Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-1525

Allow configuration of passphrase for fluent forward

    XMLWordPrintable

Details

    • 3
    • False
    • False
    • NEW
    • NEW
    • Hide
      With this update, if you use the Fluentd forward protocol to forward log data over a TLS-encrypted connection, you can now use a password-encrypted private key file and specify the passphrase in the Cluster Log Forwarder configuration. For more information, see xref:/logging/cluster-logging-external.html#cluster-logging-collector-log-forward-fluentd_cluster-logging-external[Forwarding logs using the Fluentd forward protocol]
      Show
      With this update, if you use the Fluentd forward protocol to forward log data over a TLS-encrypted connection, you can now use a password-encrypted private key file and specify the passphrase in the Cluster Log Forwarder configuration. For more information, see xref:/logging/cluster-logging-external.html#cluster-logging-collector-log-forward-fluentd_cluster-logging-external[Forwarding logs using the Fluentd forward protocol]
    • Logging (Core) - Sprint 204

    Description

      Story

      As a user of cluster log forwardering to a "fluent forward" output,
      I need to configure the passphrase for my TLS client private key
      so auth is configured properly to allow communication to the destination

      Acceptance Criteria

      • CLF with forward output sends records to "forward " service configured to use certs where the private key is protected with a pass phrase
      • The generated configuration uses the parameter "tls_client_private_key_passphrase" for the configured output
      • Documented secret key that is recognized by ClusterLogForwarder
      • Unit test verifying the new configuration

      Notes

      • Possible secret key values: passphrase, privateKeyPassphrase, ?
      • This change only applies to forward outputs but we should consider its applications to others
      • There is another story that is intended to over haul authorization configuration

      Attachments

        Issue Links

          blocks

          Feature - Capability or a well-defined set of functionality that delivers business value. Features can include additions or changes to existing functionality. Features can easily span multiple teams, and potentially multiple releases. OBSDA-83 Adding tls_client_private_key_passphrase in fluent.conf in forward from logforward

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is documented by

          Task - Represents a small unit of work that is not end-user facing. RHDEVDOCS-3158 Allow configuration of passphrase for fluent forward

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed
          links to

          GitHub openshift/cluster-logging-operator#1103: LOG-1525: Allow use private key protected by the passphrase

          Activity

            People

              vparfono Vitalii Parfonov
              jcantril@redhat.com Jeffrey Cantrill
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: