Log line (text) longer than 20k characters is not sent when SSL is enabled #33
Description
When SSL is enabled using the configuration, a log line (text) which is 20k characters or more is not sent. If you disable SSL than same log line is sent successfully.
How to reproduce?
- Install Groovy
- Install Docker
- Run the Groovy script below - best on IDEA as their community edition supports Groovy. You can also just run from command line
groovy test.groovy
To see it working you can do one of the following:
- Change the number "20000" (size of large log line) to "100" and then search in the output, the output from the
logstash-listener, which looks like this:
17/11/22 08:40:05 [dockerjava-netty-1-10] INFO EnvProvisioner: [logstash-listener] STDOUT: {
17/11/22 08:40:05 [dockerjava-netty-1-10] INFO EnvProvisioner: [logstash-listener] STDOUT: "path" => "/logs/test.log",
17/11/22 08:40:05 [dockerjava-netty-1-10] INFO EnvProvisioner: [logstash-listener] STDOUT: "@timestamp" => 2017-11-22T06:40:06.244Z,
17/11/22 08:40:05 [dockerjava-netty-1-10] INFO EnvProvisioner: [logstash-listener] STDOUT: "port" => 50232,
17/11/22 08:40:05 [dockerjava-netty-1-10] INFO EnvProvisioner: [logstash-listener] STDOUT: "@version" => "1",
17/11/22 08:40:05 [dockerjava-netty-1-10] INFO EnvProvisioner: [logstash-listener] STDOUT: "host" => "828f7d9c4e61",
17/11/22 08:40:05 [dockerjava-netty-1-10] INFO EnvProvisioner: [logstash-listener] STDOUT: "message" => "jEswjgvdYFVSsXBoBWxiDPsdEbXOuMlOsoNketuNXiEWGvyPgKTCQcJTzaKHFkaRJufQzdbTUJLTOjfTuKVoPGrYZxAGCxLrssJE",
17/11/22 08:40:05 [dockerjava-netty-1-10] INFO EnvProvisioner: [logstash-listener] STDOUT: "type" => "test"
17/11/22 08:40:05 [dockerjava-netty-1-10] INFO EnvProvisioner: [logstash-listener] STDOUT: }
- Turn off the SSL in the logstash test config (in the script), and change the host to send to
lostash-listenerport 1111 directly, without the SSL terminator. You will then see that the logstash-listener received the large log line (20000 characters)
- Version: 5.6.4
- Operating System: Linux
Script
import groovy.util.logging.Slf4j
@Grab(group='org.apache.commons', module='commons-lang3', version='3.7')
import org.apache.commons.lang3.RandomStringUtils
import org.testcontainers.containers.GenericContainer
import org.testcontainers.containers.Network
import org.testcontainers.containers.output.Slf4jLogConsumer
import org.testcontainers.containers.wait.LogMessageWaitStrategy
import org.testcontainers.images.builder.ImageFromDockerfile
import org.testcontainers.images.builder.dockerfile.DockerfileBuilder
@Grab(group='ch.qos.logback', module='logback-classic', version='1.2.3') @Grab(group='org.testcontainers', module='testcontainers', version='1.4.3')
import java.util.function.Consumer
import java.util.regex.Pattern
import static org.testcontainers.containers.BindMode.READ_ONLY
import static org.testcontainers.containers.BindMode.READ_WRITE
@Slf4j
class EnvProvisioner {
static class Certificates {
File certificateFile;
File keyFile;
Certificates(File certificateFile, File keyFile) {
this.certificateFile = certificateFile
this.keyFile = keyFile
}
@Override
String toString() {
return "Certificates{" +
"certificateFile=" + certificateFile.getAbsolutePath() +
", keyFile=" + keyFile.getAbsolutePath() +
'}';
}
}
Certificates createCerts() {
File keysDirs = new File(".tmp.volume"+System.currentTimeMillis())
def success = keysDirs.mkdirs()
if (!success) throw new RuntimeException("Failed creating dirs "+keysDirs.getAbsolutePath());
keysDirs.deleteOnExit()
def openSslContainer = new GenericContainer("kolide/openssl:latest")
.withFileSystemBind(keysDirs.getAbsolutePath(), "/keys", READ_WRITE);
openSslContainer.withCommand("req", "-x509", "-batch", "-nodes",
"-newkey", "rsa:2048", "-keyout", "/keys/test.key", "-out", "/keys/test.crt",
"-subj", "/CN=test.foo.com",
"-days", "10000")
openSslContainer.withLogConsumer(new Slf4jLogConsumer(log))
openSslContainer.waitingFor(new LogMessageWaitStrategy().withRegEx(Pattern.quote("-----\n")))
openSslContainer.start()
openSslContainer.stop()
return new Certificates(new File(keysDirs, "test.crt"), new File(keysDirs, "test.key"))
}
static GenericContainer createSSLTerminator(Certificates certs, Network network) {
def dockerFileBuilder = new Consumer<DockerfileBuilder>() {
@Override
void accept(DockerfileBuilder dockerfileBuilder) {
dockerfileBuilder
.from("golang:1.8.5-jessie")
.run("git clone https://github.com/cmpxchg16/go-sslterminator.git /go-sslterminator")
.run("cd /go-sslterminator && go build go-sslterminator.go && cd ..")
