Uploaded image for project: 'Observability and Data Analysis Program'
  1. Observability and Data Analysis Program
  2. OBSDA-83

Adding tls_client_private_key_passphrase in fluent.conf in forward from logforward

XMLWordPrintable

      Adding tls_client_private_key_passphrase in fluent.conf in forward from logforward

      Customer is looking for a way to configure passphrase while sending logs to external fluentd which is using a private key with passphrase.

       

      Requirement:-

      Like we add tls.key, tls.crt, ca-bundle.crt we should also have a parameter to add passphrase into the same secret and send it to fluentd forward configuration.

      Please find reference of below parameter from fluentd documetation

      https://docs.fluentd.org/output/forward#tls_client_private_key_passphrase

       

            [OBSDA-83] Adding tls_client_private_key_passphrase in fluent.conf in forward from logforward

            Anping Li added a comment -

            complement the case https://polarion.engineering.redhat.com/polarion/#/project/OSE/workitem?id=OCP-43250

            Anping Li added a comment - complement the case https://polarion.engineering.redhat.com/polarion/#/project/OSE/workitem?id=OCP-43250

            Jeffrey Cantrill added a comment -

            Moving to 'Done'. Please follow the linked epic https://issues.redhat.com/browse/LOG-1516 for further details regarding GA, etc.

            Jeffrey Cantrill added a comment - Moving to 'Done'. Please follow the linked epic https://issues.redhat.com/browse/LOG-1516 for further details regarding GA, etc.

            Aldo Bucossi (Inactive) added a comment - - edited

            Customer does not accept to re-generate certificates using unencrypted keys, so we necessarily need to provide the key passphrase.

            At the moment the only way to do it is to set operator to Unmanaged and provide the passphrase parameter manually within the fluent.conf file into fluentd configmap because

            the ClusterLogForwarder CR is currently quite limited with the amount of available configuration options.

            As per known Red Hat support statement, Unmanaged operators are not supported.

            Customer will not accept to run a production environment in an unsupported state.

            Project is being delayed because of this issue and the whole project delivery is considered at risk.

            Aldo Bucossi (Inactive) added a comment - - edited Customer does not accept to re-generate certificates using unencrypted keys, so we necessarily need to provide the key passphrase. At the moment the only way to do it is to set operator to Unmanaged and provide the passphrase parameter manually within the fluent.conf file into fluentd configmap because the ClusterLogForwarder CR is currently quite limited with the amount of available configuration options. As per known Red Hat support statement, Unmanaged operators are not supported. Customer will not accept to run a production environment in an unsupported state. Project is being delayed because of this issue and the whole project delivery is considered at risk.

              vparfono Vitalii Parfonov
              rhn-support-vsamanth VIJAY SAMANTHAPURI (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: