terraform: remove cloud loggers (#2892)

* terraform: remove cloud logging apps

* internal/cloud: remove loggers

* bootstrapper: remove logging

* qemu-metadata-api: remove logging endpoint

* docs: add instructions on how to get boot logs

* bazel: tidy

* docs: fix typo

* cloud: remove unused types

* Update go.mod

Co-authored-by: Daniel Weiße <[email protected]>

* bazel: tidy

* Update docs/docs/workflows/troubleshooting.md

Co-authored-by: Thomas Tendyck <[email protected]>

* Update docs/docs/workflows/troubleshooting.md

Co-authored-by: Thomas Tendyck <[email protected]>

* Update docs/docs/workflows/troubleshooting.md

Co-authored-by: Thomas Tendyck <[email protected]>

* docs: elaborate on how to get boot logs

* bazel: tidy

---------

Co-authored-by: Daniel Weiße <[email protected]>
Co-authored-by: Thomas Tendyck <[email protected]>

bazel/toolchains/go_module_deps.bzl

@@ -343,14 +343,6 @@ def go_dependencies():
         sum = "h1:xKbFXea2CIF/Wskauz1TMr//wZ6FyzEafMdSBIQqn80=",
         version = "v1.32.6",
     )
-    go_repository(
-        name = "com_github_aws_aws_sdk_go_v2_service_cloudwatchlogs",
-        build_file_generation = "on",
-        build_file_proto_mode = "disable_global",
-        importpath = "github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs",
-        sum = "h1:9apthAVGtCrw6LkswOcRpa1fMWur+7cGqO0yR65qsZM=",
-        version = "v1.30.2",
-    )
     go_repository(
         name = "com_github_aws_aws_sdk_go_v2_service_ec2",
         build_file_generation = "on",
@@ -511,14 +503,6 @@ def go_dependencies():
         sum = "h1:FbH3BbSb4bvGluTesZZ+ttN/MDsnMmQP36OSnDuSXqw=",
         version = "v0.7.1",
     )
-    go_repository(
-        name = "com_github_azure_azure_sdk_for_go_sdk_resourcemanager_applicationinsights_armapplicationinsights",
-        build_file_generation = "on",
-        build_file_proto_mode = "disable_global",
-        importpath = "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/applicationinsights/armapplicationinsights",
-        sum = "h1:hBrFatNIiVAwDb5GzMLjpkQ6l2/waFSvBWMBWZRH8WI=",
-        version = "v1.1.1",
-    )
     go_repository(
         name = "com_github_azure_azure_sdk_for_go_sdk_resourcemanager_compute_armcompute_v5",
         build_file_generation = "on",
@@ -3651,14 +3635,6 @@ def go_dependencies():
         sum = "h1:ilICZmJcQz70vrWVes1MFera4jGiWNocSkykwwoy3XI=",
         version = "v0.5.0",
     )
-    go_repository(
-        name = "com_github_microsoft_applicationinsights_go",
-        build_file_generation = "on",
-        build_file_proto_mode = "disable_global",
-        importpath = "github.com/microsoft/ApplicationInsights-Go",
-        sum = "h1:G4+H9WNs6ygSCe6sUyxRc2U81TI5Es90b2t/MwX5KqY=",
-        version = "v0.4.4",
-    )
     go_repository(
         name = "com_github_microsoft_go_winio",
         build_file_generation = "on",
@@ -3995,14 +3971,6 @@ def go_dependencies():
         sum = "h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8=",
         version = "v1.2.8",
     )
-    go_repository(
-        name = "com_github_onsi_ginkgo",
-        build_file_generation = "on",
-        build_file_proto_mode = "disable_global",
-        importpath = "github.com/onsi/ginkgo",
-        sum = "h1:VkHVNpR4iVnU8XQR6DBm8BqYjN7CRzw+xKUbVVbbW9w=",
-        version = "v1.8.0",
-    )
     go_repository(
         name = "com_github_onsi_ginkgo_v2",
         build_file_generation = "on",
@@ -4819,14 +4787,6 @@ def go_dependencies():
         sum = "h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BGhTkes=",
         version = "v2.3.1",
     )
-    go_repository(
-        name = "com_github_tedsuo_ifrit",
-        build_file_generation = "on",
-        build_file_proto_mode = "disable_global",
-        importpath = "github.com/tedsuo/ifrit",
-        sum = "h1:LUUe4cdABGrIJAhl1P1ZpWY76AwukVszFdwkVFVLwIk=",
-        version = "v0.0.0-20180802180643-bea94bb476cc",
-    )
     go_repository(
         name = "com_github_theupdateframework_go_tuf",
         build_file_generation = "on",
@@ -7008,14 +6968,6 @@ def go_dependencies():
         sum = "h1:Z96pB6DkSb7F3Y3BBnJeOZH2gazyMTWlvecSD4vDqfk=",
         version = "v0.0.7",
     )
-    go_repository(
-        name = "org_cloudfoundry_code_clock",
-        build_file_generation = "on",
-        build_file_proto_mode = "disable_global",
-        importpath = "code.cloudfoundry.org/clock",
-        sum = "h1:5eeuG0BHx1+DHeT3AP+ISKZ2ht1UjGhm581ljqYpVeQ=",
-        version = "v0.0.0-20180518195852-02e53af36e6c",
-    )
     go_repository(
         name = "org_golang_google_api",
         build_file_generation = "on",

