Fix: Prevent Collector Crash on Invalid Config Reload via SIGHUP (#11817)

[gokulvootla]

Which problem is this PR solving?

• Fixes Hot reload of configuration changes should validate changes #11817: The OpenTelemetry Collector used to restart or crash when an invalid configuration was applied via a ConfigMap change and the process received a SIGHUP signal.

Description of the changes

• Modified the reloadConfiguration function to validate the new configuration in a dry-run mode before applying it.

• If the new config is invalid, the Collector:

  • Logs a clear error message.
  • Retains the existing running configuration.
  • Does not restart or crash.

  How was this change tested?

  Valid Changes

1. Applied a valid config change in Kubernetes ConfigMap.
2. Triggered reload via kill -HUP 1 in the Collector container.
3. And Verified logs

2025-07-18T18:58:16.716Z        info    extensions/extensions.go:41     Starting extensions...  {"resource": {"service.instance.id": "4fcb8dd7-fabf-4ce6-bb3e-c44864649628", "service.name": "otelcorecol", "service.version": "0.130.0-dev"}}
2025-07-18T18:58:16.717Z        info    [email protected]/otlp.go:117       Starting GRPC server    {"resource": {"service.instance.id": "4fcb8dd7-fabf-4ce6-bb3e-c44864649628", "service.name": "otelcorecol", "service.version": "0.130.0-dev"}, "otelcol.component.id": "otlp", "otelcol.component.kind": "receiver", "otelcol.signal": "traces", "endpoint": "localhost:4317"}
2025-07-18T18:58:16.717Z        info    [email protected]/service.go:280 Everything is ready. Begin running and processing data. {"resource": {"service.instance.id": "4fcb8dd7-fabf-4ce6-bb3e-c44864649628", "service.name": "otelcorecol", "service.version": "0.130.0-dev"}}
[INFO] Configuration reloaded successfully.

InValid Changes

1. Introduced breaking changes to the configmap
2. Triggred Kill -HUP
3. Verified from logs

[ERROR] Failed to load new config: decoding failed...
'' has invalid keys: expor
[INFO] Keeping the existing configuration.

Final logs

2025-07-18T19:00:41.286Z        info    [email protected]/collector.go:403       Received signal from OS {"resource": {"service.instance.id": "8609bb65-b5de-4bed-bf80-183ef3b13a8e", "service.name": "otelcorecol", "service.version": "0.130.0-dev"}, "signal": "hangup"}
[ERROR] Failed to load new config: cannot unmarshal the configuration: decoding failed due to the following error(s):

'' has invalid keys: expor
[INFO] Keeping the existing configuration.



2025-07-18T19:00:47.800Z        info    [email protected]/collector.go:403       Received signal from OS {"resource": {"service.instance.id": "8609bb65-b5de-4bed-bf80-183ef3b13a8e", "service.name": "otelcorecol", "service.version": "0.130.0-dev"}, "signal": "hangup"}
2025-07-18T19:00:47.804Z        info    [email protected]/service.go:197 Setting up own telemetry...     {"resource": {"service.instance.id": "38f0b3fc-2eb6-4427-83c3-2cc761cda92b", "service.name": "otelcorecol", "service.version": "0.130.0-dev"}}
2025-07-18T19:00:47.804Z        info    builders/builders.go:26 Development component. May change in the future.        {"resource": {"service.instance.id": "38f0b3fc-2eb6-4427-83c3-2cc761cda92b", "service.name": "otelcorecol", "service.version": "0.130.0-dev"}, "otelcol.component.id": "debug", "otelcol.component.kind": "exporter", "otelcol.signal": "traces"}
2025-07-18T19:00:47.805Z        info    [email protected]/service.go:239 Skipped telemetry setup.        {"resource": {"service.instance.id": "38f0b3fc-2eb6-4427-83c3-2cc761cda92b", "service.name": "otelcorecol", "service.version": "0.130.0-dev"}}
2025-07-18T19:00:47.805Z        info    [email protected]/service.go:322 Starting shutdown...    {"resource": {"service.instance.id": "8609bb65-b5de-4bed-bf80-183ef3b13a8e", "service.name": "otelcorecol", "service.version": "0.130.0-dev"}}
2025-07-18T19:00:47.805Z        info    extensions/extensions.go:69     Stopping extensions...  {"resource": {"service.instance.id": "8609bb65-b5de-4bed-bf80-183ef3b13a8e", "service.name": "otelcorecol", "service.version": "0.130.0-dev"}}
2025-07-18T19:00:47.805Z        info    [email protected]/service.go:336 Shutdown complete.      {"resource": {"service.instance.id": "8609bb65-b5de-4bed-bf80-183ef3b13a8e", "service.name": "otelcorecol", "service.version": "0.130.0-dev"}}
2025-07-18T19:00:47.805Z        info    [email protected]/service.go:257 Starting otelcorecol... {"resource": {"service.instance.id": "38f0b3fc-2eb6-4427-83c3-2cc761cda92b", "service.name": "otelcorecol", "service.version": "0.130.0-dev"}, "Version": "0.130.0-dev", "NumCPU": 2}
2025-07-18T19:00:47.805Z        info    extensions/extensions.go:41     Starting extensions...  {"resource": {"service.instance.id": "38f0b3fc-2eb6-4427-83c3-2cc761cda92b", "service.name": "otelcorecol", "service.version": "0.130.0-dev"}}
2025-07-18T19:00:47.805Z        info    [email protected]/otlp.go:117       Starting GRPC server    {"resource": {"service.instance.id": "38f0b3fc-2eb6-4427-83c3-2cc761cda92b", "service.name": "otelcorecol", "service.version": "0.130.0-dev"}, "otelcol.component.id": "otlp", "otelcol.component.kind": "receiver", "otelcol.signal": "traces", "endpoint": "localhost:4317"}
2025-07-18T19:00:47.806Z        info    [email protected]/service.go:280 Everything is ready. Begin running and processing data. {"resource": {"service.instance.id": "38f0b3fc-2eb6-4427-83c3-2cc761cda92b", "service.name": "otelcorecol", "service.version": "0.130.0-dev"}}
[INFO] Configuration reloaded successfully

Observations

• Even when a configuration with syntax errors or invalid fields was applied:

       The Collector rejected the new config, retained the current state, and continued serving.
       Kubernetes did not restart the pod, and container liveness/readiness probes remained healthy.

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: gokulvootla / name: gokulvootla (1096e1b, 73e0181, 4a172bf, 16ddf5d)

[jade-guiton-dd]

Thank you for tackling this thorny issue.

[jade-guiton-dd]

It would be better to keep using col.service.Logger().Warn() for this.

[jade-guiton-dd]

I see a few issues with this approach:

• This duplicates code from setupConfigurationComponents, and more importantly doesn't behave the same way (some fields in service.Settings are missing for example).
• I'm not sure that calling service.New while the previous service is still running is safe. Maybe other approvers can opine on this.
• I don't think checking for errors in service.New is a good way of validating the config. Some errors in service.New should probably be fatal, and there are configuration errors it won't catch.
• Notably, xconfmap.Validate is never called, even though it's a very important part of validating the config.

I think it would be better to extract the parts of setupConfigurationComponents which load and validate the config (ie. the calls to col.set.Factories(), col.configProvider.Get(), and xconfmap.Validate()) into their own loadConfiguration [name to be bikeshed] method.

Then, we can have Collector.Run:

• call loadConfiguration and exit if it fails
• call setupConfigurationComponents with the results to start the service

And reloadConfiguration can:

• call loadConfiguration and log a warning if it fails
• shut down the current service
• call setupConfigurationComponents to start the new one

If there are config-related errors that only surface inside service.New and we want to avoid a crash when they occur, I think we should move those checks into the appropriate .Validate() method.

[codecov]

Codecov Report

Attention: Patch coverage is 52.17391% with 22 lines in your changes missing coverage. Please review.

Project coverage is 91.40%. Comparing base (be09659) to head (1096e1b).
Report is 16 commits behind head on main.

Files with missing lines	Patch %	Lines
otelcol/collector.go	52.17%	20 Missing and 2 partials ⚠️

❌ Your patch check has failed because the patch coverage (52.17%) is below the target coverage (95.00%). You can increase the patch coverage or adjust the target coverage.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #13432      +/-   ##
==========================================
- Coverage   91.48%   91.40%   -0.09%     
==========================================
  Files         529      529              
  Lines       29508    29544      +36     
==========================================
+ Hits        26996    27004       +8     
- Misses       1985     2010      +25     
- Partials      527      530       +3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[gokulvootla]

Hi @jade-guiton-dd

I’ve updated the PR based on your feedback. Please take a look when you get a chance. Thank you!

[jade-guiton-dd]

Thank you for the update.

[jade-guiton-dd]

I don't think there's a need for these fields. Passing the values through return / call arguments should be enough.

[jade-guiton-dd]

No point in recreating the factories and config since they're passed as arguments (and same thing for the call to xconfmap.Validate() below).

[jade-guiton-dd]

There are multiple formatting and linter errors, you'll want to fix those. Make sure you have a Go formatter setup in your IDE. You can run make golint locally to check your work.

[jade-guiton-dd]

We'll want to keep the newFallbackLogger logic in this function. To avoid writing it twice, you can write something like:

cfg, factories, err := col.loadConfiguration(ctx)
if err == nil {
	err = col.setupConfigurationComponents(ctx, col.config, col.factories)
}
if err != nil {
	col.setCollectorState(StateClosed)
	logger, loggerErr := newFallbackLogger(col.set.LoggingOptions)
	// etc.
}

[jade-guiton-dd]

No need for that, this is already done in setupConfigurationComponents in the successful case.