publisher: remove HTTP GET log probing. (letsencrypt#4223)

We adding this diagnostic probing while debugging an issue that has since been resolved.
Embdsys · May 23, 2019 · e627f58 · e627f58
1 parent 696d2df
commit e627f58
Show file tree

Hide file tree

Showing 6 changed files with 6 additions and 102 deletions.
diff --git a/cmd/boulder-publisher/main.go b/cmd/boulder-publisher/main.go
@@ -4,7 +4,6 @@ import (
 	"flag"
 	"os"
 	"runtime"
-	"time"
 
 	ct "github.com/google/certificate-transparency-go"
 
@@ -91,20 +90,6 @@ func main() {
 	gw := bgrpc.NewPublisherServerWrapper(pubi)
 	pubPB.RegisterPublisherServer(grpcSrv, gw)
 
-	// Collect HTTP GET debug data every second from each log which
-	// we are requesting SCTs from. This will allow us to verify during
-	// CT outages we've seen in the past if the issue is with the CT
-	// client itself or something in the larger publisher/golang http
-	// library.
-	if features.Enabled(features.ProbeCTLogs) {
-		go func() {
-			t := time.NewTicker(time.Second)
-			for range t.C {
-				go pubi.ProbeLogs()
-			}
-		}()
-	}
-
 	go cmd.CatchSignals(logger, grpcSrv.GracefulStop)
 
 	err = cmd.FilterShutdownErrors(grpcSrv.Serve(l))

diff --git a/features/featureflag_string.go b/features/featureflag_string.go
diff --git a/features/features.go b/features/features.go
@@ -19,14 +19,13 @@ const (
 	AllowRenewalFirstRL
 	SetIssuedNamesRenewalBit
 	FasterRateLimit
+	ProbeCTLogs
 
 	//   Currently in-use features
 	// Check CAA and respect validationmethods parameter.
 	CAAValidationMethods
 	// Check CAA and respect accounturi parameter.
 	CAAAccountURI
-	// ProbeCTLogs enables HTTP probes to CT logs from the publisher
-	ProbeCTLogs
 	// HEAD requests to the WFE2 new-nonce endpoint should return HTTP StatusOK
 	// instead of HTTP StatusNoContent.
 	HeadNonceStatusOK

diff --git a/publisher/publisher.go b/publisher/publisher.go
@@ -407,39 +407,3 @@ func CreateTestingSignedSCT(req []string, k *ecdsa.PrivateKey, precert bool, tim
 	jsonSCT, _ := json.Marshal(jsonSCTObj)
 	return jsonSCT
 }
-
-// ProbeLogs sends a HTTP GET request to each of the logs in the
-// publisher logCache and records the latency and status of the
-// response.
-func (pub *Impl) ProbeLogs() {
-	wg := new(sync.WaitGroup)
-	for _, log := range pub.ctLogsCache.LogURIs() {
-		wg.Add(1)
-		go func(uri string) {
-			defer wg.Done()
-			c := http.Client{
-				Timeout: time.Minute*2 + time.Second*30,
-			}
-			url, err := url.Parse(uri)
-			if err != nil {
-				pub.log.Errf("failed to parse log URI: %s", err)
-			}
-			url.Path = ct.GetSTHPath
-			s := time.Now()
-			resp, err := c.Get(url.String())
-			took := time.Since(s).Seconds()
-			var status string
-			if err == nil {
-				defer func() { _ = resp.Body.Close() }()
-				status = resp.Status
-			} else {
-				status = "error"
-			}
-			pub.metrics.probeLatency.With(prometheus.Labels{
-				"log":    uri,
-				"status": status,
-			}).Observe(took)
-		}(log)
-	}
-	wg.Wait()
-}
diff --git a/publisher/publisher_test.go b/publisher/publisher_test.go
@@ -23,7 +23,6 @@ import (
 	"time"
 
 	ct "github.com/google/certificate-transparency-go"
-	"github.com/prometheus/client_golang/prometheus"
 	"golang.org/x/net/context"
 
 	blog "github.com/letsencrypt/boulder/log"
@@ -433,45 +432,3 @@ func TestLogErrorBody(t *testing.T) {
 	test.AssertError(t, err, "SubmitToSingleCTWithResult didn't fail")
 	test.AssertEquals(t, len(log.GetAllMatching("well this isn't good now is it")), 1)
 }
-
-func TestProbeLogs(t *testing.T) {
-	pub, _, k := setup(t)
-
-	srvA := logSrv(k)
-	defer srvA.Close()
-	portA, err := getPort(srvA.URL)
-	test.AssertNotError(t, err, "Failed to get test server port")
-	srvB := errorBodyLogSrv()
-	defer srvB.Close()
-	portB, err := getPort(srvB.URL)
-	test.AssertNotError(t, err, "Failed to get test server port")
-
-	addLog := func(uri string) {
-		k, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
-		test.AssertNotError(t, err, "ecdsa.GenerateKey() failed for k")
-		der, err := x509.MarshalPKIXPublicKey(&k.PublicKey)
-		test.AssertNotError(t, err, "x509.MarshalPKIXPublicKey(der) failed")
-		kb64 := base64.StdEncoding.EncodeToString(der)
-		_, err = pub.ctLogsCache.AddLog(uri, kb64, pub.log)
-		test.AssertNotError(t, err, "Failed to add log to logCache")
-	}
-
-	addLog(fmt.Sprintf("http://localhost:%d", portA))
-	addLog(fmt.Sprintf("http://localhost:%d", portB))
-	addLog("http://blackhole:9999")
-
-	pub.ProbeLogs()
-
-	test.AssertEquals(t, test.CountHistogramSamples(pub.metrics.probeLatency.With(prometheus.Labels{
-		"log":    fmt.Sprintf("http://localhost:%d", portA),
-		"status": "200 OK",
-	})), 1)
-	test.AssertEquals(t, test.CountHistogramSamples(pub.metrics.probeLatency.With(prometheus.Labels{
-		"log":    fmt.Sprintf("http://localhost:%d", portB),
-		"status": "400 Bad Request",
-	})), 1)
-	test.AssertEquals(t, test.CountHistogramSamples(pub.metrics.probeLatency.With(prometheus.Labels{
-		"log":    "http://blackhole:9999",
-		"status": "error",
-	})), 1)
-}
diff --git a/test/config-next/publisher.json b/test/config-next/publisher.json
@@ -18,7 +18,6 @@
       "keyFile": "test/grpc-creds/publisher.boulder/key.pem"
     },
     "features": {
-      "ProbeCTLogs": true
     }
   },
-Original file line number
+Diff line change
@@ Expand Up / @@ -18,7 +18,6 @@ @@
           "keyFile": "test/grpc-creds/publisher.boulder/key.pem"
         },
         "features": {
-          "ProbeCTLogs": true
         }
       },
@@ Expand Down @@