Closed marcofranssen closed 6 years ago
Any update on this one?
Without k8s, you can send data to ES with above config?
Ah, eduardo has already committed the patch: https://github.com/fluent/fluentd-kubernetes-daemonset/issues/15#issuecomment-303772297
I am now getting this same error, outside of the k8s plugin.
Running td-agent on Amazon Linux.
td-agent conf:
<match debug.**>
type stdout
</match>
<source>
type forward
</source>
<source>
type http
port 8888
</source>
## live debugging agent
<source>
type debug_agent
bind 127.0.0.1
port 24230
</source>
#
# SYSLOG
#
# get logs from syslog
<source>
@type syslog
port 42185
tag syslog
</source>
<match **>
@type elasticsearch
host 127.0.0.1
port 9200
logstash_format true
index_name kibana
flush_interval 10s # for testing
</match>
Running td-agent version 0.12.36
Error:
2017-07-03 12:02:43 +0000 [warn]: temporarily failed to flush the buffer. next_retry=2017-07-03 20:46:02 +0000 error_class="Elasticsearch::Transport::Transport::Errors::Unauthorized" error="[401] " plugin_id="object:3ff888e47198"
Which elasticsearch-ruby version do you use? https://github.com/elastic/elasticsearch-ruby#compatibility
I appear to be having a similar issue:
2017-09-18 03:36:09 -0600 [warn]: temporarily failed to flush the buffer. next_retry=2017-09-18 03:36:11 -0600 error_class="Elasticsearch::Transport::Transport::Errors::Unauthorized" error="[401] {\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"missing authentication token for REST request [/_bulk]\",\"header\":{\"WWW-Authenticate\":\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"}}],\"type\":\"security_exception\",\"reason\":\"missing authentication token for REST request [/_bulk]\",\"header\":{\"WWW-Authenticate\":\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"}},\"status\":401}" plugin_id="output_elastic_forward"
Config:
<match **>
@id "output_elastic_#{ENV['fluentname']}"
@type elasticsearch
host host.name
user elastic
password changeme
logstash_format true
logstash_prefix fluent
buffer_type file
buffer_path "/a/buffer/path/#{ENV['fluentname']}.elastic*"
</match>
My config does have a valid username and password specified. This issue appeared to start sometime after the output had been running for a day or so. Also noteworthy was that it was using a very high amount of memory in that td-agent process, ~3 GB. The process did not respond to SIGTERM and I had to use SIGKILL to get it to close.
Gem Versions: elasticsearch-5.0.4 elasticsearch-api-5.0.4 elasticsearch-transport-5.0.4 fluent-plugin-elasticsearch-1.9.7 fluentd-0.12.36
My config does have a valid username and password specified.
Your config contains non-alphabetical characters? If so, the following output should be used there:
require 'uri'
URI.encode_www_form_component("changeme")
The config does not contain any characters in need of URI escaping, it's a demo stack, the password really is "changeme". Also this issue appears to only occur after 1-2 days of the plugin successfully outputting data, so I suspect it's some kind of memory leak or other issue.
Is there any suspicious warnings or errors in your elasticsearch log?
Same problem here, stopped to work after 24-30 hours and I get this in ES logs: FORBIDDEN by default req={ ID:1457884328-727212744#1153490, TYP:BulkRequest, USR:[no basic auth header], BRS:true, ACT:indices:data/write/bulk,
There is nothing in the td-agent.log except the message saying that the access is not authorized. It looks like the credential are somehow lost.
If I restart the fluend process everything is working fine again.
_reloadconnections queries http://elkserver/_nodes for a list of available ELK nodes after 10k requests. This list doesn't contain the basic auth passwords, so the credentials are lost in the fluentd-elasticsearch plugin after these 10k requests. Solution: never reload configuration:
reload_connections false
reload_on_failure false
Thanks for investigating this issue. If your investigatement is true, this is not this plugin’s issue. Could you report lack of basic auth passwords credential within reload_connection query issue in https://github.com/elastic/elasticsearch-ruby?
I investigated this issue. I think that this is elasticsearch-ruby's credential handling issue. see: https://github.com/elastic/elasticsearch-ruby/issues/464#issuecomment-356500993
This is a follow-up comment. I believe your "authentication failures after reloading connections" problem has been addressed by the pull request #394.
How to fix the issue
user
and password
field instead.How to migrate your settings
If you have embedded the user/password into the URL as follows:
<match fluent.log>
@type elasticsearch
hosts https://admin:secret@server1:443/elastic/
...
</match>
Migrate the configuration to the format shown below:
<match fluent.log>
@type elasticsearch
hosts server1:443
scheme https
user admin
password secret
...
</match>
By migrating to this format, your login credentials should be retained across sessions.
@marcofranssen 's confguration has already used user
... password
... style.
He can simply update ES plugin.
Please see the config I'm using to authenticate. For some bizarre reason it just is not able to login.
I also logged the issue over here https://github.com/fluent/fluentd-kubernetes-daemonset/issues/15.
looking forward to a solution.
I do have the following config in place
In order to handle the
FLUENT_ELASTICSEARCH_USER
andFLUENT_ELASTICSEARCH_PASSWORD
I have added the following configmap.Is there anyone else experiencing this issue, or knows how to handle the BASIC auth properly?