.workDir("/go-sslterminator")
}
}
def imageFromDockerfile = new ImageFromDockerfile().withDockerfileFromBuilder(dockerFileBuilder)
def container = new GenericContainer(imageFromDockerfile)
.withLogConsumer(new Slf4jLogConsumer(log).withPrefix("ssl-terminator"))
container.withFileSystemBind(certs.keyFile.getAbsolutePath(), "/certs/test.key", READ_ONLY)
container.withFileSystemBind(certs.certificateFile.getAbsolutePath(), "/certs/test.crt", READ_ONLY)
container.withExposedPorts(2222)
container.withNetwork(network)
container.withNetworkAliases("ssl-terminator")
container.withCommand("/go-sslterminator/go-sslterminator -b logstash-listener:1111 -l 0.0.0.0:2222 -c /certs/test.crt -k /certs/test.key")
return container
}
static GenericContainer createLogstash(Network network, Certificates certs) {
String logstashConf = '''
input {
file {
path => "/logs/test.log"
start_position => "beginning"
sincedb_path => "/dev/null"
type => "test"
}
}
output {
stdout { codec => rubydebug }
tcp {
host => "ssl-terminator"
port => "2222"
codec => "json_lines"
ssl_enable => true
ssl_verify => true
ssl_cert => "/certs/test.crt"
ssl_key => "/certs/test.key"
ssl_cacert => "/certs/test.crt"
}
}
'''
File logstashConfFile = new File(".tmp.logstash.conf")
logstashConfFile.deleteOnExit();
logstashConfFile.text = logstashConf
String veryBigLine = RandomStringUtils.randomAlphabetic(20000) +"\n"
File testLogFile = new File(".tmp.test.logfile");
testLogFile.text = veryBigLine;
def logstashContainer = new GenericContainer("logstash:5.6.4");
logstashContainer.withFileSystemBind(logstashConfFile.getAbsolutePath(), "/conf/test.conf", READ_ONLY)
logstashContainer.withFileSystemBind(testLogFile.getAbsolutePath(), "/logs/test.log", READ_ONLY);
logstashContainer.withFileSystemBind(certs.keyFile.getAbsolutePath(), "/certs/test.key", READ_ONLY)
logstashContainer.withFileSystemBind(certs.certificateFile.getAbsolutePath(), "/certs/test.crt", READ_ONLY)
logstashContainer.withCommand("-f", "/conf/test.conf")
logstashContainer.withLogConsumer(new Slf4jLogConsumer(log).withPrefix("logstash"))
logstashContainer.withExposedPorts(9600)
logstashContainer.withNetwork(network)
return logstashContainer;
}
static GenericContainer createLogstashListener(Network network) {
String logstashConf = '''
input {
tcp {
port => 1111
codec => json
}
}
output {
stdout { codec => rubydebug }
}
'''
File logstashConfFile = new File(".tmp.logstash.conf")
logstashConfFile.deleteOnExit();
logstashConfFile.text = logstashConf
def logstashContainer = new GenericContainer("logstash:5.6.4");
logstashContainer.withFileSystemBind(logstashConfFile.getAbsolutePath(), "/conf/test.conf", READ_ONLY)
logstashContainer.withCommand("-f", "/conf/test.conf")
logstashContainer.withLogConsumer(new Slf4jLogConsumer(log).withPrefix("logstash-listener"))
logstashContainer.withExposedPorts(1111)
logstashContainer.withNetwork(network)
logstashContainer.withNetworkAliases("logstash-listener")
return logstashContainer;
}
}
@Slf4j
class Main {
void run() {
Network network = Network.newNetwork();
List<GenericContainer> containers = [];
try {
def provisioner = new EnvProvisioner()
def certs = provisioner.createCerts()
log.info "$certs"
def listener = provisioner.createLogstashListener(network);
containers.add(listener)
listener.start()
def sslTerminator = provisioner.createSSLTerminator(certs, network)
containers.add(sslTerminator)
sslTerminator.start()
def logstash = provisioner.createLogstash(network, certs)
containers.add(logstash)
logstash.start()
sleep(24000_000)
} finally {
for (GenericContainer container : containers) {
container.close()
}
network.close()
}
System.exit(0)
}
}
new Main().run()