bootstrapper/cmd/bootstrapper/BUILD.bazel

@@ -20,7 +20,6 @@ go_library(
         "//bootstrapper/internal/kubernetes",
         "//bootstrapper/internal/kubernetes/k8sapi",
         "//bootstrapper/internal/kubernetes/kubewaiter",
-        "//bootstrapper/internal/logging",
         "//bootstrapper/internal/nodelock",
         "//internal/atls",
         "//internal/attestation/choose",

bootstrapper/cmd/bootstrapper/main.go

@@ -19,7 +19,6 @@ import (
 	"github.com/edgelesssys/constellation/v2/bootstrapper/internal/kubernetes"
 	"github.com/edgelesssys/constellation/v2/bootstrapper/internal/kubernetes/k8sapi"
 	"github.com/edgelesssys/constellation/v2/bootstrapper/internal/kubernetes/kubewaiter"
-	"github.com/edgelesssys/constellation/v2/bootstrapper/internal/logging"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/choose"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/simulator"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/tdx"
@@ -62,7 +61,6 @@ func main() {
 	bindPort := strconv.Itoa(constants.BootstrapperPort)
 	var clusterInitJoiner clusterInitJoiner
 	var metadataAPI metadataAPI
-	var cloudLogger logging.CloudLogger
 	var openDevice vtpm.TPMOpenFunc
 	var fs afero.Fs
 
@@ -83,11 +81,6 @@ func main() {
 		}
 		metadataAPI = metadata
 
-		cloudLogger, err = awscloud.NewLogger(ctx)
-		if err != nil {
-			log.With(zap.Error(err)).Fatalf("Failed to set up cloud logger")
-		}
-
 		clusterInitJoiner = kubernetes.New(
 			"aws", k8sapi.NewKubernetesUtil(), &k8sapi.KubdeadmConfiguration{}, kubectl.NewUninitialized(),
 			metadata, &kubewaiter.CloudKubeAPIWaiter{},
@@ -102,11 +95,6 @@ func main() {
 		}
 		defer metadata.Close()
 
-		cloudLogger, err = gcpcloud.NewLogger(ctx, "constellation-boot-log")
-		if err != nil {
-			log.With(zap.Error(err)).Fatalf("Failed to set up cloud logger")
-		}
-
 		metadataAPI = metadata
 		clusterInitJoiner = kubernetes.New(
 			"gcp", k8sapi.NewKubernetesUtil(), &k8sapi.KubdeadmConfiguration{}, kubectl.NewUninitialized(),
@@ -120,10 +108,7 @@ func main() {
 		if err != nil {
 			log.With(zap.Error(err)).Fatalf("Failed to create Azure metadata client")
 		}
-		cloudLogger, err = azurecloud.NewLogger(ctx)
-		if err != nil {
-			log.With(zap.Error(err)).Fatalf("Failed to set up cloud logger")
-		}
+
 		if err := metadata.PrepareControlPlaneNode(ctx, log); err != nil {
 			log.With(zap.Error(err)).Fatalf("Failed to prepare Azure control plane node")
 		}
@@ -138,7 +123,6 @@ func main() {
 		fs = afero.NewOsFs()
 
