Bug 1927943

Summary: Logging - Integrating ELK with RHV-4.4 fails as RHVH is missing 'rsyslog-gnutls' package.
Product: Red Hat Enterprise Linux 8 Reporter: Shirly Radco <sradco>
Component: rhel-system-rolesAssignee: Noriko Hosoi <nhosoi>
Status: CLOSED ERRATA QA Contact: Lucie Leistnerova <lleistne>
Severity: high Docs Contact: Eliane Ramos Pereira <elpereir>
Priority: high    
Version: 8.4CC: abpatil, alitman, djez, elpereir, lleistne, mperina, nhosoi, pcahyna, rmeggins, sbonazzo, sradco
Target Milestone: rcKeywords: Regression, Triaged
Target Release: 8.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: role:logging
Fixed In Version: rhel-system-roles-1.0.0-28.el8 Doc Type: Bug Fix
Doc Text:
.`Logging` output no longer fails when the `rsyslog-gnutls` package is missing A global `tls` `rsyslog-gnutls` package is required when the `logging` RHEL System Role is configured to provide secure remote input and secure forward output. Previously, thel `tls` `rsyslog-gnutls` package was changed to install unconditionally in the previous version. As a consequence, when the `tls` `rsyslog-gnutls` package was not available on the managed nodes, the `logging` role configuration failed, even if the secure remote input and secure forward output were not included as part of the configuration. This update fixes the issue by examining if the secure connection is configured and checking the global `tls` `logging_pki_files` variable. The `rsyslog-gnutls` package is installed only when the secure connection is configured. As a result, the operation to configure Red Hat Enterprise Virtualization Hypervisor to integrate `elasticsearch` as the logging output no longer fails with the missing `rsyslog-gnutls` package.
 Story Points: ---
Clone Of: 1926823 Environment:
Last Closed: 2021-05-18 16:03:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1926823    

Comment 1 Noriko Hosoi 2021-02-12 17:44:14 UTC 
Note: This is a regression.
Comment 2 Noriko Hosoi 2021-02-12 17:54:33 UTC 
Comment from the original bz: https://bugzilla.redhat.com/show_bug.cgi?id=1926823

(In reply to Rich Megginson from comment #11)
> I believe rsyslog-gnutls is not a requirement for RHV-H, so we will change
> the logging role so that it is not installed by default, but only when the
> user chooses some functionality that requires it.  I believe right now that
> this is only imfwd/omfwd/imrelp/omrelp, which RHV-H does not use.  I believe
> omelasticsearch uses openssl for crypto, not gnutls.

Confirmed. The package rsyslog-gnutils is not used for sending logs to Elasticsearch.

One possibility is RHV is getting the metrics from collectd via imtcp. It could enable gnutls. But currently, it's not used nor available. (To make it happen, we need the enhancement in the logging role. That's being said rsyslog-gnutls package is not needed for RHV.)

> In addition, we should add a test to rsyslog that will check to see if we
> have inadvertently changed the packages we install by default, so that this
> doesn't happen again.

+1
Comment 3 Noriko Hosoi 2021-02-15 20:54:35 UTC 
Hi Shirly, once the new version of rhel-system-roles which contains this bug fix is ready, can we ask your team to verify this bz?
Comment 4 Martin Perina 2021-02-16 05:10:55 UTC 
(In reply to Noriko Hosoi from comment #3)
> Hi Shirly, once the new version of rhel-system-roles which contains this bug
> fix is ready, can we ask your team to verify this bz?

Lucie, is it possible to test it this flow with RHV-H, where you manually update rhel-system-roles package?
Comment 5 Lucie Leistnerova 2021-02-16 12:01:05 UTC 
> Lucie, is it possible to test it this flow with RHV-H, where you manually
> update rhel-system-roles package?

Yes, we should be able to test it.
Comment 17 Lucie Leistnerova 2021-02-22 18:03:35 UTC 
Verified in rhel-system-roles-1.0.0-29.el8.noarch
Comment 20 Noriko Hosoi 2021-03-29 14:21:36 UTC 
Thank you, Eliane. The Doc Text looks good to me.
Comment 22 errata-xmlrpc 2021-05-18 16:03:03 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (rhel-system-roles bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2021:1909