Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-3827

[fluentd http] The passphase isn't generated in fluent.conf

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • NEW
    • NEW
    • Log Collection - Sprint 233, Log Collection - Sprint 234, Log Collection - Sprint 235, Log Collection - Sprint 236, Log Collection - Sprint 237

      The tls.key passphase isn't added into fluent.conf when passphrase in secret.

      Step to reproduce:

      1. Create clusterlogging instance.
      2. Create Secret for CLF
        oc create secret generic to-fluentdserver --from-file=tls.key=collector_openshift-logging/server.key --from-file=tls.crt=collector_openshift-logging/server.crt --from-file=ca-bundle.crt=ca/ca_bundle.crt --from-literal=passphrase=aosqe2021 -n openshift-logging
      3. Create cluster-logging/instance and clf/instance
      apiVersion: logging.openshift.io/v1
kind: ClusterLogForwarder
metadata:
  name: instance
  namespace: openshift-logging
spec:
  outputs:
  - http:
      headers:
        h1: v1
        h2: v2
      method: POST
    name: httpout-app
    secret:
      name: fluentdserver
    tls:
      insecureSkipVerify: false
    type: http
    url: https://fluentdserver-fluentdserver.apps.anli103.qe.devcluster.openshift.com/logs/app
  - http:
      headers:
        h1: v1
        h2: v2
      method: POST
    name: httpout-infra
    secret:
      name: fluentdserver
    tls:
      insecureSkipVerify: false
    type: http
    url: https://fluentdserver-fluentdserver.apps.anli103.qe.devcluster.openshift.com/logs/infra
  - http:
      headers:
        h1: v1
        h2: v2
      method: POST
    name: httpout-audit
    secret:
      name: fluentdserver
    tls:
      insecureSkipVerify: false
    type: http
    url: https://fluentdserver-fluentdserver.apps.anli103.qe.devcluster.openshift.com/logs/audit
  pipelines:
  - inputRefs:
    - application
    name: app-logs
    outputRefs:
    - httpout-app
  - inputRefs:
    - infrastructure
    name: infra-logs
    outputRefs:
    - httpout-infra
  - inputRefs:
    - audit
    name: audit-logs
    outputRefs:
    - httpout-audit

       

      Actual result:
      The passphase wasn't added in fluent.conf

      <label @HTTPOUT_AUDIT>
      <match **>
      @type http
      endpoint https://fluentdserver.fluentd-aosqe.svc:24224/logs/audit
      http_method post
      headers

      {"h1":"v1","h2":"v2"}

      tls_private_key_path '/var/run/ocp-collector/secrets/to-fluentdserver/tls.key'
      tls_client_cert_path '/var/run/ocp-collector/secrets/to-fluentdserver/tls.crt'
      tls_ca_cert_path '/var/run/ocp-collector/secrets/to-fluentdserver/ca-bundle.crt'
      </match>

      Expected Result:

      <label @HTTPOUT_AUDIT>
      <match **>
      @type http
      endpoint https://fluentdserver.fluentd-aosqe.svc:24224/logs/audit
      http_method post
      headers

      {"h1":"v1","h2":"v2"}

      tls_private_key_path '/var/run/ocp-collector/secrets/to-fluentdserver/tls.key'
      tls_client_cert_path '/var/run/ocp-collector/secrets/to-fluentdserver/tls.crt'
      tls_ca_cert_path '/var/run/ocp-collector/secrets/to-fluentdserver/ca-bundle.crt'
      tls_private_key_passphrase aosqe2021

              vparfono Vitalii Parfonov
              rhn-support-anli Anping Li
              Anping Li Anping Li
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: