Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Normal
Fix Version/s: Logging 5.3.0
Affects Version/s: None
Component/s: Log Collection
Labels:
- TLS
- devel_ack+
- log-core
- syslog

Blocked:
False
Ready:
False
Epic Link:
Expand Fluentd Auth Capabilities
Docs QE Status:
NEW
QE Status:
NEW
Release Note Text:
Undefined

Sprint:
Logging (Core) - Sprint 208

SFDC Cases Links:
SFDC Cases Counter:

Description

Customer wants to send syslog to external host over TLS. The TLS configuration generated for syslog fixes the hostname verificatiopn to true. This leads to failures while sending logs to external syslog

// code placeholder
  <match **>
    @type copy
    <store>
    	@type remote_syslog
    	@id syslogout
    	host syslog-receiver.openshift-logging.svc
    	port 24224
    	rfc rfc5424
    	facility user
        severity debug
    	appname ${tag}
    	msgid mymsg
    	procid myproc
    	protocol tcp
    	packet_size 4096
    tls true
      ca_file '/var/run/ocp-collector/secrets/syslog-receiver/ca-bundle.crt'
      verify_mode true
    timeout 60
      timeout_exception true
      keep_alive true
      keep_alive_idle 75
      keep_alive_cnt 9
      keep_alive_intvl 7200

The

tls true

config leads to setting hostname verification while creating SSLSocket.

So need to disable it.

Slack discussion thread: https://coreos.slack.com/archives/CB3HXM2QK/p1612450673342600

Attachments

Issue Links

links to

openshift/cluster-logging-operator#1186: LOG-1168: disabled hostname verification in TLS mode

Activity

People

Assignee:: Vimal Kumar

Reporter:: Vimal Kumar

QA Contact:: Anping Li

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2021/02/24 3:37 AM

Updated:: 2022/03/16 3:20 PM

Resolved:: 2021/10/18 12:51 PM