Comments (5)
Can you fill out the relevant information in the template - what version of Fluent Bit are you using? It's not clear as well - are you running Linux or Windows?
from fluent-bit.
Can you fill out the relevant information in the template - what version of Fluent Bit are you using? It's not clear as well - are you running Linux or Windows?
Using latest version of Fluentbit & running on Red Hat Linux.
from fluent-bit.
Can you fill out the relevant information in the template - what version of Fluent Bit are you using? It's not clear as well - are you running Linux or Windows?
Using latest version of Fluentbit & running on Red Hat Linux.
Definitely 3.0.7 from the OSS repos, and not something Red Hat are building?
I'm guessing RHEL 8.4 looking at the kernel version?
What config are you using?
Ah you mention you're using the container so how are you running this and is it definitely the OSS version of the container? fluent/fluent-bit:3.0.7? Not something else like the AWS version or a Red Hat version?
Are you using K8S or just running in CRI-O/podman? How are you deploying that with the credential details? It looks like the profile is not mounted so trying to understand how you are supplying the details so config plus deployment info is critical here.
from fluent-bit.
Can you fill out the relevant information in the template - what version of Fluent Bit are you using? It's not clear as well - are you running Linux or Windows?
Using latest version of Fluentbit & running on Red Hat Linux.
Definitely 3.0.7 from the OSS repos, and not something Red Hat are building? I'm guessing RHEL 8.4 looking at the kernel version? What config are you using?
Ah you mention you're using the container so how are you running this and is it definitely the OSS version of the container? fluent/fluent-bit:3.0.7? Not something else like the AWS version or a Red Hat version? Are you using K8S or just running in CRI-O/podman? How are you deploying that with the credential details? It looks like the profile is not mounted so trying to understand how you are supplying the details so config plus deployment info is critical here.
RHEL Version is: (Ran this command cat /etc/redhat-release) "Red Hat Enterprise Linux release 8.4 (Ootpa)"
Here is the docker compose of the container where I am running the fluent-bit:
dev-fluentbit-dr:
container_name: fluentbit-agent
image: fluent/fluent-bit
networks:
proxy: {}
volumes:
- ./fluenbit/fluent-bit.conf:/fluent-bit/etc/fluent-bit.conf
- ./config/.aws:/root/.aws
ports:
- "24224:24224"
- "24224:24224/udp"
environment:
- AWS_PROFILE=rolesanywhere
- AWS_DEFAULT_REGION=us-east-1
- AWS_SDK_LOAD_CONFIG=1
deploy:
resources:
limits:
memory: 2gb
We are not using K8s. We are just running it onprem. The container is deployed using above docker compose.
We are using 'rolesanywhere' so our profile in the /root/.aws/config & /root/.aws/credentials looks like as below:
[rolesanywhere]
credential_process = /root/.aws/aws_signing_helper credential-process --certificate /root/.aws/certificate.pem --private-key /root/.aws/decrypted_key.pem --trust-anchor-arn arn:aws:rolesanywhere:us-east-1:520493169785:trust-anchor/015c991f-9192-48e3-b807-2bd28fb6ba20 --profile-arn arn:aws:rolesanywhere:us-east-1:520493169785:profile/d9d5v925-965c-4b88-a670-a6a0fb43001e --role-arn arn:aws:iam::520493169785:role/rolesanywhere-dev-role
[rolesanywhere]
credential_process = /root/.aws/aws_signing_helper credential-process --certificate /root/.aws/certificate.pem --private-key /root/.aws/decrypted_key.pem --trust-anchor-arn arn:aws:rolesanywhere:us-east-1:520493169785:trust-anchor/015c991f-9192-48e3-b807-2bd28fb6ba20 --profile-arn arn:aws:rolesanywhere:us-east-1:520493169785:profile/d9d5v925-965c-4b88-a670-a6a0fb43001e --role-arn arn:aws:iam::520493169785:role/rolesanywhere-dev-role
[default]
credential_process = /root/.aws/aws_signing_helper credential-process --certificate /root/.aws/certificate.pem --private-key /root/.aws/decrypted_key.pem --trust-anchor-arn arn:aws:rolesanywhere:us-east-1:520493169785:trust-anchor/015c991f-9192-48e3-b807-2bd28fb6ba20 --profile-arn arn:aws:rolesanywhere:us-east-1:520493169785:profile/d9d5v925-965c-4b88-a670-a6a0fb43001e --role-arn arn:aws:iam::520493169785:role/rolesanywhere-dev-role
The AWS permissions are correct. But for some reason fluentbit is unable to parse the credential_process and get the aws access key & secret key. The error indicates fluentbit is not even executing the credential_process related code.
Please Note: The output of this command: /root/.aws/aws_signing_helper credential-process --certificate /root/.aws/certificate.pem --private-key /root/.aws/decrypted_key.pem --trust-anchor-arn arn:aws:rolesanywhere:us-east-1:520493169785:trust-anchor/015c991f-9192-48e3-b807-2bd28fb6ba20 --profile-arn arn:aws:rolesanywhere:us-east-1:520493169785:profile/d9d5v925-965c-4b88-a670-a6a0fb43001e --role-arn arn:aws:iam::520493169785:role/rolesanywhere-dev-role
O/P (in json format): AccessKey:{value of access key}, SecretKey:{value of secret key} etc.
So nothing wrong with the command as well.
from fluent-bit.
The issue is resolved. The profile defined in config and credentials file was this:
[rolesanywhere]
credential_process = .....
whereas it should have been:
[profile rolesanywhere]
credential_process = ....
The profile
keyword was missing..
from fluent-bit.
Related Issues (20)
- Can't access tag from record accessor in `rewrite_tag` rule
- Get the request id of the request to Azure Log Analytics
- Question about two plugins for Azure Log Analytics HOT 1
- Build on macOS fails HOT 4
- in_splunk is not replying with the expected ok message HOT 3
- large memory usage increment from about 300M to 10G since v2.1.9 (more than 10 times of v2.1.8) HOT 1
- Discrepancy Between Default storage_metrics Setting in Code and Documentation HOT 1
- how to minikube's system logs share in opensearch via fluentbit? HOT 3
- Content-Type rejected: `` HOT 2
- Upgrade LuaJIT to import ARM64 Windows support
- Broken "Ignore Older" setting in in_tail plugin
- Google Cloud Storage (GCS) output plugin
- Unable to parse Windows Event Logs from "Message" field using winevntlog plugin
- out_cloudwatch_logs: unable to parse expiration from credential_process
- kubelet upstream connection error in version 3.0.7
- How to configure mem_buf_limit for fluentbit HOT 1
- ECS metadata fails when container tag is overriden
- Core: Fluent Bit's http server does not respond when enabling keepalive and failed to upgrade to HTTP/2 HOT 1
- Collecting Traces from Container stdout and Sending to Jaeger HOT 1
- Windows: generate_chunk_name function generate name probably the same
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fluent-bit.