Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Critical
Fix Version/s: Logging 5.8.0
Affects Version/s: Logging 5.6.5, Logging 5.7.0
Component/s: Log Collection
Labels:
- devel_ack+
- no-rn

Blocked:
False
Blocked Reason:
None
Ready:
False
Docs QE Status:
NEW
QE Status:
NEW
Steps to Reproduce:
Hide

1) Install RHOL 5.7 version with Vector as collector.

2) Create a CLF instance sending logs to Splunk and with tls.insecureSkipVerify=true

apiVersion: logging.openshift.io/v1 kind: ClusterLogForwarder metadata: name: instance namespace: openshift-logging spec: outputs: - name: splunk-receiver splunk: {} tls: insecureSkipVerify: true type: splunk url: https://localhost:8088/services/collector pipelines: - name: test inputRefs: - infrastructure - application outputRefs: - splunk-receiver

3) Access to the Vector pod configuration and check that tls.verify_hostname and tls.verify_certificate parameters are not created (/etc/vector/vector.toml):

sh-4.4# cat vector.toml | grep verify_certificate sh-4.4# cat vector.toml | grep verify_hostname
Show
1) Install RHOL 5.7 version with Vector as collector. 2) Create a CLF instance sending logs to Splunk and with tls.insecureSkipVerify=true apiVersion: logging.openshift.io/v1 kind: ClusterLogForwarder metadata: name: instance namespace: openshift-logging spec: outputs: - name: splunk-receiver splunk: {} tls: insecureSkipVerify: true type: splunk url: https: //localhost:8088/services/collector pipelines: - name: test inputRefs: - infrastructure - application outputRefs: - splunk-receiver 3) Access to the Vector pod configuration and check that tls.verify_hostname and tls.verify_certificate parameters are not created (/etc/vector/vector.toml): sh-4.4# cat vector.toml | grep verify_certificate sh-4.4# cat vector.toml | grep verify_hostname
Intelligence Requested:
Market:

Sprint:
Log Collection - Sprint 236
Severity:
Important

Test Link:
https://polarion.engineering.redhat.com/polarion/#/project/OSE/workitem?id=OCP-63986

SFDC Cases Links:
SFDC Cases Counter:

Description of problem:

Related to --> https://issues.redhat.com/browse/LOG-3445

When tls.insecureSkipVerify=true is configured in ClusterLogForwarder, we should see tls.verify_hostname=false and tls.verify_certificate=false in Vector configuration.

Version-Release number of selected component (if applicable):

RHOL 5.7

How reproducible:

Always

is related to

LOG-3445 [vector to loki] validation is not disabled when tls.insecureSkipVerify=true

Closed

links to

[KCS] No skipping certificates validation when log forwarding in RHOCP 4

Assignee:: Vitalii Parfonov

Reporter:: Adrian Candel

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2023/05/17 7:03 AM

Updated:: 2023/07/24 7:34 PM

Resolved:: 2023/07/24 7:33 PM

Details

Description

Description of problem:

Version-Release number of selected component (if applicable):

How reproducible:

Attachments

Issue Links

Activity

People

Dates