Skip to content

Commit

Permalink
Converge log_cache_syslog_tls certificate
Browse files Browse the repository at this point in the history 
- In #949 Log Cache was split out from the doppler instance group to its
  own log-cache instance group
- Log Cache was also configured to use syslog ingress by default, rather
  than the previous behaviour which was to use the Reverse Log Proxy
- Operators who had previously used the experimental ops-file to opt into
  syslog ingress (operations/experimental/use-logcache-syslog-ingress.yml)
  would already have had the `log_cache_syslog_tls` credential in their
  CredHub
- When these operators attempted to upgrade to v18.0.0 the certificate
  was not re-generated by default, leading to a mismatch between the new
  service name and the existing certificate
- Specify `update_mode: converge` so that the certificate is re-generated
  and the syslog agent will be able to send logs to the log cache syslog
  server

Fixes:

```
failed to write to log-cache.service.cf.internal:6067, retrying in 8.192s, err: x509: certificate is valid for q-s3.doppler.default.cf.bosh, doppler.service.cf.internal, not log-cache.service.cf.internal
```
  • Loading branch information
@acrmp
acrmp committed Mar 5, 2022
1 parent b38e1eb commit a22edb2
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions cf-deployment.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2262,6 +2262,7 @@ variables:
- localhost
- name: log_cache_syslog_tls
type: certificate
update_mode: converge
options:
ca: loggregator_ca
common_name: log-cache.service.cf.internal
Expand Down

0 comments on commit a22edb2

Please sign in to comment.