Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[exporter/opensearch-exporter] Unable to send traces to OpenSearch with TLS disabled #31126

Closed
AmythD opened this issue Feb 8, 2024 · 5 comments

Comments

@AmythD
Copy link

AmythD commented Feb 8, 2024

Component(s)

No response

Describe the issue you're reporting

Hello,

My OpenSearch endpoint has TLS enabled using a self signed certificate, but while trying to connect from OTEL Collector, I am seeing errors when disabling TLS (insecure=true, and removed references to certificates)

Ideally I would like to have TLS disabled. Any suggestions on what could be wrong here?

receivers:
  otlp:
    protocols:
      grpc:
        endpoint: 0.0.0.0:4317
      http:
        endpoint: 0.0.0.0:4318

extensions:
  basicauth/client:
    client_auth:
      username: admin
      password: admin

processors:
  batch:

exporters:
  opensearch/trace:
    dataset: otel
    namespace: traces
    http:
      endpoint: https://dev-opensearch.com:9200
      tls:
        insecure: true
        ca_file: /apps/PDC****-CA.crt
        cert_file: /apps/10.xx.xx.xx.crt         
        key_file: /apps/10.xx.xx.xx.key
       #insecure_skip_verify : true
      auth:
        authenticator: basicauth/client
service:
  pipelines:
    traces:
      receivers: [otlp]
      exporters: [opensearch/trace]
      processors: [batch]

  extensions: [basicauth/client]      

2024-02-08T10:41:30.168Z warn batchprocessor@v0.93.0/batch_processor.go:258 Sender failed {"kind": "processor", "name": "batch", "pipeline": "traces", "error": "not retryable error: Permanent error: Permanent error: flush: tls: failed to verify certificate: x509: certificate signed by unknown authority\nPermanent error: Permanent error: flush: tls: failed to verify certificate: x509: certificate signed by unknown authority"}

@AmythD AmythD added the needs triage New item requiring triage label Feb 8, 2024
@crobert-1 crobert-1 added exporter/opensearch bug Something isn't working and removed exporter/opensearch labels Feb 8, 2024
Copy link
Contributor

github-actions bot commented Feb 8, 2024

Pinging code owners for exporter/opensearch: @Aneurysm9 @MitchellGale @MaxKsyunz @YANG-DB. See Adding Labels via Comments if you do not have permissions to add labels yourself.

Copy link
Contributor

github-actions bot commented Feb 8, 2024

Pinging code owners for exporter/opensearch: @Aneurysm9 @MitchellGale @MaxKsyunz @YANG-DB. See Adding Labels via Comments if you do not have permissions to add labels yourself.

@crobert-1
Copy link
Member

Hello @AmythD, I believe if you set the other TLS config options in addition to insecure: verify they will still be checked, resulting in this error. If you don't define values for ca_file and ca_pem (you don't have this value currently, but including for the sake of verbosity), I believe this will work.

Source: https://github.com/open-telemetry/opentelemetry-collector/blob/b75fe362294cb1617e81621767a84c19d8df4612/config/configtls/configtls.go#L344

@crobert-1 crobert-1 added question Further information is requested and removed bug Something isn't working needs triage New item requiring triage labels Mar 5, 2024
Copy link
Contributor

github-actions bot commented May 6, 2024

This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping @open-telemetry/collector-contrib-triagers. If this issue is still relevant, please ping the code owners or leave a comment explaining why it is still relevant. Otherwise, please close it.

Pinging code owners:

See Adding Labels via Comments if you do not have permissions to add labels yourself.

@github-actions github-actions bot added the Stale label May 6, 2024
Copy link
Contributor

github-actions bot commented Jul 5, 2024

This issue has been closed as inactive because it has been stale for 120 days with no activity.

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Jul 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants