search

groundhog2k / helm-charts

Helm charts for open source applications - ready to use for deployment on Kubernetes
MIT License
69 stars 56 forks source link

Graylod URLDecoder error #1200

Closed gab-despreslaberge closed 1 year ago

gab-despreslaberge commented 1 year ago

Hi, First thank you for maintaining this chart. Trying to deploy the Graylog chart, I'm unable to get Graylog to start properly due to a misconfiguration I'm unable to figure out.

Settings are as follows:

settings:
  http:
    externalUri: "http://127.0.0.1:9000/"
    publishUri: "http://127.0.0.1:9000/"

  javaOpts:
  passwordSecret: "somepasswordpepper"

  rootUser:
    username: "admin"
    sha2Password: "8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918"
    email: ""
    timezone: "UTC"

  journal:
    maxAge: "12h"
    maxSize: "5gb"

  elastic:
    hosts: "https://my-opensearch-url.ca-central-1.es.amazonaws.com,"
   # hosts: https://node1:9200,https://user:password@node2:1920
# Tried both here, quoted and unquoted. Same result.
    indexPrefix: "graylog"

Yields:

Caused by: java.lang.IllegalArgumentException: URLDecoder: Illegal hex characters in escape (%) pattern - Error at index 0 in: "!s"
        at java.net.URLDecoder.decode(Unknown Source) ~[?:?]
        at java.net.URLDecoder.decode(Unknown Source) ~[?:?]
        at com.mongodb.ConnectionString.urldecode(ConnectionString.java:1100) ~[graylog.jar:?]
        at com.mongodb.ConnectionString.urldecode(ConnectionString.java:1095) ~[graylog.jar:?]
        at com.mongodb.ConnectionString.<init>(ConnectionString.java:349) ~[graylog.jar:?]
        at com.mongodb.MongoClientURI.<init>(MongoClientURI.java:258) ~[graylog.jar:?]
        at org.graylog2.configuration.MongoDbConfiguration.getMongoClientURI(MongoDbConfiguration.java:53) ~[graylog.jar:?]
        at org.graylog2.configuration.MongoDbConfiguration.validate(MongoDbConfiguration.java:58) ~[graylog.jar:?]
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[?:?]
        at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[?:?]
        at java.lang.reflect.Method.invoke(Unknown Source) ~[?:?]
        at com.github.joschi.jadconfig.ReflectionUtils.invokeMethodsWithAnnotation(ReflectionUtils.java:53) ~[graylog.jar:?]
        at com.github.joschi.jadconfig.JadConfig.invokeValidatorMethods(JadConfig.java:233) ~[graylog.jar:?]
        ... 5 more
groundhog2k commented 1 year ago

There is an additional comma at the end of hosts: I'm also not sure if the Uri "http://127.0.0.1:9000/" will work.

My test setup looks like this: (I use an nginx-ingress with jetstack cert-manager to have real endpoint URLs and TLS certificates):

## Ingress configuration
ingress:
  ## Enable ingress endpoint
  enabled: true

  ## Additional ingress annotations
  annotations:
    cert-manager.io/cluster-issuer: local-ca

  hosts:
    - host: graylog.k8s.local
      paths:
        - /
  tls:
     - hosts:
         - graylog.k8s.local
       secretName: graylog-k8s-local

settings:
  http:
    externalUri: "https://graylog.k8s.local/"
    publishUri:

  passwordSecret: "somepasswordpepper"

  rootUser:
    username: "admin"
    sha2Password: "8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918"
    email: ""
    timezone: "UTC"

  journal:
    maxAge: "12h"
    maxSize: "1gb"

  elastic:
    indexPrefix: "graylog"
    hosts: "http://graylog-cluster-master:9200"

## Storage parameters for Graylog journal
storage:
  requestedSize: 1Gi

externalDatabase:
  name: "graylog"
  user: "testuser"
  password: "testpwd"
  host: "graylog-mongodb"

(Tested with Graylog 4.3.11 - Chart version 0.4.19)

gab-despreslaberge commented 1 year ago

The comma was a test, here's the full values file: I'm using the provided mongo

## Ingress configuration
ingress:
  ## Enable ingress endpoint
  enabled: false

  ## Additional ingress annotations
  annotations: {}
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"

  ## Hosts
  hosts:
    - host:
      paths: []

## Graylog specific settings
settings:
  http:
    externalUri: "http://127.0.0.1:9000/"
    publishUri: "http://127.0.0.1:9000/"

  javaOpts:
  passwordSecret: "somepasswordpepper"

  rootUser:
    username: "admin"
    sha2Password: "8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918"
    email: ""
    timezone: "UTC"

  journal:
    maxAge: "12h"
    maxSize: "5gb"

  elastic:
    hosts: "https://my-aws-os.ca-central-1.es.amazonaws.com"
    indexPrefix: "graylog"

## MongoDB configuration
mongodb:
  ## Enable MongoDB helm chart for deployment (default: false)
  enabled: true

  ## Database settings
  settings:
    ## The root username (default: admin)
    rootUsername: "admin"
    ## The root user password
    rootPassword: "admin"

  ## Optional user database which is created during first startup with user and password
  userDatabase: {}
    ## Name of the user database
    # name:

    ## Database user with full access rights
    # user:

    ## Password of the database user
    # password:
gab-despreslaberge commented 1 year ago

Error seems to go away if I set mongo to an external database

groundhog2k commented 1 year ago

Yes, for the internal database (sub chart dependency) you need to provide a userDatabase: with name, user and password. In your example these properties are empty.