`OTEL_EXPORTER_OTLP_CERTIFICATE` not implemented

[niall-nai]

Potentially also missing implementation for:

OTEL_EXPORTER_OTLP_CLIENT_CERTIFICATE
OTEL_EXPORTER_OTLP_CLIENT_KEY

Configuring the above 3 environment variables and attempting to connect to a self-hosted Elasticsearch instance gives an UNABLE_TO_VERIFY_LEAF_SIGNATURE error, indicating that one or all of the provided variables is not being used. Attempting to use the Node-native fetch in the following way:

import { Agent, fetch } from 'undici';

const tlsAgent = new Agent({
	connect: {
		ca: readFileSync('/usr/local/app/certificates/ca.crt'),
		cert: readFileSync('/usr/local/app/certificates/tls.crt'),
		key: readFileSync('/usr/local/app/certificates/tls.key'),
	},
});

fetch(apmEndpoint, {
	dispatcher: tlsAgent,
})

succeeds with a 200/OK response.

There does not appear to be any way to override these values programmatically, as they are used by PeriodicExportingMetricReader which cannot be overriden in startNodeSDK without significantly compromising effectiveness of the library.

The APM server is running inside of a self-hosted cluster containing Elasticsearch and Kibana, both of which it can connect to. All connecting URLs are using HTTPS

[trentm]

Hi @niall-nai,

Sorry for the delay in responding.
Yes, I think this functionality is missing in the upstream OpenTelemetry JS packages.
See this issue: open-telemetry/opentelemetry-js#5215

That suggests there is a workaround using the httpAgentOptions option to a directly created Exporter instance.

This is, as you've noted, not exposed as a top-level option to startNodeSDK(), so you'd then need to do somethign heavier like (untested):

startNodeSDK({
  metricReaders: [
    new PeriodicExportingMetricReader({
      exporter: new OTLPMetricExporter({
        httpAgentOptions: {
          ca: readFileSync('...'),
          cert: readFileSync('...'),
          key: readFileSync('...'),
        }
      }),
    })
  ]
});

Are you able to try that?

[niall-nai]

Hi @trentm no worries, thanks for your response

I did experiment with that before raising this, however as I understand it there's 3 elements that need to be redefined- traceExporter, metricReader ( / metricExporter), and logExporter - of which only the first two are allowed to be passed to startNodeSDK?

Additionally, in passing a new metric and trace exporter, will I not lose a substantial amount of the benefit of using the Elastic-based implementation of OpenTelemetry? It's my understanding that these are the key elements which provide additional data and metadata on top of the standard OTEL implementation

[trentm]

there's 3 elements that need to be redefined- traceExporter, metricReader ( / metricExporter), and logExporter - of which only the first two are allowed to be passed to startNodeSDK?

startNodeSDK accepts all the same options as the upstream OTel JS SDK's NodeSDK, which includes logRecordProcessors. So you should be able to pass all three to startNodeSDK.
Granted that this is a pain to have to manually setup all the processors/exporters manually to workaround this limitation.

will I not lose a substantial amount of the benefit of using the Elastic-based implementation of OpenTelemetry

True, your app will lose some of the benefit of using the Elastic distribution (EDOT Node.js): mostly some of the convenience of the SDK config code in startNodeSDK. However, other benefits would still be there:

• the central config support
• the setup/init of all included instrumentations (similar to @opentelemetry/auto-instrumentations-node)
• the added metrics from the @opentelemetry/host-metrics package
• the shutdown handling

[david-luna]

upstream PR to add this feat open-telemetry/opentelemetry-js#6015

[david-luna]

follow up PR #1104

[niall-nai]

Thanks so much for your work on this @david-luna

[david-luna]

@niall-nai

@elastic/opentelemetry-node@1.6.0 has been published including this feature :)