Bug 1326711

Summary: Passthrough route cannot be sync to F5 server
Product: OpenShift Container Platform Reporter: zhaozhanqi <zzhao>
Component: NetworkingAssignee: Ram Ranganathan <ramr>
Networking sub component: router QA Contact: zhaozhanqi <zzhao>
Status: CLOSED NOTABUG Docs Contact:
Severity: medium    
Priority: high CC: aos-bugs, bbennett, bmeng, zzhao
Version: 3.2.0   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-04-20 23:46:27 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description zhaozhanqi 2016-04-13 10:57:48 UTC 
Description of problem:
Given F5 router is running. Create passthrough route. Check the " Policies : Policy List  ››  openshift_secure_routes", the route did not be synced.

Version-Release number of selected component (if applicable):
# oc version
oc v3.2.0.13
kubernetes v1.2.0-36-g4a3f9c5
registry.qe.openshift.com/openshift3/ose-f5-router                 v3.2.0.13           0259cb3c04de        4 days ago 

How reproducible:
always

Steps to Reproduce:
1. Create F5 router
2. Create passthrough route
   oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/passthough/route_pass.json
3. Check in the F5 side


Actual results:
the route did not be synced to F5 side ( " Policies : Policy List  ››  openshift_secure_routes")

Expected results:
should be synced successfully.

Additional info:
Comment 1 Ram Ranganathan 2016-04-19 18:05:47 UTC 
@zhaozhanqi  do you have an environment where this is can be reproduced? Anything in the router logs? Thx
Comment 4 Ram Ranganathan 2016-04-20 23:46:27 UTC 
So I reset the F5 vserver https-ose-vserver and it looks good now. Since this is a passthrough route, you should not be looking at policies but you should see an entry
in the datagroups ssl_passthrough_{route,servername}_dg in the F5 management console.
Breadcrumb to ui path: 
   Local Traffic  ››  iRules : Data Group List  ››  ssl_passthrough_route_dg


You can try this by recreating the route ala:
$ oc delete -f  https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/passthough/route_pass.json
$ oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/passthough/route_pass.json

And observing the changes on the F5 end.

Also note, I turned on more verbose logging on the openshift-f5-router. This was just for me to debug/check the errors. You can reset this back by just re-creating the f5 router.


In case, you don't already know, you can turn on more verbose logging by just editing
the router deployment config and changing the container command line to pass and
extra --loglevel=<level> parameter.

   $ oadm router ...
   $ oc edit dc/router -o json
   $ # and add  "command": [ "/usr/bin/openshift-f5-router", "--loglevel=4" ]
   $ #  at the same level as where the f5 router container image is at. 

Example config output snippet:
               "containers": [
                    {
                        "name": "router",
                        "image": "registry.qe.openshift.com/openshift3/ose-f5-router:v3.2.0.13",
                        "command": [
                            "/usr/bin/openshift-f5-router",
                            "--loglevel=4"
                        ],

Closing this bugz out as not a problem (it was a config/usage issue).