honeycombio · robbkidd · Aug 21, 2024 · Aug 19, 2024 · Aug 19, 2024 · Aug 20, 2024
@@ -27,6 +27,15 @@ test_all: test_results wait_for_redis
 test_results:
 	@mkdir -p test_results
 
+local_image: export KO_DOCKER_REPO=ko.local
+local_image: export CIRCLE_TAG=$(shell git describe --always --match "v[0-9]*" --tags)
+local_image: export CIRCLE_BRANCH=$(shell git rev-parse --abbrev-ref HEAD)
+local_image: export CIRCLE_SHA1=$(shell git rev-parse HEAD)
+local_image: export CIRCLE_BUILD_NUM=''
+#: build the release image locally, available as "ko.local/refinery:<commit>"
+local_image:
+	./build-docker.sh
+
 .PHONY: wait_for_redis
 # wait for Redis to become available for test suite
 wait_for_redis: dockerize

@@ -0,0 +1 @@
+*.env
@@ -0,0 +1,78 @@
+# Smoke Testing
+
+⚠️ All configuration in this directory is for development and testing purposes.
+This is not an example of a production-ready Refinery deployment.
+
+## How Do I Even?
+
+From the root of the project repo:
+
+```shell
+> make local_image
+```
+
+Then change to this directory and run docker compose:
+
+```shell
+> cd smoke-test
+> docker compose up
+```
+
+Observe the log output of the services.
+Refinery ought to have connected to Redis to report and then find itself in the peer list.
+
+Congratulations! You have applied power and [the magic smoke was not released](https://en.wikipedia.org/wiki/Smoke_testing_(software)#Etymology)!
+
+## Shooting Trouble
+
+### Refinery warning: failed to upload metrics
+
+#### Problem
+
+The logs for the Refinery node contains:
+
+```plain
+failed to upload metrics: failed to send metrics to <A URL>: 401 Unauthorized
+```
+
+This message on its own is not a Refinery *failure*.
+The service is likely operating, but unable to send the telemetry concerning its internal operations on to the configured endpoint.
+
+#### Solution
+
+Double-check the `LegacyMetrics` and `OTelMetrics` sections of `config.yaml` are set to send telemetry to the destination you expect.
+Confirm that the API key provided there or in environment variables is correct for the intended destination.
+
+### Docker Error: No such image
+
+#### Problem
+
+The command `docker compose up` returns the following error:
+
+```plain
+Error response from daemon: No such image: ko.local/refinery:latest
+```
+
+#### Solution
+
+The local image needs to be built. Run `make local_target` at the root of the repo.
+
+### Redis Error: SSL routines::wrong version number
+
+#### Problem
+
+The services for Redis and Refinery start, but the Redis log contains numerous entries like:
+
+```plain
+redis-1      | 1:M 19 Aug 2024 17:23:52.114 # Error accepting a client connection: error:0A00010B:SSL routines::wrong version number (addr=172.25.0.3:37484 laddr=172.25.0.2:6379)
+```
+
+This is a sign that Refinery is not using TLS to connect to Redis which *is* using TLS.
+
+#### Solution
+
+Check the config.yaml used by the Refinery container.
+
+* Is `UseTLS` set to true?
+* Is `UseTLSInsecure` set to true? (because we're self-signed locally)
+* Do we have a bug with TLS connections?
@@ -0,0 +1,27 @@
+General:
+  ConfigurationVersion: 2
+  MinRefineryVersion: v2.0
+
+Logger:
+  Type: stdout
+  Level: info
+
+# LegacyMetrics:
+#   Enabled: true
+#   Dataset: refinery_metrics
+
+# OTelMetrics:
+#   Enabled: true
+#   Dataset: refinery_metrics_otel
+
+PeerManagement:
+    Type: redis
+
+RedisPeerManagement:
+    UseTLS: true
+    UseTLSInsecure: true
+
+RefineryTelemetry:
+  AddRuleReasonToTrace: true
+  AddSpanCountToRoot: true
+  AddHostMetadataToTrace: true
@@ -0,0 +1,51 @@
+services:
+  refinery:
+    image: ko.local/refinery:latest # build this with 'make local_image' at the root of the repo
+    pull_policy: never # 'Error response from daemon: No such image' means you need to build it. 👆
+    environment: # these take precedence over the settings in env_file
+      REFINERY_REDIS_HOST: redis:6379
+    env_file:
+      - refinery.env # put secrets & other custom env vars in here, git ignores it
+    volumes:
+      - ./config.yaml:/etc/refinery/refinery.yaml
+      - ./rules.yaml:/etc/refinery/rules.yaml
+    ports:
+      - 127.0.0.1:8080:8080
+      - 127.0.0.1:9090:9090
+    depends_on:
+      redis:
+        condition: service_healthy
+
+  redis:
+    image: redis:7
+    command: [ "redis-server",
+      "--port", "0",
+      "--tls-port", "6379",
+      "--tls-cert-file", "/data/certs/cert.pem",
+      "--tls-key-file", "/data/certs/key.pem",
+      "--tls-ca-cert-file", "/data/certs/ca.pem",
+      "--tls-auth-clients", "no"
+      ]
+    healthcheck:
+      test: ["CMD-SHELL", "redis-cli --tls --insecure ping | grep PONG"]
+      interval: 2s
+      timeout: 3s
+      retries: 5
+    ports:
+      - 127.0.0.1:6379:6379
+    volumes:
+      - redis-data:/data
+      - certs:/data/certs
+    depends_on:
+      gen-certs:
+        condition: service_completed_successfully
+
+  gen-certs:
+    image: paulczar/omgwtfssl
+    command: ["sh", "-c", "[ -f /certs/cert.pem ] && echo 'Cert exists!' || /usr/local/bin/generate-certs"]
+    volumes:
+      - certs:/certs
+
+volumes:
+  certs:
+  redis-data:
@@ -0,0 +1,13 @@
+
+RulesVersion: 2
+Samplers:
+    __default__:
+        DeterministicSampler:
+            SampleRate: 1
+    TheNewWorld:
+        TotalThroughputSampler:
+            GoalThroughputPerSec: 50
+            ClearFrequency: 5s
+            FieldList:
+                - title
+