Skip to content

[cmd/opampsupervisor] TLS should only be used for 'wss' and 'https' #35283

New issue
New issue
Closed
#35363
Closed
[cmd/opampsupervisor] TLS should only be used for 'wss' and 'https'#35283
#35363
Labels
bugSomething isn't workingcmd/opampsupervisorneeds triageNew item requiring triage
@dpaasman00

Description

@dpaasman00
dpaasman00
opened on Sep 18, 2024

Component(s)

cmd/opampsupervisor

What happened?

Description

When connecting to an OpAMP management server using ws or http protocols, server.tls.insecure needs to be configured as true. This should not be necessary since it should be implied with those protocols that it is insecure.

Steps to Reproduce

Run the supervisor configured to connect to an OpAMP management server using ws or http. My server config is below:

server:
  endpoint: ws://localhost:3001/v1/opamp
  headers:
    Authorization: "Secret-Key <secret-key>"

Expected Result

I expected the supervisor to connect successfully without error.

Actual Result

The supervisor fails with this message and enters a retry loop that continually fails with the same error.

2024-09-18T13:50:48.573-0400	ERROR	supervisor/supervisor.go:411	Failed to connect to the server	{"error": "tls: first record does not look like a TLS handshake"}

Only once the supervisor config is updated with server.tls.insecure: true does the supervisor manage to successfully connect to the server.

Collector version

main (present in current commit 292f291)

Environment information

Environment

OS: macOS Sequoia 15.0
Compiler: go 1.23

OpenTelemetry Collector configuration

server:
  endpoint: ws://localhost:3001/v1/opamp
  headers:
    Authorization: "Secret-Key <secret key>"

capabilities:
  accepts_remote_config: true
  reports_remote_config: true

agent:
  executable: ./dist/collector_darwin_arm64

storage:
  directory: "./local/supervisor_storage"

Log output

2024-09-18T13:50:48.573-0400	ERROR	supervisor/supervisor.go:411	Failed to connect to the server	{"error": "tls: first record does not look like a TLS handshake"}
2024-09-18T13:50:48.573-0400	ERROR	supervisor/logger.go:26	Connection failed (tls: first record does not look like a TLS handshake), will retry.
2024-09-18T13:50:48.978-0400	ERROR	supervisor/supervisor.go:411	Failed to connect to the server	{"error": "tls: first record does not look like a TLS handshake"}
2024-09-18T13:50:48.979-0400	ERROR	supervisor/logger.go:26	Connection failed (tls: first record does not look like a TLS handshake), will retry.


This continues until I stop the process.

Additional context

I believe the relevant code is here. LoadTLSConfig() is always called when creating the OpAMP client and it does not consider the protocol being used. I have a fix in progress that will skip calling LoadTLSConfig() if we're using ws or http.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't workingcmd/opampsupervisorneeds triageNew item requiring triage

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions