use charm-tracing-config and push cacert to charm

Author: PietroPasotti

lib/charms/mysql/v0/tls.py

@@ -45,6 +45,7 @@
     TLS_SSL_CA_FILE,
     TLS_SSL_CERT_FILE,
     TLS_SSL_KEY_FILE,
+    CHARM_CA_CERT_PATH
 )
 
 logger = logging.getLogger(__name__)
@@ -123,6 +124,7 @@ def _on_certificate_available(self, event: CertificateAvailableEvent) -> None:
         self.charm.set_secret(SCOPE, "certificate", event.certificate)
         self.charm.set_secret(SCOPE, "certificate-authority", event.ca)
 
+        self.push_tls_files_to_charm_container()
         self.push_tls_files_to_workload()
         try:
             self.charm._mysql.tls_setup(
@@ -249,6 +251,12 @@ def get_tls_content(self) -> Tuple[Optional[str], Optional[str], Optional[str]]:
         cert = self.charm.get_secret(SCOPE, "certificate")
         return key, ca_file, cert
 
+    def push_tls_files_to_charm_container(self) -> None:
+        """Push TLS files to charm container."""
+        _, _, ssl_cert = self.get_tls_content()
+        if ssl_cert:
+            Path(CHARM_CA_CERT_PATH).write_text(ssl_cert)
+
     def push_tls_files_to_workload(self) -> None:
         """Push TLS files to unit."""
         ssl_key, ssl_ca, ssl_cert = self.get_tls_content()

src/charm.py

@@ -49,7 +49,7 @@
 from charms.prometheus_k8s.v0.prometheus_scrape import MetricsEndpointProvider
 from charms.rolling_ops.v0.rollingops import RollingOpsManager
 from charms.tempo_coordinator_k8s.v0.charm_tracing import trace_charm
-from charms.tempo_coordinator_k8s.v0.tracing import TracingEndpointRequirer
+from charms.tempo_coordinator_k8s.v0.tracing import TracingEndpointRequirer, charm_tracing_config
 from ops import EventBase, RelationBrokenEvent, RelationCreatedEvent
 from ops.charm import RelationChangedEvent, UpdateStatusEvent
 from ops.model import (
@@ -89,6 +89,7 @@
     SERVER_CONFIG_USERNAME,
     TRACING_PROTOCOL,
     TRACING_RELATION_NAME,
+    CHARM_CA_CERT_PATH,
 )
 from k8s_helpers import KubernetesHelpers
 from log_rotate_manager import LogRotateManager
@@ -104,7 +105,8 @@
 
 
 @trace_charm(
-    tracing_endpoint="tracing_endpoint",
+    tracing_endpoint="charm_tracing_endpoint",
+    server_cert="charm_tracing_server_cert",
     extra_types=(
         GrafanaDashboardProvider,
         KubernetesHelpers,
@@ -197,11 +199,9 @@ def __init__(self, *args):
             self, protocols=[TRACING_PROTOCOL], relation_name=TRACING_RELATION_NAME
         )
 
-    @property
-    def tracing_endpoint(self) -> Optional[str]:
-        """Otlp http endpoint for charm instrumentation."""
-        if self.tracing.is_ready():
-            return self.tracing.get_endpoint(TRACING_PROTOCOL)
+        self.charm_tracing_endpoint, self.charm_tracing_server_cert = charm_tracing_config(
+            self.tracing,
+            CHARM_CA_CERT_PATH)
 
     @property
     def _mysql(self) -> MySQL:

src/constants.py

@@ -48,6 +48,7 @@
 MYSQLD_DEFAULTS_CONFIG_FILE = "/etc/mysql/my.cnf"
 MYSQLD_EXPORTER_PORT = "9104"
 MYSQLD_EXPORTER_SERVICE = "mysqld_exporter"
+CHARM_CA_CERT_PATH = "/usr/local/share/ca-certificates/ca.cert"
 GR_MAX_MEMBERS = 9
 # TODO: should be changed when adopting cos-agent
 COS_AGENT_RELATION_NAME = "metrics-endpoint"