 	case cloudprovider.QEMU:
-		cloudLogger = qemucloud.NewLogger()
 		metadata := qemucloud.New()
 		clusterInitJoiner = kubernetes.New(
 			"qemu", k8sapi.NewKubernetesUtil(), &k8sapi.KubdeadmConfiguration{}, kubectl.NewUninitialized(),
@@ -158,7 +142,6 @@ func main() {
 		}
 		fs = afero.NewOsFs()
 	case cloudprovider.OpenStack:
-		cloudLogger = &logging.NopLogger{}
 		metadata, err := openstackcloud.New(ctx)
 		if err != nil {
 			log.With(zap.Error(err)).Fatalf("Failed to create OpenStack metadata client")
@@ -173,7 +156,6 @@ func main() {
 	default:
 		clusterInitJoiner = &clusterFake{}
 		metadataAPI = &providerMetadataFake{}
-		cloudLogger = &logging.NopLogger{}
 		var simulatedTPMCloser io.Closer
 		openDevice, simulatedTPMCloser = simulator.NewSimulatedTPMOpenFunc()
 		defer simulatedTPMCloser.Close()
@@ -182,5 +164,5 @@ func main() {
 
 	fileHandler := file.NewHandler(fs)
 
-	run(issuer, openDevice, fileHandler, clusterInitJoiner, metadataAPI, bindIP, bindPort, log, cloudLogger)
+	run(issuer, openDevice, fileHandler, clusterInitJoiner, metadataAPI, bindIP, bindPort, log)
 }

bootstrapper/cmd/bootstrapper/run.go

@@ -14,7 +14,6 @@ import (
 	"github.com/edgelesssys/constellation/v2/bootstrapper/internal/diskencryption"
 	"github.com/edgelesssys/constellation/v2/bootstrapper/internal/initserver"
 	"github.com/edgelesssys/constellation/v2/bootstrapper/internal/joinclient"
-	"github.com/edgelesssys/constellation/v2/bootstrapper/internal/logging"
 	"github.com/edgelesssys/constellation/v2/bootstrapper/internal/nodelock"
 	"github.com/edgelesssys/constellation/v2/internal/atls"
 	"github.com/edgelesssys/constellation/v2/internal/attestation/initialize"
@@ -29,20 +28,14 @@ import (
 func run(issuer atls.Issuer, openDevice vtpm.TPMOpenFunc, fileHandler file.Handler,
 	kube clusterInitJoiner, metadata metadataAPI,
 	bindIP, bindPort string, log *logger.Logger,
-	cloudLogger logging.CloudLogger,
 ) {
-	defer cloudLogger.Close()
-
 	log.With(zap.String("version", constants.BinaryVersion().String())).Infof("Starting bootstrapper")
-	cloudLogger.Disclose("bootstrapper started running...")
 
 	uuid, err := getDiskUUID()
 	if err != nil {
 		log.With(zap.Error(err)).Errorf("Failed to get disk UUID")
-		cloudLogger.Disclose("Failed to get disk UUID")
 	} else {
 		log.Infof("Disk UUID: %s", uuid)
-		cloudLogger.Disclose("Disk UUID: " + uuid)
 	}
 
 	nodeBootstrapped, err := initialize.IsNodeBootstrapped(openDevice)
@@ -77,7 +70,6 @@ func run(issuer atls.Issuer, openDevice vtpm.TPMOpenFunc, fileHandler file.Handl
 	}
 
 	log.Infof("bootstrapper done")
-	cloudLogger.Disclose("bootstrapper done")
 }
 
 func getDiskUUID() (string, error) {

docs/docs/workflows/troubleshooting.md

@@ -95,49 +95,14 @@ check if the encountered [issue is known](https://github.com/edgelesssys/constel
 
 ## Diagnosing issues
 
-### Cloud logging
+### Logs
 
-To provide information during early stages of a node's boot process, Constellation logs messages to the log systems of the cloud providers. Since these offerings **aren't** confidential, only generic information without any sensitive values is stored. This provides administrators with a high-level understanding of the current state of a node.
+To get started on diagnosing issues with Constellation, it's often helpful to collect logs from nodes, pods, or other resources in the cluster. Most logs are available through Kubernetes' standard
+[logging interfaces](https://kubernetes.io/docs/concepts/cluster-administration/logging/).
 
-You can view this information in the following places:
+To debug issues occurring at boot time of the nodes, you can use the serial console interface of the CSP while the machine boots to get a read-only view of the boot logs.
 
