feat(infra): add OTEL Collector with spanmetrics connector

Eikix · Eikix · commit 762d58e52d1f · 2026-02-25T13:41:04.000+01:00
Configure OTEL Collector to derive RED metrics from trace spans via
the spanmetrics connector, exported to Prometheus. Adds collector
config, updates docker-compose, and wires Prometheus scrape target.
diff --git a/.gitignore b/.gitignore
@@ -37,6 +37,9 @@ logs/
 # If you have .env files specific to subprojects, e.g. subproject/.env,
 # the .env rule above will catch them.
 
+# Local validation scripts (not part of CI)
+test-suite/fhevm/scripts/validate-spanmetrics.sh
+
 # Build output & temporary directories (generic)
 .cache/
 .buildx-cache/
diff --git a/test-suite/fhevm/config/otel-collector/otel-collector-config.yaml b/test-suite/fhevm/config/otel-collector/otel-collector-config.yaml
@@ -0,0 +1,147 @@
+# =============================================================================
+# OpenTelemetry Collector Configuration for FHEVM Coprocessor
+# =============================================================================
+# Architecture:
+#   Services --OTLP gRPC--> [otlp receiver] --traces--> [spanmetrics connector] --> [prometheus exporter]
+#                                            --traces--> [otlp/jaeger exporter] --> Jaeger
+#
+# Spanmetrics dimensions (explicit allowlist):
+#   - service.name (default) — 6 known services
+#   - span.name (default) — ~45 distinct span names
+#   - status.code (default) — OK / ERROR
+#   - operation — FHE operation enum name (~30 values)
+#   - ct_type — ciphertext type (~15 values)
+#   - operation_pattern_id — per-cone DFG hash (bounded by distinct contract patterns)
+#   - transaction_pattern_id — whole-tx DFG hash (bounded by distinct contract patterns)
+#
+# Excluded from defaults:
+#   - span.kind — all spans are INTERNAL (single value = useless)
+#
+# High-cardinality attributes NOT listed as dimensions are automatically
+# excluded from spanmetrics output (txn_id, count, compressed_size, etc.)
+# =============================================================================
+
+receivers:
+  otlp:
+    protocols:
+      grpc:
+        endpoint: "0.0.0.0:4317"
+
+connectors:
+  spanmetrics:
+    namespace: coprocessor.span
+
+    histogram:
+      unit: ms
+      explicit:
+        buckets:
+          - 1ms
+          - 5ms
+          - 10ms
+          - 25ms
+          - 50ms
+          - 100ms
+          - 250ms
+          - 500ms
+          - 1s
+          - 2.5s
+          - 5s
+          - 10s
+          - 30s
+          - 60s
+
+    # Additional dimensions beyond defaults (service.name, span.name, status.code)
+    dimensions:
+      - name: operation       # FHE op name on fhe_operation / compress_ciphertext spans
+      - name: ct_type         # Ciphertext type on compress/squash/upload spans
+      - name: operation_pattern_id    # per-cone DFG fingerprint on execute_transaction / fhe_operation spans
+      - name: transaction_pattern_id  # whole-tx DFG fingerprint on execute_transaction spans
+
+    # Remove unhelpful defaults (all coprocessor spans are INTERNAL — single value)
+    exclude_dimensions:
+      - span.kind
+
+    # Exemplars for metric→trace pivot in Grafana
+    exemplars:
+      enabled: true
+      max_per_data_point: 5
+
+    # Flush and expiration
+    metrics_flush_interval: 15s
+    metrics_expiration: 5m
+
+exporters:
+  otlp/jaeger:
+    endpoint: "jaeger:4317"
+    tls:
+      insecure: true
+
+  prometheus:
+    endpoint: "0.0.0.0:8889"
+    enable_open_metrics: true   # Required for exemplars
+
+processors:
+  batch:
+    send_batch_size: 1024
+    timeout: 5s
+
+service:
+  telemetry:
+    logs:
+      level: info
+    metrics:
+      address: "0.0.0.0:8888"  # Collector's own health metrics
+
+  pipelines:
+    traces:
+      receivers: [otlp]
+      processors: [batch]
+      exporters: [spanmetrics, otlp/jaeger]
+
+    metrics/spanmetrics:
+      receivers: [spanmetrics]
+      processors: [batch]
+      exporters: [prometheus]
+
+# =============================================================================
+# Sample PromQL Queries for RED Dashboards
+# =============================================================================
+# Metric names generated (namespace "coprocessor.span" → underscores in Prometheus):
+#   coprocessor_span_calls_total          — span call counter
+#   coprocessor_span_duration_milliseconds_bucket  — span duration histogram
+#
+# --- Rate (Request Rate) ---
+#
+# Total span call rate by service and span name:
+#   sum(rate(coprocessor_span_calls_total[5m])) by (service_name, span_name)
+#
+# FHE operation rate by operation type:
+#   sum(rate(coprocessor_span_calls_total{span_name="fhe_operation"}[5m])) by (operation)
+#
+# --- Error Rate ---
+#
+# Error rate by service:
+#   sum(rate(coprocessor_span_calls_total{status_code="STATUS_CODE_ERROR"}[5m])) by (service_name)
+#   / sum(rate(coprocessor_span_calls_total[5m])) by (service_name)
+#
+# Error rate by span name:
+#   sum(rate(coprocessor_span_calls_total{status_code="STATUS_CODE_ERROR"}[5m])) by (span_name)
+#   / sum(rate(coprocessor_span_calls_total[5m])) by (span_name)
+#
+# --- Duration (Latency Percentiles) ---
+#
+# p50 latency by service:
+#   histogram_quantile(0.5, sum(rate(coprocessor_span_duration_milliseconds_bucket[5m])) by (le, service_name))
+#
+# p95 latency by span name:
+#   histogram_quantile(0.95, sum(rate(coprocessor_span_duration_milliseconds_bucket[5m])) by (le, span_name))
+#
+# p99 latency for FHE operations by operation type:
+#   histogram_quantile(0.99, sum(rate(coprocessor_span_duration_milliseconds_bucket{span_name="fhe_operation"}[5m])) by (le, operation))
+#
+# p95 latency by DFG operation pattern:
+#   histogram_quantile(0.95, sum(rate(coprocessor_span_duration_milliseconds_bucket{span_name="execute_transaction"}[5m])) by (le, operation_pattern_id))
+#
+# p95 latency by DFG transaction pattern:
+#   histogram_quantile(0.95, sum(rate(coprocessor_span_duration_milliseconds_bucket{span_name="execute_transaction"}[5m])) by (le, transaction_pattern_id))
+# =============================================================================
diff --git a/test-suite/fhevm/config/prometheus/prometheus.yml b/test-suite/fhevm/config/prometheus/prometheus.yml
@@ -7,8 +7,20 @@ scrape_configs:
 
     static_configs:
       - targets: ['kms-connector-gw-listener:9100', 'kms-connector-kms-worker:9100', 'kms-connector-tx-sender:9100']
-   
+
   # Coprocessor job configuration
   - job_name: 'coprocessor'
     static_configs:
       - targets: ['coprocessor-transaction-sender:9100', 'coprocessor-gw-listener:9100', 'coprocessor-tfhe-worker:9100', 'coprocessor-sns-worker:9100', 'coprocessor-zkproof-worker:9100']
+
+  # Spanmetrics from OTEL Collector
+  # Scrapes spanmetrics-derived metrics from the OTEL Collector's Prometheus exporter.
+  # OpenMetricsText1.0.0 must be first to enable exemplar ingestion (metric→trace links).
+  - job_name: 'otel-spanmetrics'
+    scrape_interval: 15s
+    scrape_protocols:
+      - OpenMetricsText1.0.0    # Required first: enables exemplar ingestion
+      - PrometheusProto
+      - PrometheusText0.0.4
+    static_configs:
+      - targets: ['otel-collector:8889']
diff --git a/test-suite/fhevm/docker-compose/tracing-docker-compose.yml b/test-suite/fhevm/docker-compose/tracing-docker-compose.yml
@@ -12,6 +12,23 @@ services:
       - prom_data:/prometheus
     command:
       - '--config.file=/etc/prometheus/prometheus.yml'
+      - '--enable-feature=exemplar-storage'  # Enable exemplar support for spanmetrics trace links
+    depends_on:
+      - otel-collector
+
+  otel-collector:
+    container_name: otel-collector
+    image: otel/opentelemetry-collector-contrib:0.120.0  # spanmetrics connector available since 0.86.0
+    ports:
+      - "4317:4317"    # OTLP gRPC (services send traces here instead of directly to Jaeger)
+      - "4318:4318"    # OTLP HTTP (optional)
+      - "8889:8889"    # Prometheus exporter (spanmetrics output)
+      - "8888:8888"    # Collector health/self-monitoring metrics
+    volumes:
+      - ../config/otel-collector/otel-collector-config.yaml:/etc/otelcol-contrib/config.yaml
+    depends_on:
+      - jaeger
+    restart: unless-stopped
 
   jaeger:
     container_name: jaeger
@@ -24,9 +41,10 @@ services:
       - "6831:6831/udp"
       - "6832:6832/udp"
       - "5778:5778"
-      - "16686:16686"
-      - "4317:4317"
-      - "4318:4318"
+      - "16686:16686"   # Jaeger UI (keep exposed to host)
+      # NOTE: OTLP ports 4317 and 4318 are intentionally NOT exposed to the host.
+      # The OTEL Collector is the new ingress point for OTLP traces (owns host port 4317).
+      # Jaeger receives traces from the collector via Docker DNS (jaeger:4317).
       - "14250:14250"
       - "14268:14268"
       - "14269:14269"
