From b43c7a0a7c62603da430fd800e361515115c4449 Mon Sep 17 00:00:00 2001 From: Samantha Date: Wed, 1 Jul 2026 11:30:29 -0400 Subject: [PATCH 1/2] cert-checker: Allow scraping pprof data --- cmd/cert-checker/main.go | 15 +++++++++++---- cmd/shell.go | 4 ++-- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/cmd/cert-checker/main.go b/cmd/cert-checker/main.go index bc8765b5dbd..a58a4eb675a 100644 --- a/cmd/cert-checker/main.go +++ b/cmd/cert-checker/main.go @@ -543,6 +543,8 @@ type Config struct { DB cmd.DBConfig cmd.HostnamePolicyConfig + DebugAddr string `validate:"omitempty,hostname_port"` + Workers int `validate:"required,min=1"` // LookupDNSAuthority can only be specified with PushgatewayService. It's a single // : of the DNS server to be used for resolution @@ -634,6 +636,7 @@ func getPushgatewayURL(ctx context.Context, dnsAuthority string, svc cmd.Service } func main() { + debugAddr := flag.String("debug-addr", "", "Debug server address override") configFile := flag.String("config", "", "File path to the configuration file for this service") flag.Parse() if *configFile == "" { @@ -645,13 +648,17 @@ func main() { err := cmd.ReadConfigFile(*configFile, &config) cmd.FailOnError(err, "Reading JSON config file into config structure") + if *debugAddr != "" { + config.CertChecker.DebugAddr = *debugAddr + } + features.Set(config.CertChecker.Features) - logger := cmd.NewLogger(config.Syslog) + stats, logger, oTelShutdown := cmd.StatsAndLogging(config.Syslog, cmd.OpenTelemetryConfig{}, config.CertChecker.DebugAddr) + defer oTelShutdown(context.Background()) cmd.LogStartup(logger) - reg := prometheus.NewRegistry() - metrics := newCertCheckerMetrics(reg) + metrics := newCertCheckerMetrics(stats) acceptableValidityDurations := make(map[time.Duration]bool) if len(config.CertChecker.AcceptableValidityDurations) > 0 { @@ -746,7 +753,7 @@ func main() { if err != nil { logger.Error(ctx, "failed to get pushgateway URL", err) } else { - err = cmd.PushMetrics("cert-checker", pushgatewayURL, reg, logger) + err = cmd.PushMetrics("cert-checker", pushgatewayURL, stats, logger) if err != nil { logger.Error(ctx, "failed to push metrics to pushgateway", err, slog.String("url", pushgatewayURL)) } else { diff --git a/cmd/shell.go b/cmd/shell.go index 0cfa6fff2df..af017085dab 100644 --- a/cmd/shell.go +++ b/cmd/shell.go @@ -201,7 +201,7 @@ var backupLogger singletonLogger // is called, because gRPC's SetLogger doesn't use any locking. // // This function does not return an error, and will panic on problems. -func StatsAndLogging(logConf blog.Config, otConf OpenTelemetryConfig, addr string) (prometheus.Registerer, blog.Logger, func(context.Context)) { +func StatsAndLogging(logConf blog.Config, otConf OpenTelemetryConfig, addr string) (*prometheus.Registry, blog.Logger, func(context.Context)) { logger := NewLogger(logConf) shutdown := NewOpenTelemetry(otConf, logger) @@ -265,7 +265,7 @@ func newVersionCollector() prometheus.Collector { ) } -func newStatsRegistry(addr string, logger blog.Logger) prometheus.Registerer { +func newStatsRegistry(addr string, logger blog.Logger) *prometheus.Registry { registry := prometheus.NewRegistry() if addr == "" { From 339acc9976e9f15dff12dce6fdf91901bfa50f0f Mon Sep 17 00:00:00 2001 From: Samantha Date: Wed, 1 Jul 2026 15:44:15 -0400 Subject: [PATCH 2/2] Add debugAddr to config-next --- test/config-next/cert-checker.json | 1 + 1 file changed, 1 insertion(+) diff --git a/test/config-next/cert-checker.json b/test/config-next/cert-checker.json index 8dccca4e23a..ec091061b8d 100644 --- a/test/config-next/cert-checker.json +++ b/test/config-next/cert-checker.json @@ -1,5 +1,6 @@ { "certChecker": { + "debugAddr": ":8007", "db": { "dbConnectFile": "test/secrets/cert_checker_dburl", "maxOpenConns": 10