-
Task
-
Resolution: Done
-
Critical
-
None
-
8
-
False
-
None
-
False
-
NEW
-
NEW
-
This enhancement updates vector to match upstream vector tag v0.37.1
-
Enhancement
-
-
-
Log Collection - Sprint 252, Log Collection - Sprint 253
Description
Upgrade vector to v0.37.x
Acceptance Criteria
- Defined sub-tasks to support the new version
- Upstream CI
- Midstream pipelines
- Operator updates
- Patches we carry to bring forward from earlier releases
- CLO updates to address vector config changes
Notes
- Review change log so we understand how this may impact Cluster Logging
The following is known functionality that must be carried into this release:
- syslog support
- multi-line exception handling
- kubernetes source rotate_wait
- kubernetes source include_path
- openssl integration? (removal of ring for FIPS)
- is cloned by
-
-
- Closed
-
- relates to
-
OBSDOCS-1136 Update vector component version to v0.37.x, create a compatibility matrix table
-
- Closed
-
- links to
-
RHBA-2024:137361
Logging for Red Hat OpenShift - 6.0.0
1.
|
Setup CI for release-6.0 |
|
Closed | 
|
Calvin Lee |
2.
|
Switch CLO CI to use vector release-6.0 |
|
Closed | 
|
Calvin Lee |
3.
|
Fix CLO rotate_wait_ms to rotate_wait_secs |
|
Closed | 
|
Calvin Lee |
4.
|
CPaaS Changes to Enable vector/release-6.0 |
|
Closed |
|
Calvin Lee |
[LOG-5296] Update vector to v0.37.x
AWS SDK upstream seems to be getting serious about adding FIPS support:
https://github.com/smithy-lang/smithy-rs/issues/3563
It appears the story is now that rustls added FIPS support in https://github.com/rustls/rustls/releases/tag/v%2F0.23.0 on top of Amazon's https://crates.io/crates/aws-lc-rs , which is a Ring-compatible API with different backends. That in turn sits on top of https://crates.io/crates/aws-lc-fips-sys, which is Rust binding for Amazon's fork of BoringSSL/OpenSSL.
In particular, "This crate provides bindings to AWS-LC-FIPS 2.x, which has completed FIPS validation testing by an accredited lab and has been submitted to NIST for certification. The static build of AWS-LC-FIPS is used."
AWS-LC-FIPS 2.x is https://github.com/aws/aws-lc/tree/fips-2022-11-02,
"AWS-LC is a general-purpose cryptographic library maintained by the AWS Cryptography team for AWS and their customers. It іs based on code from the Google BoringSSL project and the OpenSSL project."
They seem to support x64 and aarch64, but not power or s390x.
jcantril@redhat.com Here's the branch https://github.com/syedriko/vector/tree/syedriko-merge-upstream-v0.37.0. This is a branch off the tip of release-5.9 with the v0.37.0 upstream tag merged into it. Plus I added a couple of patches that we carry, in openssl and hyper. One thing is remaining: "cargo deny" flags ring as a dependency, but I'm not seeing any ring code linked into the vector executable. Let's talk this over whenever it's a good time.
jcantril@redhat.com Sure thing. Let me go through the moves and refresh my memory.
syedriko_sub@redhat.com Can you please meet with our team to discuss your strategy for bumping the vector version
Since the problem described in this issue should be resolved in a recent advisory, it has been closed.
For information on the advisory (Logging for Red Hat OpenShift - 6.0.0), and where to find the updated files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHBA-2024:6693