Bug 1303114

Summary: Metrics Deployer has the HAWKULAR_METRICS_HOSTNAME hardcoded
Product: OpenShift Container Platform Reporter: Eric Jones <erjones>
Component: HawkularAssignee: Matt Wringe <mwringe>
Status: CLOSED NOTABUG QA Contact: chunchen <chunchen>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 3.1.0CC: aos-bugs, rhowe, wsun
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
OpenShift Enterprise 3.1
Last Closed: 2016-01-29 16:47:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Eric Jones 2016-01-29 15:21:35 UTC 
Description of problem:
Cannot properly deploy the Hawkular/Heapster metrics for OSE because the hawkular metrics hostname is always forced to be https://hawkular-metrics:443.....

How reproducible:
100%

Step s to Reproduce:
1. oc create -f - <<API
apiVersion: v1
kind: ServiceAccount
metadata:
  name: metrics-deployer
secrets:
- name: metrics-deployer
API
2. oadm policy add-role-to-user edit system:serviceaccount:openshift-infra:metrics-deployer
3. oadm policy add-cluster-role-to-user cluster-reader system:serviceaccount:openshift-infra:heapster
4. oc secrets new metrics-deployer \
  hawkular-metrics.pem=<(cat /root/xpaas-certs/xpaas.xyz.ssl/xpaas.xyz.key /root/xpaas-certs/STAR_xpaas_xyz.crt) \
  hawkular-metrics-ca.cert=/root/xpaas-certs/STAR_xpaas_xyz.ca-bundle \
  hawkular-cassandra.pem=<(cat /root/xpaas-certs/xpaas.xyz.ssl/xpaas.xyz.key /root/xpaas-certs/STAR_xpaas_xyz.crt) \
  hawkular-cassandra-ca.cert=/root/xpaas-certs/STAR_xpaas_xyz.ca-bundle \
  heapster.cert=/root/xpaas-certs/STAR_xpaas_xyz.crt \
  heapster.key=/root/xpaas-certs/xpaas.xyz.ssl/xpaas.xyz.key
5. oc process -f /usr/share/ansible/openshift-ansible/roles/openshift_examples/files/examples/v1.1/infrastructure-templates/enterprise/metrics-deployer.yaml -v HAWKULAR_METRICS_HOSTNAME=metrics.xpaas.xyz,IMAGE_PREFIX=registry.access.redhat.com/openshift3/,IMAGE_VERSION=latest,USE_PERSISTENT_STORAGE=false,REDEPLOY=true | oc create -f -

Actual results:
--sink=hawkular:https://hawkular-metrics:443?tenant=_system&labelToTenant=pod_namespace&caCert=/hawkular-cert/hawkular-metrics-ca.certificate&user=%username%&pass=%password%&filter=label(container_name:^/system.slice.*|^/user.slice)

Expected results:
--sink=hawkular:https://metrics.xpaas.xyz:443?tenant=_system&labelToTenant=pod_namespace&caCert=/hawkular-cert/hawkular-metrics-ca.certificate&user=%username%&pass=%password%&filter=label(container_name:^/system.slice.*|^/user.slice)

Additional info:
Comment 1 Matt Wringe 2016-01-29 16:38:35 UTC 
The 'hawkular-metrics' hostname comes from the service name which is resolved by the OpenShift DNS. This is the internal hostname used by the system. This hostname should always be resolvable within the OpenShift cluster and is the reason why the Heapster sink uses it. This is the expected behaviour.

The `HAWKULAR_METRICS_HOSTNAME` is for setting the external hostname which is used by things like the console so that access can be achieved from outside of the OpenShift cluster.

From https://docs.openshift.com/enterprise/3.1/install_config/cluster_metrics.html#creating-the-deployer-template the description for the HAWKULAR_METRICS_HOSTNAME is

"External hostname where clients will reach Hawkular Metrics"

Please also see the section on creating the hawkular-metrics.pem secrets https://docs.openshift.com/enterprise/3.1/install_config/cluster_metrics.html#metrics-deployer-secrets

"The pem file to use for the Hawkular Metrics certificate. This certificate must contain the hawkular-metrics host name as well as the publicly available host name used by the route. This file is auto-generated if unspecified."