Bug 1498398
Summary: | Incomplete default configuration for secure-forward | |||
---|---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Ruben Romero Montes <rromerom> | |
Component: | Logging | Assignee: | Ruben Romero Montes <rromerom> | |
Status: | CLOSED ERRATA | QA Contact: | Anping Li <anli> | |
Severity: | low | Docs Contact: | ||
Priority: | unspecified | |||
Version: | 3.6.0 | CC: | anli, aos-bugs, bbilgin, jcantril, nhosoi, rmeggins, rromerom, sdodson | |
Target Milestone: | --- | |||
Target Release: | 3.9.0 | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: |
Cause:
The secure-forward template generated in the configMap does not include the <store> tag as mentioned in the documentation.
Consequence:
The configuration fails when more stores are defined
Fix:
Add enclosing <store> tag for the template
Result:
Removing the comments provides a syntactically valid configuration
|
Story Points: | --- | |
Clone Of: | ||||
: | 1617921 (view as bug list) | Environment: | ||
Last Closed: | 2018-06-27 18:01:30 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1617921 |
Description
Ruben Romero Montes
2017-10-04 08:41:56 UTC
Can the PR be merged? Is there something missing? (In reply to Ruben Romero Montes from comment #0) > Additional info: > Documentation snippet found in: > https://docs.openshift.com/container-platform/3.6/install_config/ > aggregate_logging.html#aggregated-fluentd It looks like a Doc bug. Please take a look at this Fluentd doc, where <store> i s not needed. (Instead, it needs to be in <match TAG>) https://docs.fluentd.org/v0.12/articles/out_secure_forward You could see how we enable secure forward in the secure forward CI test. 1) Enabling secure-forward.conf in the main fluentd config file in <match **>: https://github.com/openshift/origin-aggregated-logging/blob/master/test/fluentd-forward.sh#L22-L25 2) Updating the content of secure-forward.conf: https://github.com/openshift/origin-aggregated-logging/blob/master/test/fluentd-forward.sh#L31-L41 Can we change this to a Doc bug? In both cases the <match **> tag only has one @include but if you see in the documentation when you use the @type copy you need to put the others under <store> tag. Check how the configuration should be expanded. <match **> @type copy @include output-es-config.conf @include ../user/output-extra-*.conf @include ../dynamic/es-copy-config.conf <store> @type secure_forward ... </store> </match> Compare with the output-es-config.conf file, for example: <store> @type elasticsearch_dynamic host "#{ENV['ES_HOST']}" port "#{ENV['ES_PORT']}" ... </store> But it is true I should add a unit test for that. Commit pushed to master at https://github.com/openshift/openshift-ansible https://github.com/openshift/openshift-ansible/commit/4b2b0a0b5d5df89c98332a3ae24de336a65c0332 bug 1498398. Enclose content between store tag How can we verify if we have an openshift-ansible build which includes this fix? It should be in both 3.8 and 3.9 builds. ~/git/Openshift/openshift-ansible (master)$ git tag --contains 4b2b0a0b5d5df89c98332a3ae24de336a65c0332 openshift-ansible-3.8.0-0.10.0 openshift-ansible-3.9.0-0.1.0 No sure if we neend to fix in v3.6 and v3.7. Get the following error when use td-agent as an external fluent td-agent-3.1.1-0.el7.x86_64. Will the same version fluentd again. 2018-01-10 04:00:03 -0500 [warn]: #0 incoming chunk is broken: host="192.168.1.218" msg=46 2018-01-10 04:00:03 -0500 [error]: #0 unexpected error on reading data host="192.168.1.218" port=54510 error_class=MessagePack::UnknownExtTypeError error="unexpected extension type" 2018-01-10 04:00:03 -0500 [error]: #0 suppressed same stacktrace The secure-forward.conf are in place of store. so move bug to verified. secure-forward.conf: | # <store> # @type secure_forward # self_hostname ${HOSTNAME} # shared_key <SECRET_STRING> # secure yes # enable_strict_verification yes # ca_cert_path /etc/fluent/keys/your_ca_cert # ca_private_key_path /etc/fluent/keys/your_private_key # for private CA secret key # ca_private_key_passphrase passphrase # <server> # or IP # host server.fqdn.example.com # port 24284 # </server> # <server> # ip address to connect # host 203.0.113.8 # specify hostlabel for FQDN verification if ipaddress is used for host # hostlabel server.fqdn.example.com # </server> # </store> Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:2013 |