Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-1375

ssl_ca_cert should be optional

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • Logging 5.3.0
    • Logging 5.1
    • Log Collection
    • None
    • Logging (Core) - Sprint 202

      *Description of problem:
      The ssl_ca_cert is not necessary when forword logs using plaintex,sasl_plaintext or ssl singed by systemt ca.

      Version:
      quay.io/logging/origin-cluster-logging-operator:latest

      *How to reproducible:
      Always

      *Step to Reproduce
      1) git clone git@gitlab.cee.redhat.com:aosqe/aosqe-tools.git
      2) cd osqe-tools/logging/log_template/kafka/kafka-2.4.1
      3) Deploy clusterlogging operator
      4) Deploy Kafka and enable sasl plaintext

      bash 10_deploy-kafka-plaintext-sasl_plaintext.sh

      5) Forward logs to Kafka using username and password, And don't set ca-bundle.crt secret.
      sh 20_create-clf-kafka-sasl_plaintext.sh
      6) Create clusterlogging instance
      7) check the fluentd.conf

      # Ship logs to specific outputs
<label @KAFKA_APP>
  <match **>
    @type kafka2
    brokers kafka.openshift-logging.svc.cluster.local:9093
    default_topic clo-topic
    use_event_time true
    username "#{File.exists?('/var/run/ocp-collector/secrets/kafka-fluentd/username') ? open('/var/run/ocp-collector/secrets/kafka-fluentd/username','r') do |f|f.read end : ''}"
    password "#{File.exists?('/var/run/ocp-collector/secrets/kafka-fluentd/password') ? open('/var/run/ocp-collector/secrets/kafka-fluentd/password','r') do |f|f.read end : ''}"
    ssl_ca_cert '/var/run/ocp-collector/secrets/kafka-fluentd/ca-bundle.crt'
    ssl_client_cert "#{File.exist?('/var/run/ocp-collector/secrets/kafka-fluentd/tls.crt') ? '/var/run/ocp-collector/secrets/kafka-fluentd/tls.crt' : nil}"
    ssl_client_cert_key "#{File.exist?('/var/run/ocp-collector/secrets/kafka-fluentd/tls.key') ? '/var/run/ocp-collector/secrets/kafka-fluentd/tls.key' : nil}"
    ....
    ....
</label>

      8) Check the fluentd logs
      $oc logs fluentd-kdtmx
      Setting each total_size_limit for 1 buffers to 20533579161 bytes
      Setting queued_chunks_limit_size for each buffer to 2447
      Setting chunk_limit_size for each buffer to 8388608
      2021-05-17 14:30:40 +0000 [error]: unexpected error error_class=Errno::ENOENT error="No such file or directory @ rb_sysopen - /var/run/ocp-collector/secrets/kafka-fluentd/ca-bundle.crt"
      2021-05-17 14:30:40 +0000 [error]: /usr/local/share/gems/gems/fluent-plugin-kafka-0.13.1/lib/fluent/plugin/kafka_plugin_util.rb:53:in `read'
      2021-05-17 14:30:40 +0000 [error]: /usr/local/share/gems/gems/fluent-plugin-kafka-0.13.1/lib/fluent/plugin/kafka_plugin_util.rb:53:in `block in read_ssl_ca_certs'
      2021-05-17 14:30:40 +0000 [error]: /usr/local/share/gems/gems/fluent-plugin-kafka-0.13.1/lib/fluent/plugin/kafka_plugin_util.rb:53:in `each'
      2021-05-17 14:30:40 +0000 [error]: /usr/local/share/gems/gems/fluent-plugin-kafka-0.13.1/lib/fluent/plugin/kafka_plugin_util.rb:53:in `flat_map'
      2021-05-17 14:30:40 +0000 [error]: /usr/local/share/gems/gems/fluent-plugin-kafka-0.13.1/lib/fluent/plugin/kafka_plugin_util.rb:53:in `read_ssl_ca_certs'
      2021-05-17 14:30:40 +0000 [error]: /usr/local/share/gems/gems/fluent-plugin-kafka-0.13.1/lib/fluent/plugin/out_kafka2.rb:103:in `refresh_client'
      2021-05-17 14:30:40 +0000 [error]: /usr/local/share/gems/gems/fluent-plugin-kafka-0.13.1/lib/fluent/plugin/out_kafka2.rb:182:in `start'
      2021-05-17 14:30:40 +0000 [error]: /usr/local/share/gems/gems/fluentd-1.7.4/lib/fluent/root_agent.rb:203:in `block in start'
      2021-05-17 14:30:40 +0000 [error]: /usr/local/share/gems/gems/fluentd-1.7.4/lib/fluent/root_agent.rb:182:in `block (2 levels) in lifecycle'
      2021-05-17 14:30:40 +0000 [error]: /usr/local/share/gems/gems/fluentd-1.7.4/lib/fluent/agent.rb:119:in `block (2 levels) in lifecycle'
      2021-05-17 14:30:40 +0000 [error]: /usr/local/share/gems/gems/fluentd-1.7.4/lib/fluent/agent.rb:118:in `each'
      2021-05-17 14:30:40 +0000 [error]: /usr/local/share/gems/gems/fluentd-1.7.4/lib/fluent/agent.rb:118:in `block in lifecycle'
      2021-05-17 14:30:40 +0000 [error]: /usr/local/share/gems/gems/fluentd-1.7.4/lib/fluent/agent.rb:111:in `each'
      2021-05-17 14:30:40 +0000 [error]: /usr/local/share/gems/gems/fluentd-1.7.4/lib/fluent/agent.rb:111:in `lifecycle'
      2021-05-17 14:30:40 +0000 [error]: /usr/local/share/gems/gems/fluentd-1.7.4/lib/fluent/root_agent.rb:181:in `block in lifecycle'
      2021-05-17 14:30:40 +0000 [error]: /usr/local/share/gems/gems/fluentd-1.7.4/lib/fluent/root_agent.rb:178:in `each'
      2021-05-17 14:30:40 +0000 [error]: /usr/local/share/gems/gems/fluentd-1.7.4/lib/fluent/root_agent.rb:178:in `lifecycle'
      2021-05-17 14:30:40 +0000 [error]: /usr/local/share/gems/gems/fluentd-1.7.4/lib/fluent/root_agent.rb:202:in `start'
      2021-05-17 14:30:40 +0000 [error]: /usr/local/share/gems/gems/fluentd-1.7.4/lib/fluent/engine.rb:274:in `start'
      2021-05-17 14:30:40 +0000 [error]: /usr/local/share/gems/gems/fluentd-1.7.4/lib/fluent/engine.rb:219:in `run'
      2021-05-17 14:30:40 +0000 [error]: /usr/local/share/gems/gems/fluentd-1.7.4/lib/fluent/supervisor.rb:816:in `run_engine'
      2021-05-17 14:30:40 +0000 [error]: /usr/local/share/gems/gems/fluentd-1.7.4/lib/fluent/supervisor.rb:559:in `block in run_worker'
      2021-05-17 14:30:40 +0000 [error]: /usr/local/share/gems/gems/fluentd-1.7.4/lib/fluent/supervisor.rb:741:in `main_process'
      2021-05-17 14:30:40 +0000 [error]: /usr/local/share/gems/gems/fluentd-1.7.4/lib/fluent/supervisor.rb:554:in `run_worker'
      2021-05-17 14:30:40 +0000 [error]: /usr/local/share/gems/gems/fluentd-1.7.4/lib/fluent/command/fluentd.rb:330:in `<top (required)>'
      2021-05-17 14:30:40 +0000 [error]: /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:59:in `require'
      2021-05-17 14:30:40 +0000 [error]: /usr/share/rubygems/rubygems/core_ext/kernel_require.rb:59:in `require'
      2021-05-17 14:30:40 +0000 [error]: /usr/local/share/gems/gems/fluentd-1.7.4/bin/fluentd:8:in `<top (required)>'
      2021-05-17 14:30:40 +0000 [error]: /usr/local/bin/fluentd:23:in `load'
      2021-05-17 14:30:40 +0000 [error]: /usr/local/bin/fluentd:23:in `<main>'
      2021-05-17 14:30:40 +0000 [error]: unexpected error error_class=Errno::ENOENT error="No such file or directory @ rb_sysopen - /var/run/ocp-collector/secrets/kafka-fluentd/ca-bundle.crt"
      2021-05-17 14:30:40 +0000 [error]: suppressed same stacktrace

      Actual Result:
      error="No such file or directory @ rb_sysopen - /var/run/ocp-collector/secrets/kafka-fluentd/ca-bundle.crt"

      Expected Result
      clo shouldn't conifgure ca-bundle.crt in fluentd.conf when n forward logs using plaintex,sasl_plaintext or ssl singed by system ca.

              Unassigned Unassigned
              rhn-support-anli Anping Li
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: