Bug 1927943 - Logging - Integrating ELK with RHV-4.4 fails as RHVH is missing 'rsyslog-gnutls' package.
Summary: Logging - Integrating ELK with RHV-4.4 fails as RHVH is missing 'rsyslog-gnut...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: rhel-system-roles
Version: 8.4
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: 8.0
Assignee: Noriko Hosoi
QA Contact: Lucie Leistnerova
Eliane Ramos Pereira
URL:
Whiteboard: role:logging
Depends On:
Blocks: 1926823
TreeView+ depends on / blocked
 
Reported: 2021-02-11 22:00 UTC by Shirly Radco
Modified: 2021-05-18 16:03 UTC (History)
11 users (show)

Fixed In Version: rhel-system-roles-1.0.0-28.el8
Doc Type: Bug Fix
Doc Text:
.`Logging` output no longer fails when the `rsyslog-gnutls` package is missing A global `tls` `rsyslog-gnutls` package is required when the `logging` RHEL System Role is configured to provide secure remote input and secure forward output. Previously, thel `tls` `rsyslog-gnutls` package was changed to install unconditionally in the previous version. As a consequence, when the `tls` `rsyslog-gnutls` package was not available on the managed nodes, the `logging` role configuration failed, even if the secure remote input and secure forward output were not included as part of the configuration. This update fixes the issue by examining if the secure connection is configured and checking the global `tls` `logging_pki_files` variable. The `rsyslog-gnutls` package is installed only when the secure connection is configured. As a result, the operation to configure Red Hat Enterprise Virtualization Hypervisor to integrate `elasticsearch` as the logging output no longer fails with the missing `rsyslog-gnutls` package.
Clone Of: 1926823
Environment:
Last Closed: 2021-05-18 16:03:03 UTC
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github linux-system-roles logging pull 214 0 None closed Bug 1927943 - Logging - Integrating ELK with RHV-4.4 fails as RHVH is… 2021-02-15 17:52:38 UTC

Comment 1 Noriko Hosoi 2021-02-12 17:44:14 UTC
Note: This is a regression.

Comment 2 Noriko Hosoi 2021-02-12 17:54:33 UTC
Comment from the original bz: https://bugzilla.redhat.com/show_bug.cgi?id=1926823

(In reply to Rich Megginson from comment #11)
> I believe rsyslog-gnutls is not a requirement for RHV-H, so we will change
> the logging role so that it is not installed by default, but only when the
> user chooses some functionality that requires it.  I believe right now that
> this is only imfwd/omfwd/imrelp/omrelp, which RHV-H does not use.  I believe
> omelasticsearch uses openssl for crypto, not gnutls.

Confirmed. The package rsyslog-gnutils is not used for sending logs to Elasticsearch.

One possibility is RHV is getting the metrics from collectd via imtcp. It could enable gnutls. But currently, it's not used nor available. (To make it happen, we need the enhancement in the logging role. That's being said rsyslog-gnutls package is not needed for RHV.)

> In addition, we should add a test to rsyslog that will check to see if we
> have inadvertently changed the packages we install by default, so that this
> doesn't happen again.

+1

Comment 3 Noriko Hosoi 2021-02-15 20:54:35 UTC
Hi Shirly, once the new version of rhel-system-roles which contains this bug fix is ready, can we ask your team to verify this bz?

Comment 4 Martin Perina 2021-02-16 05:10:55 UTC
(In reply to Noriko Hosoi from comment #3)
> Hi Shirly, once the new version of rhel-system-roles which contains this bug
> fix is ready, can we ask your team to verify this bz?

Lucie, is it possible to test it this flow with RHV-H, where you manually update rhel-system-roles package?

Comment 5 Lucie Leistnerova 2021-02-16 12:01:05 UTC
> Lucie, is it possible to test it this flow with RHV-H, where you manually
> update rhel-system-roles package?

Yes, we should be able to test it.

Comment 17 Lucie Leistnerova 2021-02-22 18:03:35 UTC
Verified in rhel-system-roles-1.0.0-29.el8.noarch

Comment 20 Noriko Hosoi 2021-03-29 14:21:36 UTC
Thank you, Eliane. The Doc Text looks good to me.

Comment 22 errata-xmlrpc 2021-05-18 16:03:03 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (rhel-system-roles bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2021:1909


Note You need to log in before you can comment on or make changes to this bug.