6.6.5, 7.0.3, 7.1.0
cbcollect collects the projector CPU, memory and goroutine dumps of projector process. This is a critical piece of information which will help us debug customer CBSE's.
So far, this information is gathered using REST requests on 127.0.0.1:9999 port using HTTP. After TLS is enabled, projector uses the same port for TLS communication as well. So, any HTTP REST request would return: "Client sent an HTTP request to an HTTPS server". Enabling HTTPS request in cbcollect requires cacert.
Ask of this MB:
a. Does cbcollect know if TLS is enforced or not so that it can query with the appropriate protocol?
b. If cbcollect is unaware of it TLS, does each service need to query both protocols?
c. Is cacert available to cbcollect so that it can query on HTTPS protocol?
- backports to
MB-51752 [BP to 7.0.4] - cbcollect - failes to gather projector profiles when TLS is enforced
|For Gerrit Dashboard: MB-51197|
|171549,3||MB-51197: Add tls status of node to dump-guts/cbcollect||master||ns_server||Status: MERGED||+2||+1|
|171694,2||MB-51197: add curl '-k' (allow-insecure) option by default to get||master||ns_server||Status: MERGED||+2||+1|
|173500,5||MB-51752 [BP] Gather projector profiles when TLS is enforced||cheshire-cat||ns_server||Status: MERGED||+2||+1|