Can the PR be merged? Is there something missing?

(In reply to Ruben Romero Montes from comment #0)
> Additional info:
> Documentation snippet found in:
> https://docs.openshift.com/container-platform/3.6/install_config/
> aggregate_logging.html#aggregated-fluentd

It looks like a Doc bug.  Please take a look at this Fluentd doc, where <store> i s not needed.  (Instead, it needs to be in <match TAG>)

https://docs.fluentd.org/v0.12/articles/out_secure_forward

You could see how we enable secure forward in the secure forward CI test.
1) Enabling secure-forward.conf in the main fluentd config file in <match **>:
https://github.com/openshift/origin-aggregated-logging/blob/master/test/fluentd-forward.sh#L22-L25
2) Updating the content of secure-forward.conf:
https://github.com/openshift/origin-aggregated-logging/blob/master/test/fluentd-forward.sh#L31-L41

Can we change this to a Doc bug?

In both cases the <match **> tag only has one @include but if you see in the documentation when you use the @type copy you need to put the others under <store> tag. Check how the configuration should be expanded.

<match **>
   @type copy
   @include output-es-config.conf
   @include ../user/output-extra-*.conf
   @include ../dynamic/es-copy-config.conf
   <store>
     @type secure_forward
     ...
   </store>
</match>

Compare with the output-es-config.conf file, for example:
    <store>
      @type elasticsearch_dynamic
      host "#{ENV['ES_HOST']}"
      port "#{ENV['ES_PORT']}"
      ...
    </store>

But it is true I should add a unit test for that.

Commit pushed to master at https://github.com/openshift/openshift-ansible

https://github.com/openshift/openshift-ansible/commit/4b2b0a0b5d5df89c98332a3ae24de336a65c0332
bug 1498398. Enclose content between store tag

How can we verify if we have an openshift-ansible build which includes this fix?

It should be in both 3.8 and 3.9 builds.

~/git/Openshift/openshift-ansible (master)$ git tag --contains 4b2b0a0b5d5df89c98332a3ae24de336a65c0332
openshift-ansible-3.8.0-0.10.0
openshift-ansible-3.9.0-0.1.0

No sure if we neend to fix in v3.6 and v3.7.
Get the following error when use td-agent as an external fluent td-agent-3.1.1-0.el7.x86_64.  Will the same version fluentd again.


2018-01-10 04:00:03 -0500 [warn]: #0 incoming chunk is broken: host="192.168.1.218" msg=46
2018-01-10 04:00:03 -0500 [error]: #0 unexpected error on reading data host="192.168.1.218" port=54510 error_class=MessagePack::UnknownExtTypeError error="unexpected extension type"
  2018-01-10 04:00:03 -0500 [error]: #0 suppressed same stacktrace

The secure-forward.conf are in place of store. so move bug to verified. 

  secure-forward.conf: |
    # <store>
    # @type secure_forward

    # self_hostname ${HOSTNAME}
    # shared_key <SECRET_STRING>

    # secure yes
    # enable_strict_verification yes

    # ca_cert_path /etc/fluent/keys/your_ca_cert
    # ca_private_key_path /etc/fluent/keys/your_private_key
      # for private CA secret key
    # ca_private_key_passphrase passphrase

    # <server>
      # or IP
    #   host server.fqdn.example.com
    #   port 24284
    # </server>
    # <server>
      # ip address to connect
    #   host 203.0.113.8
      # specify hostlabel for FQDN verification if ipaddress is used for host
    #   hostlabel server.fqdn.example.com
    # </server>
    # </store>

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2013