Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1927943

Summary: Logging - Integrating ELK with RHV-4.4 fails as RHVH is missing 'rsyslog-gnutls' package.
Product: Red Hat Enterprise Linux 8 Reporter: Shirly Radco <sradco>
Component: rhel-system-rolesAssignee: Noriko Hosoi <nhosoi>
Status: CLOSED ERRATA QA Contact: Lucie Leistnerova <lleistne>
Severity: high Docs Contact: Eliane Ramos Pereira <elpereir>
Priority: high    
Version: 8.4CC: abpatil, alitman, djez, elpereir, lleistne, mperina, nhosoi, pcahyna, rmeggins, sbonazzo, sradco
Target Milestone: rcKeywords: Regression, Triaged
Target Release: 8.0Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: role:logging
Fixed In Version: rhel-system-roles-1.0.0-28.el8 Doc Type: Bug Fix
Doc Text:
.`Logging` output no longer fails when the `rsyslog-gnutls` package is missing A global `tls` `rsyslog-gnutls` package is required when the `logging` RHEL System Role is configured to provide secure remote input and secure forward output. Previously, thel `tls` `rsyslog-gnutls` package was changed to install unconditionally in the previous version. As a consequence, when the `tls` `rsyslog-gnutls` package was not available on the managed nodes, the `logging` role configuration failed, even if the secure remote input and secure forward output were not included as part of the configuration. This update fixes the issue by examining if the secure connection is configured and checking the global `tls` `logging_pki_files` variable. The `rsyslog-gnutls` package is installed only when the secure connection is configured. As a result, the operation to configure Red Hat Enterprise Virtualization Hypervisor to integrate `elasticsearch` as the logging output no longer fails with the missing `rsyslog-gnutls` package.
 Story Points: ---
Clone Of: 1926823 Environment:
Last Closed: 2021-05-18 16:03:03 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1926823    

Comment 1 Noriko Hosoi 2021-02-12 17:44:14 UTC 
Note: This is a regression.
Comment 2 Noriko Hosoi 2021-02-12 17:54:33 UTC 
Comment from the original bz: https://bugzilla.redhat.com/show_bug.cgi?id=1926823

(In reply to Rich Megginson from comment #11)
> I believe rsyslog-gnutls is not a requirement for RHV-H, so we will change
> the logging role so that it is not installed by default, but only when the
> user chooses some functionality that requires it.  I believe right now that
> this is only imfwd/omfwd/imrelp/omrelp, which RHV-H does not use.  I believe
> omelasticsearch uses openssl for crypto, not gnutls.

Confirmed. The package rsyslog-gnutils is not used for sending logs to Elasticsearch.

One possibility is RHV is getting the metrics from collectd via imtcp. It could enable gnutls. But currently, it's not used nor available. (To make it happen, we need the enhancement in the logging role. That's being said rsyslog-gnutls package is not needed for RHV.)

> In addition, we should add a test to rsyslog that will check to see if we
> have inadvertently changed the packages we install by default, so that this
> doesn't happen again.

+1
Comment 3 Noriko Hosoi 2021-02-15 20:54:35 UTC 
Hi Shirly, once the new version of rhel-system-roles which contains this bug fix is ready, can we ask your team to verify this bz?
Comment 4 Martin Perina 2021-02-16 05:10:55 UTC 
(In reply to Noriko Hosoi from comment #3)
> Hi Shirly, once the new version of rhel-system-roles which contains this bug
> fix is ready, can we ask your team to verify this bz?

Lucie, is it possible to test it this flow with RHV-H, where you manually update rhel-system-roles package?
Comment 5 Lucie Leistnerova 2021-02-16 12:01:05 UTC 
> Lucie, is it possible to test it this flow with RHV-H, where you manually
> update rhel-system-roles package?

Yes, we should be able to test it.
Comment 17 Lucie Leistnerova 2021-02-22 18:03:35 UTC 
Verified in rhel-system-roles-1.0.0-29.el8.noarch
Comment 20 Noriko Hosoi 2021-03-29 14:21:36 UTC 
Thank you, Eliane. The Doc Text looks good to me.
Comment 22 errata-xmlrpc 2021-05-18 16:03:03 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (rhel-system-roles bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2021:1909