Bug 1034884

Summary: Node proxy drops the authorization headers when request sent to an idle gear
Product: OpenShift Container Platform Reporter: Nikhil Mone <nmone>
Component: ContainersAssignee: Brenton Leanhardt <bleanhar>
Status: CLOSED WORKSFORME QA Contact: libra bugs <libra-bugs>
Severity: high Docs Contact:
Priority: high    
Version: 1.2.0CC: libra-onpremise-devel, nmone
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-02-06 18:11:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
tool for idling a specific gear none

Description Nikhil Mone 2013-11-26 16:27:45 UTC
Description of problem: 

Node proxy drops the authorization headers when request sent to an idle gear and returns a 401 error to the client , however once the gear is un-idled  the requests work fine.


Version-Release number of selected component (if applicable):


How reproducible:

Every time

Steps to Reproduce:

1. proxy "queues" up the current traffic request (from SOAP-UI in this case)

2. Then the gear is un-idled.

3. proxy submits the "queued" current traffic request minus the custom Authorization header, which eventually makes the request invalid.

4. This results in a 401 error.

5.Resubmitting the SOAP-UI request after the gear is un-idled produces a correct response. 

Actual results:

401 error when the gear was idle, before submitting the request.

Expected results:

Authorization headers shouldn't be dropped when the request is queued and forwarded.

Additional info:

Comment 2 Brenton Leanhardt 2014-02-05 21:11:56 UTC
(I didn't mean to set NEEDINFO)

Comment 3 Brenton Leanhardt 2014-02-05 21:24:53 UTC
I think this is working as expected on 2.x.  I'll have to try 1.x soon.

# technically Bug #1057447 blocks this so be aware that you may need to edit your control script as root.  That fix should ship shortly.
rhc app create testapp ruby-1.9 mysql --from-code=https://github.com/brenton/rails-example

# On my node
scl enable ruby193 bash

# I'll attach the oo-idler script I wrote.
ruby oo-idler idle --uuid 52f29ed03eefa941b7000005

# This will return a first 302 then curl will follow it and resubmit the Authorization header
curl -v -L -u admin:password http://testapp-demo.ose203.example.com/admin/index/

Comment 4 Brenton Leanhardt 2014-02-05 21:26:48 UTC
Created attachment 859884 [details]
tool for idling a specific gear

require's ruby193

Comment 5 Brenton Leanhardt 2014-02-05 21:28:33 UTC
There's no difference with restorer.php in OSE 1.x as far as I can tell.  It issues a 302 and then it's the clients responsibility to resubmit the Authorization header.

Comment 6 Brenton Leanhardt 2014-02-06 18:11:02 UTC
I pushed an enterprise-1.2.z branch to my rails-example fork.  Here's how you use it in a OSE 1.2 environment (because we didn't have --from-code back then)

rhc app create testapp ruby-1.9 mysql
cd testapp
git remote add brenton https://github.com/brenton/rails-example
git fetch brenton
git merge -Xtheirs brenton/enterprise-1.2.z
git push

oo-idler still existed in OSE 1.2 so that part will essentially be the same.  The test case with curl will be the same too (only with a different hostname).

When I ran the test it worked in OSE 1.x the same as 2.x.  For now I'm going to close this bug as WORKSFORME.  Don't hesitate to re-open if I'm misinterpreting the description of the bug or if the scenario that triggers this is somehow different than my expectations.

Comment 7 Nikhil Mone 2014-06-16 11:25:57 UTC
Looks like it is set to NEEDINFO for nmone, removing it. Please let me know if any info is required.