Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-6376

Fluentd is not generating correct configuration when used tls.insecureSkipVerify=true in HTTP forwarder output type.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Normal Normal
    • Logging 5.9.10
    • Logging 5.9.6, Logging 5.9.7, Logging 5.9.8
    • Log Collection
    • False
    • None
    • False
    • NEW
    • VERIFIED
    • Hide
      Before this update, when tls.insecureSkipVerify: true was defined alongside type: http and not secure URL in the Cluster Log Forwarder configuration, the certificate validation was not skipped as intended. This misconfiguration led to the collector failing because it attempted to validate certificates despite the setting.
      With this update, we've added additional validation for the URL scheme. Now, if tls.insecureSkipVerify: true is set but the URL is not secure (i.e., does not use HTTPS), a misconfiguration error is raised, thus preventing potential security issues and ensuring the configuration behaves as expected.
      Show
      Before this update, when tls.insecureSkipVerify: true was defined alongside type: http and not secure URL in the Cluster Log Forwarder configuration, the certificate validation was not skipped as intended. This misconfiguration led to the collector failing because it attempted to validate certificates despite the setting. With this update, we've added additional validation for the URL scheme. Now, if tls.insecureSkipVerify: true is set but the URL is not secure (i.e., does not use HTTPS), a misconfiguration error is raised, thus preventing potential security issues and ensuring the configuration behaves as expected.
    • Bug Fix
    • Log Collection - Sprint 262, Log Collection - Sprint 263

      Description of problem:

      When defined in the clusterLogForwarder the `tls.insecureSkipVerify: true` in conjunction with `type: http`, the configuration generated is not skipping the validation of the certificates.

      The url for the forwarder is "https://...". The issue is similar to https://issues.redhat.com/browse/LOG-3838 with the difference of the output type "http".

      The reproducer is the same that in https://issues.redhat.com/browse/LOG-3838 

      Version-Release number of selected component (if applicable):

      RHOL 5.9.6, 5.9.7 and 5.9.8. Seems a regression of https://access.redhat.com/solutions/7005697. 

              vparfono Vitalii Parfonov
              acandelp Adrian Candel
              Kabir Bharti Kabir Bharti
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: