Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-6203

Configuring Openshift log forwarding to external Elasticsearch creates incorrect vector.toml file

XMLWordPrintable

    • False
    • None
    • False
    • NEW
    • NEW
    • Bug Fix
    • Log Collection - Sprint 260

      Description of problem:

      When configuring Openshift log forwarding to an external Elasticsearch instance that uses authentication (username and password), the username and password are inserted wrong in the vector.toml file created for the collector and so the collector pods keep in crashloopbackoff.

      Version-Release number of selected component (if applicable):

      [gpulido@bastion ~]$ oc get csv -n openshift-logging
NAME                     DISPLAY                     VERSION   REPLACES                 PHASE
cluster-logging.v5.9.6   Red Hat OpenShift Logging   5.9.6     cluster-logging.v5.9.5   Succeeded
[gpulido@bastion ~]$ 

      How reproducible:

      For me, always

      Steps to Reproduce:

      1. Install the logging operator
      2. Create the secret with external elasticsearch credentials and CA certificate chain
      3. Create the service account with permissions to collect logs
      4. Create the clusterlogforwarder object with the following section:
      spec:
  serviceAccountName: log-collector-sa
  outputs:
   - name: external-elasticsearch
     type: elasticsearch
     elasticsearch:
       version: 8
     secret:
       name: external-elasticsearch-secret <--- points to secret created in step 2

      Actual results:

      Pods are created but keep crashloopbackoff, because a LF character is inserted at the end of the username and the password like this:

       

      #--vector.toml--
...

Basic Auth Config
[sinks.output_external_elasticsearch.auth]
strategy = "basic"
user = "elasticsearch_user
"
password = "secret_password
"
...

       

      Pods logs show the following:

       

      [gpulido@bastion ~]$ oc logs external-elasticsearch-jq96q
Creating the directory used for persisting Vector state /var/lib/vector/openshift-logging/external-elasticsearch
Checking for buffer lock files
/var/lib/vector/openshift-logging/external-elasticsearch /usr/bin
found lock files: ''
/usr/bin
Starting Vector process...
2024-10-01T21:19:48.514607Z ERROR vector::cli: Configuration error. error=TOML parse error at line 543, column 23
    |
543 | user = "elasticsearch_user
    |                           ^
invalid basic string
[gpulido@bastion ~]$

       

      Expected results:

      Pods are created, start collecting logs and sending them to external elasticsearch

      Additional info:

      This is on an on-premises OCP 4.16 cluster with logging operator version 5.9.6

              vparfono Vitalii Parfonov
              gpulido@redhat.com German Pulido
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: