return recoverableError{err}
|
2016-08-29 09:48:20 -07:00
|
|
|
}
|
Switch back to protos over HTTP, instead of GRPC.
My aim is to support the new grpc generic write path in Frankenstein. On the surface this seems easy - however I've hit a number of problems that make me think it might be better to not use grpc just yet.
The explanation of the problems requires a little background. At weave, traffic to frankenstein need to go through a couple of services first, for SSL and to be authenticated. So traffic goes:
internet -> frontend -> authfe -> frankenstein
- The frontend is Nginx, and adds/removes SSL. Its done this way for legacy reasons, so the certs can be managed in one place, although eventually we imagine we'll merge it with authfe. All traffic from frontend is sent to authfe.
- Authfe checks the auth tokens / cookie etc and then picks the service to forward the RPC to.
- Frankenstein accepts the reads and does the right thing with them.
First problem I hit was Nginx won't proxy http2 requests - it can accept them, but all calls downstream are http1 (see https://trac.nginx.org/nginx/ticket/923). This wasn't such a big deal, so it now looks like:
internet --(grpc/http2)--> frontend --(grpc/http1)--> authfe --(grpc/http1)--> frankenstein
Next problem was golang grpc server won't accept http1 requests (see https://groups.google.com/forum/#!topic/grpc-io/JnjCYGPMUms). It is possible to link a grpc server in with a normal go http mux, as long as the mux server is serving over SSL, as the golang http client & server won't do http2 over anything other than an SSL connection. This would require making all our service to service comms SSL. So I had a go a writing a grpc http1 server, and got pretty far. But is was a bit of a mess.
So finally I thought I'd make a separate grpc frontend for this, running in parallel with the frontend/authfe combo on a different port - and first up I'd need a grpc reverse proxy. Ideally we'd have some nice, generic reverse proxy that only knew about a map from service names -> downstream service, and didn't need to decode & re-encode every request as it went through. It seems like this can't be done with golang's grpc library - see https://github.com/mwitkow/grpc-proxy/issues/1.
And then I was surprised to find you can't do grpc from browsers! See http://www.grpc.io/faq/ - not important to us, but I'm starting to question why we decided to use grpc in the first place?
It would seem we could have most of the benefits of grpc with protos over HTTP, and this wouldn't preclude moving to grpc when its a bit more mature? In fact, the grcp FAQ even admits as much:
> Why is gRPC better than any binary blob over HTTP/2?
> This is largely what gRPC is on the wire.
2016-09-15 15:16:03 -07:00
|
|
|
defer httpResp.Body.Close()
|
2017-04-06 15:15:41 -07:00
|
|
|
|
Switch back to protos over HTTP, instead of GRPC.
My aim is to support the new grpc generic write path in Frankenstein. On the surface this seems easy - however I've hit a number of problems that make me think it might be better to not use grpc just yet.
The explanation of the problems requires a little background. At weave, traffic to frankenstein need to go through a couple of services first, for SSL and to be authenticated. So traffic goes:
internet -> frontend -> authfe -> frankenstein
- The frontend is Nginx, and adds/removes SSL. Its done this way for legacy reasons, so the certs can be managed in one place, although eventually we imagine we'll merge it with authfe. All traffic from frontend is sent to authfe.
- Authfe checks the auth tokens / cookie etc and then picks the service to forward the RPC to.
- Frankenstein accepts the reads and does the right thing with them.
First problem I hit was Nginx won't proxy http2 requests - it can accept them, but all calls downstream are http1 (see https://trac.nginx.org/nginx/ticket/923). This wasn't such a big deal, so it now looks like:
internet --(grpc/http2)--> frontend --(grpc/http1)--> authfe --(grpc/http1)--> frankenstein
Next problem was golang grpc server won't accept http1 requests (see https://groups.google.com/forum/#!topic/grpc-io/JnjCYGPMUms). It is possible to link a grpc server in with a normal go http mux, as long as the mux server is serving over SSL, as the golang http client & server won't do http2 over anything other than an SSL connection. This would require making all our service to service comms SSL. So I had a go a writing a grpc http1 server, and got pretty far. But is was a bit of a mess.
