I am connecting OTLPSpanExporter to Istio Jaeger Collector, which is ssl enabled. I have the ca.crt file, but I am unable to use it in OTLPSpanExporter. Any solution will be of great help.
class OTelBase:
def __init__(self, service_name):
self.service_name = service_name
# if you don't provide the service name in resource in Jaeger UI it will come as unknown service.
self.resource = Resource.create({"service.name": self.service_name})
self.provider = TracerProvider(resource=self.resource)
self.exporter = ConsoleSpanExporter()
self.no_op_exporter = SilentExporter()
self.otlp_exporter = OTLPSpanExporter(
endpoint=OPENTELEMETRY_OTLP_ENDPOINT,
insecure=False,
# **ca_file=JAEGER_COLLECTOR_SSL_PATH**
)
self.tracer = self._init_tracer()
self.context_stack = []
self.global_context = None
def clear(self):
self.global_context = None
self.context_stack = []
def _init_tracer(self):
try:
if os.getenv("KUBERNETES_SERVICE_HOST") or is_port_open(OPENTELEMETRY_OTLP_ENDPOINT):
exporter = self.otlp_exporter
else:
exporter = self.no_op_exporter
# exporter = self.exporter
processor = BatchSpanProcessor(span_exporter=exporter)
self.provider.add_span_processor(span_processor=processor)
trace.set_tracer_provider(tracer_provider=self.provider)
return trace.get_tracer(self.service_name)
except Exception as e:
logger.error(f"Failed to initialize OpenTelemetry tracer: {e}")
raise
Error I am getting:
I0000 00:00:1720703333.518763 19 subchannel.cc:761] subchannel 0x7f9758001d40 {address=ipv4:172.21.72.229:4317, args={grpc.client_channel_factory=0x55e221f87920, grpc.default_authority=jaeger-collector.istio-system.svc.cluster.local:4317, grpc.http2_scheme=https, grpc.internal.channel_credentials=0x55e221fcdcb0, grpc.internal.client_channel_call_destination=0x7f979707b390, grpc.internal.event_engine=0x7f9758001bb0, grpc.internal.security_connector=0x7f9758001a50, grpc.internal.subchannel_pool=0x55e221f8b4b0, grpc.primary_user_agent=grpc-python/1.65.0, grpc.resource_quota=0x55e22240a6e0, grpc.server_uri=dns:///jaeger-collector.istio-system.svc.cluster.local:4317}}: backoff delay elapsed, reporting IDLE
INFO: 127.0.0.1:43388 – “GET /health HTTP/1.1” 200 OK
INFO: 127.0.0.1:43404 – “GET /ready HTTP/1.1″ 200 OK
E0000 00:00:1720703339.803101 15 ssl_transport_security.cc:1650] Handshake failed with fatal error SSL_ERROR_SSL: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER.
I0000 00:00:1720703339.803221 15 tcp_posix.cc:809] IOMGR endpoint shutdown
I0000 00:00:1720703339.803563 15 subchannel.cc:806] subchannel 0x7f9758001d40 {address=ipv4:172.21.72.229:4317, args={grpc.client_channel_factory=0x55e221f87920, grpc.default_authority=jaeger-collector.istio-system.svc.cluster.local:4317, grpc.http2_scheme=https, grpc.internal.channel_credentials=0x55e221fcdcb0, grpc.internal.client_channel_call_destination=0x7f979707b390, grpc.internal.event_engine=0x7f9758001bb0, grpc.internal.security_connector=0x7f9758001a50, grpc.internal.subchannel_pool=0x55e221f8b4b0, grpc.primary_user_agent=grpc-python/1.65.0, grpc.resource_quota=0x55e22240a6e0, grpc.server_uri=dns:///jaeger-collector.istio-system.svc.cluster.local:4317}}: connect failed (UNKNOWN:Ssl handshake failed (TSI_PROTOCOL_FAILURE): SSL_ERROR_SSL: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER {created_time:”2024-07-11T13:08:59.803199733+00:00”}), backing off for 102396 ms
I tried to use the credentials but of no use.
self.otlp_exporter = OTLPSpanExporter(endpoint=OPENTELEMETRY_OTLP_ENDPOINT, insecure=False, credentials=JAEGER_COLLECTOR_SSL_PATH)
Also tried to set the environment variable in the deploy.yml file like:
- name: OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE
value: "/app/certificates/jaeger_collector/ca.crt"
But still the error is there.