Bug 1461378
Summary: | [free-int]reencrypt route should be supported for free-int | ||
---|---|---|---|
Product: | OpenShift Online | Reporter: | zhaozhanqi <zzhao> |
Component: | Routing | Assignee: | Miciah Dashiel Butler Masters <mmasters> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | zhaozhanqi <zzhao> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3.x | CC: | abhgupta, aos-bugs, bbennett, bingli, mmasters, zhaliu |
Target Milestone: | --- | Keywords: | OnlineStarter, Reopened |
Target Release: | 3.x | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-11-09 19:00:00 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
zhaozhanqi
2017-06-14 10:42:06 UTC
*** This bug has been marked as a duplicate of bug 1462709 *** You need https://github.com/openshift/origin/pull/13752 to make reencrypt routes work with your template. @Ben Bennett this bug is not duplicated with bug 1462709. as your comment 2 said. the bug need to update the haproxy template. So please Miciah help check this. @zhaozhanqi: Miciah is working on it under https://bugzilla.redhat.com/show_bug.cgi?id=1462709 Then the old routers not working with the new API is being addressed as https://bugzilla.redhat.com/show_bug.cgi?id=1461624 This is a duplicate of one or the other... so I'm closing it again :-) *** This bug has been marked as a duplicate of bug 1461624 *** @Ben Bennett Maybe I did express this issue clearly.. For free-int, it did not support reencrypt route before 3.6. but a new feature was merged https://github.com/openshift/origin/pull/13752.. So the reencrypt route should be supported since user do not need to provide the destination CA. for bug 1462709 and 1461624. they are caused by the rencrypt CA blocked the router. that's mean all routes will be failed I also changed the title in case of you are misunderstood it. I'm confused. Free-int runs a custom router template. The changes introduced by https://github.com/openshift/origin/pull/13752 broke compatibility with the old router template and https://bugzilla.redhat.com/show_bug.cgi?id=1461624 will fix that. The other way to fix that is for someone in Online to update the custom router template they use to incorporate the changes in https://github.com/openshift/origin/pull/13752, or to remove the custom template (since it now has the features Online needs) entirely. I believe Miciah is working on that. What other outcome do you want from this bug? I'll assign it to Miciah in case he knows something I don't. These three Bugzilla reports deal with distinct but subtly different issues: Bug 1461624 "[free-int] Unable to access exposed service on cluster" — this is a defect in RHOCP/Origin (a change in the router breaks backwards compatibility with custom templates). Bug 1462709 "[free][free-int]The route is not available" — this is an operational problem (broken router was blocking testing) caused by bug 1461624, which we mitigated for now by deleting problematic reencrypt routes. Bug 1461378 "[free-int]reencrypt route should be supported for free-int" — this is a configuration change we intend to make to allow reencrypt routes, now that we have the "routes/custom-host" resource and improved validation. I hope that clears things up! Starter tier clusters now use the same default router template that ships with OCP. This issue should now be resolved. Found free-int still using the custom template - name: TEMPLATE_FILE value: /var/lib/haproxy/conf/custom/haproxy-config.template So please move this bug to ON_QA once it's upgrade, thanks free-int and free-stg now should have the standard router template. Verified this bug on free-int. free-int version (v3.7.0-0.104.0) |