So finally I thought I'd make a separate grpc frontend for this, running in parallel with the frontend/authfe combo on a different port - and first up I'd need a grpc reverse proxy. Ideally we'd have some nice, generic reverse proxy that only knew about a map from service names -> downstream service, and didn't need to decode & re-encode every request as it went through. It seems like this can't be done with golang's grpc library - see https://github.com/mwitkow/grpc-proxy/issues/1.
And then I was surprised to find you can't do grpc from browsers! See http://www.grpc.io/faq/ - not important to us, but I'm starting to question why we decided to use grpc in the first place?
It would seem we could have most of the benefits of grpc with protos over HTTP, and this wouldn't preclude moving to grpc when its a bit more mature? In fact, the grcp FAQ even admits as much:
> Why is gRPC better than any binary blob over HTTP/2?
> This is largely what gRPC is on the wire.
2016-09-15 15:16:03 -07:00
|
|
|
if httpResp.StatusCode/100 != 2 {
|
2017-06-01 03:21:48 -07:00
|
|
|
scanner := bufio.NewScanner(io.LimitReader(httpResp.Body, maxErrMsgLen))
|
2017-05-31 05:46:08 -07:00
|
|
|
line := ""
|
|
|
|
if scanner.Scan() {
|
|
|
|
line = scanner.Text()
|
|
|
|
}
|
|
|
|
err = fmt.Errorf("server returned HTTP status %s: %s", httpResp.Status, line)
|
2017-04-06 15:15:41 -07:00
|
|
|
}
|
|
|
|
if httpResp.StatusCode/100 == 5 {
|
|
|
|
return recoverableError{err}
|
Switch back to protos over HTTP, instead of GRPC.
My aim is to support the new grpc generic write path in Frankenstein. On the surface this seems easy - however I've hit a number of problems that make me think it might be better to not use grpc just yet.
The explanation of the problems requires a little background. At weave, traffic to frankenstein need to go through a couple of services first, for SSL and to be authenticated. So traffic goes:
internet -> frontend -> authfe -> frankenstein
- The frontend is Nginx, and adds/removes SSL. Its done this way for legacy reasons, so the certs can be managed in one place, although eventually we imagine we'll merge it with authfe. All traffic from frontend is sent to authfe.
- Authfe checks the auth tokens / cookie etc and then picks the service to forward the RPC to.
- Frankenstein accepts the reads and does the right thing with them.
First problem I hit was Nginx won't proxy http2 requests - it can accept them, but all calls downstream are http1 (see https://trac.nginx.org/nginx/ticket/923). This wasn't such a big deal, so it now looks like:
internet --(grpc/http2)--> frontend --(grpc/http1)--> authfe --(grpc/http1)--> frankenstein
Next problem was golang grpc server won't accept http1 requests (see https://groups.google.com/forum/#!topic/grpc-io/JnjCYGPMUms). It is possible to link a grpc server in with a normal go http mux, as long as the mux server is serving over SSL, as the golang http client & server won't do http2 over anything other than an SSL connection. This would require making all our service to service comms SSL. So I had a go a writing a grpc http1 server, and got pretty far. But is was a bit of a mess.
So finally I thought I'd make a separate grpc frontend for this, running in parallel with the frontend/authfe combo on a different port - and first up I'd need a grpc reverse proxy. Ideally we'd have some nice, generic reverse proxy that only knew about a map from service names -> downstream service, and didn't need to decode & re-encode every request as it went through. It seems like this can't be done with golang's grpc library - see https://github.com/mwitkow/grpc-proxy/issues/1.
And then I was surprised to find you can't do grpc from browsers! See http://www.grpc.io/faq/ - not important to us, but I'm starting to question why we decided to use grpc in the first place?
It would seem we could have most of the benefits of grpc with protos over HTTP, and this wouldn't preclude moving to grpc when its a bit more mature? In fact, the grcp FAQ even admits as much:
> Why is gRPC better than any binary blob over HTTP/2?
> This is largely what gRPC is on the wire.
2016-09-15 15:16:03 -07:00
|
|
|
}
|
2017-05-11 09:40:10 -07:00
|
|
|
return err
|
2016-08-29 09:48:20 -07:00
|
|
|
}
|
|
|
|
|
2017-02-13 12:43:20 -08:00
|
|
|
// Name identifies the client.
|
2016-08-29 09:48:20 -07:00
|
|
|
func (c Client) Name() string {
|
2017-02-13 12:43:20 -08:00
|
|
|
return fmt.Sprintf("%d:%s", c.index, c.url)
|
2016-08-29 09:48:20 -07:00
|
|
|
}
|
2017-03-10 03:53:27 -08:00
|
|
|
|
|
|
|
// Read reads from a remote endpoint.
|
|
|
|
func (c *Client) Read(ctx context.Context, from, through model.Time, matchers metric.LabelMatchers) (model.Matrix, error) {
|
2017-08-03 13:03:19 -07:00
|
|
|
query, err := ToQuery(from, through, matchers)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2017-03-10 03:53:27 -08:00
|
|
|
req := &ReadRequest{
|
|
|
|
// TODO: Support batching multiple queries into one read request,
|
|
|
|
// as the protobuf interface allows for it.
|
2017-08-03 13:03:19 -07:00
|
|
|
Queries: []*Query{query},
|
2017-03-10 03:53:27 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
data, err := proto.Marshal(req)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("unable to marshal read request: %v", err)
|
|
|
|
}
|
|
|
|
|
2017-05-10 07:42:59 -07:00
|
|
|
compressed := snappy.Encode(nil, data)
|
|
|
|
httpReq, err := http.NewRequest("POST", c.url.String(), bytes.NewBuffer(compressed))
|
2017-03-10 03:53:27 -08:00
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("unable to create request: %v", err)
|
|
|
|
}
|
2017-05-10 07:42:59 -07:00
|
|
|
httpReq.Header.Add("Content-Encoding", "snappy")
|
2017-03-24 09:39:51 -07:00
|
|
|
httpReq.Header.Set("Content-Type", "application/x-protobuf")
|
2017-05-10 07:42:59 -07:00
|
|
|
httpReq.Header.Set("X-Prometheus-Remote-Read-Version", "0.1.0")
|
2017-03-20 06:17:06 -07:00
|
|
|
|
|
|
|
ctx, cancel := context.WithTimeout(ctx, c.timeout)
|
|
|
|
defer cancel()
|
|
|
|
|
2017-03-10 03:53:27 -08:00
|
|
|
httpResp, err := ctxhttp.Do(ctx, c.client, httpReq)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("error sending request: %v", err)
|
|
|
|
}
|
|
|
|
defer httpResp.Body.Close()
|
|
|
|
if httpResp.StatusCode/100 != 2 {
|
|
|
|
return nil, fmt.Errorf("server returned HTTP status %s", httpResp.Status)
|
|
|
|
}
|
|
|
|
|
2017-05-10 07:42:59 -07:00
|
|
|
compressed, err = ioutil.ReadAll(httpResp.Body)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("error reading response: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
uncompressed, err := snappy.Decode(nil, compressed)
|
|
|
|
if err != nil {
|
2017-03-10 03:53:27 -08:00
|
|
|
return nil, fmt.Errorf("error reading response: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
var resp ReadResponse
|
2017-05-10 07:42:59 -07:00
|
|
|
err = proto.Unmarshal(uncompressed, &resp)
|
2017-03-10 03:53:27 -08:00
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("unable to unmarshal response body: %v", err)
|
|
|
|
}
|
|
|
|
|
2017-04-06 07:28:42 -07:00
|
|
|
if len(resp.Results) != len(req.Queries) {
|
|
|
|
return nil, fmt.Errorf("responses: want %d, got %d", len(req.Queries), len(resp.Results))
|
|
|
|
}
|
|
|
|
|
2017-08-03 13:03:19 -07:00
|
|
|
return FromQueryResult(resp.Results[0]), nil
|
2017-03-10 03:53:27 -08:00
|
|
|
}
|