Bug 1990462

Summary: [RFE] Add user name and password to ELK integration
Product: Red Hat Enterprise Virtualization Manager Reporter: Aviv Litman <alitman>
Component: ovirt-engine-metricsAssignee: Aviv Litman <alitman>
Status: CLOSED ERRATA QA Contact: Guilherme Santos <gdeolive>
Severity: high Docs Contact:
Priority: high    
Version: 4.4.7CC: emarcus, mperina, pelauter
Target Milestone: ovirt-4.5.0Keywords: FutureFeature
Target Release: 4.5.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ovirt-engine-metrics-1.5.0 Doc Type: Enhancement
Doc Text:
In this release, Elasticsearch username and password have been added for authentication from rsyslog. AS a result, rsyslog can now authenticate to Elasticsearch using a username and password.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2022-05-26 16:23:07 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Metrics RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1990490, 2010327, 2025936    
Bug Blocks: 2025290    

Description Aviv Litman 2021-08-05 13:08:02 UTC 
The user and password are exposed in the RSyslog Elasticsearch Output Module,
and documented as uid, and pwd here:
https://www.rsyslog.com/doc/v8-stable/configuration/modules/omelasticsearch.html#server

and the user can set built-in user password, as documented here (step 2-6-4):
https://www.elastic.co/blog/configuring-ssl-tls-and-https-to-secure-elasticsearch-kibana-beats-and-logstash 

We want to expose the uid and pwd parameters in our role,
to allow basic auth on the elasticsearch server.

The metrics side is documented in this bug.

The rhel-system-roles will be documented in a separate bug: https://bugzilla.redhat.com/show_bug.cgi?id=1990490

*need to make sure we never log the password anywhere.

*remove unnecessary variables from the secure_vars.yaml.example
Comment 3 Guilherme Santos 2022-05-03 17:35:08 UTC 
Verified on ovirt-engine-4.5.0.1-601.f26e9ea8cac5.3.el8ev.noarch

Sanity passed with username and password specified in metrics config file
Comment 8 errata-xmlrpc 2022-05-26 16:23:07 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: RHV Manager (ovirt-engine) [ovirt-4.5.0] security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:4711