Details
-
Bug
-
Resolution: Done
-
Blocker
-
Logging 5.7.0
Description
When forward logs over http using fluentd. the generated TLS Parameters are wrong, ca_cert should be tls_ca_cert_path;key should be tls_private_key_path;cert should be tls_client_cert_path.
<label @HTTPOUT_AUDIT> <match **> @type http endpoint https://fluentdserver-fluentdserver.apps.anli103.qe.devcluster.openshift.com/logs/audit http_method post encoding "application/x-ndjson" headers {"h1":"v1","h2":"v2"} key '/var/run/ocp-collector/secrets/fluentdserver/tls.key' cert '/var/run/ocp-collector/secrets/fluentdserver/tls.crt' ca_cert '/var/run/ocp-collector/secrets/fluentdserver/ca-bundle.crt' ..... </label>
Step to reproduce:
1. Create fluentd_only clustrelogging instance.
2. Forward logs over http using tls
oc -n openshift-logging create secret generic fluentdserver --from-file=ca-bundle.crt=ca.crt --from-file=tls.crt=tls.crt --from-file=tls.key=tls.key --from-literal=passphrase=aosqe2021
apiVersion: logging.openshift.io/v1 kind: ClusterLogForwarder metadata: name: instance namespace: openshift-logging spec: outputs: - http: headers: h1: v1 h2: v2 method: POST name: httpout-app secret: name: fluentdserver tls: insecureSkipVerify: false type: http url: https://fluentdserver-fluentdserver.apps.anli103.qe.devcluster.openshift.com/logs/app - http: headers: h1: v1 h2: v2 method: POST name: httpout-infra secret: name: fluentdserver tls: insecureSkipVerify: false type: http url: https://fluentdserver-fluentdserver.apps.anli103.qe.devcluster.openshift.com/logs/infra - http: headers: h1: v1 h2: v2 method: POST name: httpout-audit secret: name: fluentdserver tls: insecureSkipVerify: false type: http url: https://fluentdserver-fluentdserver.apps.anli103.qe.devcluster.openshift.com/logs/audit pipelines: - inputRefs: - application name: app-logs outputRefs: - httpout-app - inputRefs: - infrastructure name: infra-logs outputRefs: - httpout-infra - inputRefs: - audit name: audit-logs outputRefs: - httpout-audit