-<tabs groupId="csp">
-<tabItem value="azure" label="Azure">
-
-1. In your Azure subscription find the Constellation resource group.
-2. Inside the resource group find the Application Insights resource called `constellation-insights-*`.
-3. On the left-hand side go to `Logs`, which is located in the section `Monitoring`.
-    - Close the Queries page if it pops up.
-5. In the query text field type in `traces`, and click `Run`.
-
-To **find the disk UUIDs** use the following query: `traces | where message contains "Disk UUID"`
-
-</tabItem>
-<tabItem value="gcp" label="GCP">
-
-1. Select the project that hosts Constellation.
-2. Go to the `Compute Engine` service.
-3. On the right-hand side of a VM entry select `More Actions` (a stacked ellipsis)
-    - Select `View logs`
-
-To **find the disk UUIDs** use the following query: `resource.type="gce_instance" text_payload=~"Disk UUID:.*\n" logName=~".*/constellation-boot-log"`
-
-:::info
-
-Constellation uses the default bucket to store logs. Its [default retention period is 30 days](https://cloud.google.com/logging/quotas#logs_retention_periods).
-
-:::
-
-</tabItem>
-<tabItem value="aws" label="AWS">
-
-1. Open [AWS CloudWatch](https://console.aws.amazon.com/cloudwatch/home)
-2. Select [Log Groups](https://console.aws.amazon.com/cloudwatch/home#logsV2:log-groups)
-3. Select the log group that matches the name of your cluster.
-4. Select the log stream for control or worker type nodes.
-
-</tabItem>
-</tabs>
+Apart from that, Constellation also offers further [observability integrations](../architecture/observability.md).
 
 ### Node shell access
 

go.mod

@@ -44,19 +44,16 @@ require (
 	cloud.google.com/go/compute v1.23.0
 	cloud.google.com/go/compute/metadata v0.2.3
 	cloud.google.com/go/kms v1.15.2
-	cloud.google.com/go/logging v1.8.1
 	cloud.google.com/go/secretmanager v1.11.1
 	cloud.google.com/go/storage v1.31.0
 	dario.cat/mergo v1.0.0
 	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.0
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/azsecrets v0.12.0
-	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/applicationinsights/armapplicationinsights v1.1.1
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5 v5.1.0
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v5 v5.0.0
 	github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.0.0
-	github.com/Azure/go-autorest/autorest/to v0.4.0
 	github.com/aws/aws-sdk-go v1.44.297
 	github.com/aws/aws-sdk-go-v2 v1.24.1
 	github.com/aws/aws-sdk-go-v2/config v1.26.3
@@ -65,7 +62,6 @@ require (
 	github.com/aws/aws-sdk-go-v2/feature/s3/manager v1.15.11
 	github.com/aws/aws-sdk-go-v2/service/autoscaling v1.36.7
 	github.com/aws/aws-sdk-go-v2/service/cloudfront v1.32.6
-	github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.30.2
 	github.com/aws/aws-sdk-go-v2/service/ec2 v1.143.0
 	github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 v1.26.7
 	github.com/aws/aws-sdk-go-v2/service/resourcegroupstaggingapi v1.19.7
@@ -110,7 +106,6 @@ require (
 	github.com/hexops/gotextdiff v1.0.3
 	github.com/martinjungblut/go-cryptsetup v0.0.0-20220520180014-fd0874fd07a6
 	github.com/mattn/go-isatty v0.0.20
-	github.com/microsoft/ApplicationInsights-Go v0.4.4
 	github.com/onsi/ginkgo/v2 v2.13.0
 	github.com/onsi/gomega v1.29.0
 	github.com/pkg/errors v0.9.1
@@ -161,8 +156,6 @@ require (
 require (
 	cloud.google.com/go v0.110.8 // indirect
 	cloud.google.com/go/iam v1.1.2 // indirect
-	cloud.google.com/go/longrunning v0.5.1 // indirect
-	code.cloudfoundry.org/clock v0.0.0-20180518195852-02e53af36e6c // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect
@@ -173,6 +166,7 @@ require (
 	github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 // indirect
 	github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect
 	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
+	github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect
 	github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
@@ -248,7 +242,6 @@ require (
 	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/godbus/dbus/v5 v5.1.0 // indirect
-	github.com/gofrs/uuid v4.4.0+incompatible // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect