Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-4184

Certificate error on collector when forwarding to default Loki using vector

    XMLWordPrintable

Details

    • False
    • None
    • False
    • NEW
    • VERIFIED
    • Without this update, in some cases, the Vector collector failed to send logs to Loki due to a certificate error. With this change, the correct configuration for the Vector collector will be generated, which should prevent such errors.
    • Bug Fix
    • Log Collection - Sprint 237

    Description

      Description of problem:
      Collector throws certificate error when forwarding to default Loki using vector

      collector logs:

      2023-06-01T23:32:21.425525Z ERROR sink{component_kind="sink" component_id=default_loki_infra component_type=loki component_name=default_loki_infra}: vector::internal_events::http_client: HTTP error. error=error trying to connect: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1915:: self signed certificate in certificate chain error_type="request_failed" stage="processing"
2023-06-01T23:32:21.425578Z ERROR sink{component_kind="sink" component_icd=default_loki_infra component_type=loki component_name=default_loki_infra}: vector_core::stream::driver: Service call failed. error=HttpError { error: CallRequest { source: hyper::Error(Connect, Custom { kind: Other, error: ConnectError { error: Error { code: ErrorCode(1), cause: Some(Ssl(ErrorStack([Error { code: 337047686, library: "SSL routines", function: "tls_process_server_certificate", reason: "certificate verify failed", file: "ssl/statem/statem_clnt.c", line: 1915 }]))) }, verify_result: X509VerifyResult { code: 19, error: "self signed certificate in certificate chain" } } }) } } request_id=28
      $ oc get csv -n openshift-logging
NAME                     DISPLAY                     VERSION   REPLACES   PHASE
cluster-logging.v5.6.7   Red Hat OpenShift Logging   5.6.7                Succeeded
loki-operator.v5.6.7     Loki Operator               5.6.7                Succeeded

      CSV: cluster-logging.v5.6.7

      CLO image: registry.redhat.io/openshift-logging/cluster-logging-rhel8-operator@sha256:8fe5663cc01b3c572a18877402fe32f4e8ec5cc8bab948f049f708c92578449e

      How reproducible: Always

      Steps to Reproduce:
      1) Deploy CLO and Loki v5.6.7
      2) Forward logs to default logStore loki using vector
      3) Check collector logs

      Actual results: collector throws certificate error.

      Expected results: logs can be forwarded to loki using vector as collector

      Attachments

        Activity

          People

            vparfono Vitalii Parfonov
            rhn-support-kbharti Kabir Bharti
            Kabir Bharti Kabir Bharti
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: