Bug 1834414
| Summary: | Allow enable mutual TLS in cluster logging Log Forwarding feature | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Sergio G. <sgarciam> |
| Component: | Logging | Assignee: | Alan Conway <aconway> |
| Status: | CLOSED NEXTRELEASE | QA Contact: | Anping Li <anli> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | 4.4 | CC: | aos-bugs, ikarpukh, jcantril, periklis, rbost |
| Target Milestone: | --- | Keywords: | Reopened |
| Target Release: | 4.7.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | logging-core | ||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-01-13 16:56:07 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Sergio G.
2020-05-11 16:43:25 UTC
Jeff, the documentation mentions the private key as part of the secret, the template includes the field (while it could just omit it), the code sets the variable in the proper line and there's a part of the test which sets the private key. It looks as easy as that somebody just forgot to remove the #. Actually that's the solution to make it work, remove the #. There's nothing new to implement, just removing the # in the template which somebody forgot to remove. Is that an RFE? Please re-consider it. Sergio, can you point me to the documentation please. @Christian: https://docs.openshift.com/container-platform/4.3/logging/config/cluster-logging-log-forwarding.html#cluster-logging-log-forwarding-about_cluster-logging-log-forwarding At the beginning of the page: "An output supports TLS communication using a secret. Secrets must have keys of: tls.crt, tls.key, and ca-bundler.crt which point to the respective certificates for which they represent. Secrets must have the key shared_key for use when using forward in a secure manner." Then, right after that part there's an example which shows how to configure a secured external log aggregator using the forward plug-in. As tried to explain: the feature is already in place, actually if you check the code you will see that the key is filled in the template. We just need to remove the # to send the private key no matter if the other side will validate it or not. That's why I think this is not an RFE but a bug. Someone forgot to remove the # for any reason. Reopening since this still seems to affect 4.5 (and master branch) Moving to UpcomingSprint as unlikely to be addressed by EOD Moving to 4.7 to satisfy CF requirements for 4.6 Marking UpcomingSprint as will not be merged or addressed by EOD Setting UpcomingSprint as unable to resolve before EOD Will be fixed as part of https://bugzilla.redhat.com/show_bug.cgi?id=1888943 Fixed by PR https://github.com/openshift/cluster-logging-operator/pull/823 awaiting merge. Closing NEXT RELEASE as this will be fixed as indicated in #c16 in GA |