Configuration
SUMMARY This topic lists the configuration errors you might see when configuring Apstra Flow.
CA Certificate Path Incorrect
The collector's log indicates that the certificate file path for an output is incorrect.
-
Symptom: The collector's log indicates a message similar to the following:
{"level":"panic","ts":"2023-08-25T11:34:48.953Z","logger":"flowcoll","caller":"opensearch/instance_registration.go:33","msg":"failed to instantiate config","code":"opensearch/conf-error","reason":"ENV: 'EF_OUTPUT_OPENSEARCH_TLS_CA_CERT_FILEPATH' Value: '/root/http_ca.crt' Error: failed 'file_if_set' validation"Note the message:
Error: failed 'file_if_set' validation. -
Problem: The collector cannot find a file at the path that is specified for the output. For OpenSearch, the output is:
EF_OUTPUT_OPENSEARCH_TLS_CA_CERT_FILEPATH. If this setting is not blank, you must set it to a valid certificate file or the collector will not run. Solution:
Set
EF_OUTPUT_OPENSEARCH_TLS_CA_CERT_FILEPATH
EF_OUTPUT_OPENSEARCH_TLS_SKIP_VERIFICATION
OpenSearch Authentication Failure
The collector’s log indicates failed to bootstrap opensearch and
unable to authenticate user [<username>] for REST
request.
-
Symptom: The collector's log indicates a message similar to the following:
2023-09-23T18:05:19.604Z error bootstrapper[opensearch] opensearch/bootstrap.go:147 failed to bootstrap opensearch. retrying... {"code": "opensearch/bootstrap-failure", "reason": "error while creating default ilm policy - GET ism policy error for ism policies 'network'- status code 401 not expected - {\"error\":{\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\",\"Bearer realm=\\\"security\\\"\",\"ApiKey\"]},\"reason\":\"unable to authenticate user [xxxxZZopen] for REST request [/_plugins/_ism/policies/network]\",\"root_cause\":[{\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\",\"Bearer realm=\\\"security\\\"\",\"ApiKey\"]},\"reason\":\"unable to authenticate user [xxxxZZopen] for REST request [/_plugins/_ism/policies/network]\",\"type\":\"security_exception\"}],\"type\":\"security_exception\"},\"status\":401}"} github.com/juniper/flowcoll/pkg/outputs/opensearch.(*Bootstrap).Run /tmp/flowcoll/pkg/outputs/opensearch/bootstrap.go:147 github.com/juniper/flowcoll/pkg/outputs/opensearch.NewCreateInstanceFunc.func1 /tmp/flowcoll/pkg/outputs/opensearch/instance_registration.go:155 github.com/juniper/flowcoll/pkg/instantiator.(*Instantiator).Run /tmp/flowcoll/pkg/instantiator/instantiator.go:79 -
Problem: The collector's OpenSearch output is unable to authenticate with the OpenSearch host(s) specified in
EF_OUTPUT_OPENSEARCH_ADDRESSES. -
Solution: Verify that you entered your username (
EF_OUTPUT_OPENSEARCH_USERNAME) and password (EF_OUTPUT_OPENSEARCH_PASSWORD) correctly. You can test the username and password manually usingcurlcommand. For example:curl -XGET https://127.0.0.1:9200/_cat/indices -u username:password --insecure