Description of problem: The provided template for the secure-forward.conf file does not include the <store> tag which might lead to users having problems during its configuration. the main problem is that it doesn't match the documentation Version-Release number of selected component (if applicable): Any version Additional info: Documentation snippet found in: https://docs.openshift.com/container-platform/3.6/install_config/aggregate_logging.html#aggregated-fluentd Conf file missing the store tag: https://github.com/openshift/openshift-ansible/blob/release-3.6/roles/openshift_logging_fluentd/files/secure-forward.conf
Can the PR be merged? Is there something missing?
(In reply to Ruben Romero Montes from comment #0) > Additional info: > Documentation snippet found in: > https://docs.openshift.com/container-platform/3.6/install_config/ > aggregate_logging.html#aggregated-fluentd It looks like a Doc bug. Please take a look at this Fluentd doc, where <store> i s not needed. (Instead, it needs to be in <match TAG>) https://docs.fluentd.org/v0.12/articles/out_secure_forward You could see how we enable secure forward in the secure forward CI test. 1) Enabling secure-forward.conf in the main fluentd config file in <match **>: https://github.com/openshift/origin-aggregated-logging/blob/master/test/fluentd-forward.sh#L22-L25 2) Updating the content of secure-forward.conf: https://github.com/openshift/origin-aggregated-logging/blob/master/test/fluentd-forward.sh#L31-L41 Can we change this to a Doc bug?
In both cases the <match **> tag only has one @include but if you see in the documentation when you use the @type copy you need to put the others under <store> tag. Check how the configuration should be expanded. <match **> @type copy @include output-es-config.conf @include ../user/output-extra-*.conf @include ../dynamic/es-copy-config.conf <store> @type secure_forward ... </store> </match> Compare with the output-es-config.conf file, for example: <store> @type elasticsearch_dynamic host "#{ENV['ES_HOST']}" port "#{ENV['ES_PORT']}" ... </store> But it is true I should add a unit test for that.
Commit pushed to master at https://github.com/openshift/openshift-ansible https://github.com/openshift/openshift-ansible/commit/4b2b0a0b5d5df89c98332a3ae24de336a65c0332 bug 1498398. Enclose content between store tag
How can we verify if we have an openshift-ansible build which includes this fix?
It should be in both 3.8 and 3.9 builds. ~/git/Openshift/openshift-ansible (master)$ git tag --contains 4b2b0a0b5d5df89c98332a3ae24de336a65c0332 openshift-ansible-3.8.0-0.10.0 openshift-ansible-3.9.0-0.1.0
No sure if we neend to fix in v3.6 and v3.7. Get the following error when use td-agent as an external fluent td-agent-3.1.1-0.el7.x86_64. Will the same version fluentd again. 2018-01-10 04:00:03 -0500 [warn]: #0 incoming chunk is broken: host="192.168.1.218" msg=46 2018-01-10 04:00:03 -0500 [error]: #0 unexpected error on reading data host="192.168.1.218" port=54510 error_class=MessagePack::UnknownExtTypeError error="unexpected extension type" 2018-01-10 04:00:03 -0500 [error]: #0 suppressed same stacktrace
The secure-forward.conf are in place of store. so move bug to verified. secure-forward.conf: | # <store> # @type secure_forward # self_hostname ${HOSTNAME} # shared_key <SECRET_STRING> # secure yes # enable_strict_verification yes # ca_cert_path /etc/fluent/keys/your_ca_cert # ca_private_key_path /etc/fluent/keys/your_private_key # for private CA secret key # ca_private_key_passphrase passphrase # <server> # or IP # host server.fqdn.example.com # port 24284 # </server> # <server> # ip address to connect # host 203.0.113.8 # specify hostlabel for FQDN verification if ipaddress is used for host # hostlabel server.fqdn.example.com # </server> # </store>
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:2013