kolla-ansible

Fluentd to Elasticsearch communication missing CA certificate configuration

Series train
Bug #1885109

Bug #1885109 reported by Mark Goddard on 2020-06-25

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
kolla-ansible	Fix Released	Medium	Mark Goddard	kolla-ansible 11.0.0 "victoria"
Train	Fix Committed	Medium	Radosław Piliszek
Ussuri	Fix Committed	Medium	Radosław Piliszek
Victoria	Fix Released	Medium	Mark Goddard	kolla-ansible 11.0.0 "victoria"

Bug Description

If internal TLS is enabled, and centralised logging is enabled, fluentd will fail to communicate with Elasticsearch if the API certificate is not trusted by the trust store in the container. Configuration of a CA certificate bundle for fluentd should fix this.

Mark Goddard (mgoddard) on 2020-06-25

Changed in kolla-ansible:
importance:	Undecided → Medium

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-06-25: Fix proposed to kolla-ansible (master)

Fix proposed to branch: master
Review: https://review.opendev.org/737937

Changed in kolla-ansible:
assignee:	nobody → Mark Goddard (mgoddard)
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-06-26: Fix merged to kolla-ansible (master)

Reviewed: https://review.opendev.org/737937
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=31f3f848597b7d26b67881ff1ff3794f334aa24a
Submitter: Zuul
Branch: master

commit 31f3f848597b7d26b67881ff1ff3794f334aa24a
Author: Mark Goddard <email address hidden>
Date: Fri Jun 19 12:49:07 2020 +0000

Support CA certificate for fluentd & Elasticsearch

    Currently there is no way to configure a CA certificate bundle file for
    fluentd to Elasticsearch communication. This change adds a new variable,
    'fluentd_elasticsearch_cacert' with a default value set to the value of
    'openstack_cacert.

Closes-Bug: #1885109

Change-Id: I5bbf55a4dd4ccce9fa2635cee720139c088268e3

Changed in kolla-ansible:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-06-27: Fix proposed to kolla-ansible (stable/ussuri)

Fix proposed to branch: stable/ussuri
Review: https://review.opendev.org/738304

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-06-27: Fix proposed to kolla-ansible (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/738305

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-06-27: Fix merged to kolla-ansible (stable/ussuri)

Reviewed: https://review.opendev.org/738304
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=d3da72c2c81e2489f2ec0435e93955b66a4440a0
Submitter: Zuul
Branch: stable/ussuri

commit d3da72c2c81e2489f2ec0435e93955b66a4440a0
Author: Mark Goddard <email address hidden>
Date: Fri Jun 19 12:49:07 2020 +0000

Support CA certificate for fluentd & Elasticsearch

Closes-Bug: #1885109

Change-Id: I5bbf55a4dd4ccce9fa2635cee720139c088268e3
(cherry picked from commit 31f3f848597b7d26b67881ff1ff3794f334aa24a)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2020-06-29: Fix merged to kolla-ansible (stable/train)

Reviewed: https://review.opendev.org/738305
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=20a1de4ee7e8bcdf0ebbff3ec9028f359cbab6d6
Submitter: Zuul
Branch: stable/train

commit 20a1de4ee7e8bcdf0ebbff3ec9028f359cbab6d6
Author: Mark Goddard <email address hidden>
Date: Fri Jun 19 12:49:07 2020 +0000

Support CA certificate for fluentd & Elasticsearch

Closes-Bug: #1885109

Change-Id: I5bbf55a4dd4ccce9fa2635cee720139c088268e3
(cherry picked from commit 31f3f848597b7d26b67881ff1ff3794f334aa24a)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.