-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable TLS in filebeat #101
Enable TLS in filebeat #101
Conversation
Added client TLS to filebeat to enable pushing to Graylog. TLS Client is only used to install the PKI CA and does not request certificates of its own.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall LGTM. Just one question about the build image change
@@ -15,7 +15,7 @@ parts: | |||
bases: | |||
- build-on: | |||
- name: ubuntu | |||
channel: "20.04" | |||
channel: "22.04" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see that you've changed the build base to 22.04. Have you tested the charm's behavior and confirmed that it is working as intended?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, I can change this back - it was a issue with my workstation I was working around :-)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actually testing again, so it appears that the build is broken on 20.04, but working on 22.04
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you please attach the output for the 20.04 build?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hey @agileshaw any advice on the focal/jammy build issue? |
Hi @VariableDeclared . Apologize for the late reply. This is a known issue with Jinja and MarkupSafe2 in focal. A workaround can be found here: juju/charm-tools#650 |
hey @agileshaw had a look, but that fix is not merged - I cannot see a workaround there, what's your suggestion? Adding the arguement is not yet working:
|
Since the issue only seems to appear on focal, I think we can use jammy as build base (so you don't need to change back the metadata.yaml). Please attach the log of a jammy-built charm and test its behavior with some simple bundle (e.g. https://git.launchpad.net/charm-graylog/tree/src/tests/functional/tests/bundles/base-graylog.yaml). If everything checks out, that's a +1 from my book. I'm also adding @esunar as a reviewer. |
The fix here may work:
|
hey @lathiat it appears at some point this arg was removed:
|
Following up on my last comment - the issue is related to the |
subordinate: true | ||
tags: | ||
- filebeat | ||
requires: | ||
beats-host: | ||
interface: juju-info | ||
scope: container | ||
logstash: | ||
interface: elastic-beats | ||
elasticsearch: | ||
interface: elasticsearch | ||
kafka: | ||
interface: kafka |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hey @esunar and @agileshaw I've pushed some changes which I hope will help with the issues seen. Seems that build no longer works on my workstation, I had to add these lines to have a successful build.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The changes looks good to me. Could you please attach the log from some simple bundle deployment? (e.g. https://git.launchpad.net/charm-graylog/tree/src/tests/functional/tests/bundles/base-graylog.yaml). I would like to see all if this jammy-built charm doesn't break such a deployment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hey sure, this is the bundle I am using today:
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And do you have a juju status
(or something similar that shows deployment status) output of the deployed bundle?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sure, juju status is here: https://pastebin.canonical.com/p/jFRJTx3x7p/
Add TLS Support to the filebeat charm
Depends on PR for elastic beats layer
Thanks,
Peter