Bug 1463792

Summary: If logging is not installed at default the logging url directs to the second master
Product: OpenShift Container Platform Reporter: Ryan Cook <rcook>
Component: LoggingAssignee: Jan Wozniak <jwozniak>
Status: CLOSED NOTABUG QA Contact: Xia Zhao <xiazhao>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 3.5.0CC: aos-bugs, jcantril, jwozniak, pportant, pweil, rcook, sdodson
Target Milestone: ---   
Target Release: 3.7.0   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-09-08 12:56:29 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ryan Cook 2017-06-21 19:01:21 UTC
Description of problem: I first noticed this while trying to update logging going from 3.4 to 3.5 but I just did a fresh install on OCP v3.5.5.26 and then installed logging using a static inventory and trying to access the logging url will redirect to the second master.


Version-Release number of selected component (if applicable): 
v3.5.5.26

How reproducible:

Steps to Reproduce:
1. Install openshift
2. install logging after the fact
3. attempt to browse to the logging url

Actual results: browsing to logging.apps.rcook-aws.sysdeseng.com redirects to https://ip-10-20-5-47.ec2.internal/oauth/authorize?response_type=code&redirect_uri=https%3A%2F%2Flogging.apps.rcook-aws.sysdeseng.com%2Fauth%2Fopenshift%2Fcallback&scope=user%3Ainfo%20user%3Acheck-access%20user%3Alist-projects&client_id=kibana-proxy while using the web browser


Expected results: presented the kibana dashboard


Additional info:

Comment 1 Ryan Cook 2017-06-21 19:01:42 UTC
[OSEv3:children]
masters
etcd
nodes

[OSEv3:vars]
debug_level=2
openshift_debug_level=2
openshift_node_debug_level=2
openshift_master_debug_level=2
openshift_master_access_token_max_seconds=2419200
openshift_master_api_port=443
openshift_master_console_port=443
osm_cluster_network_cidr=172.16.0.0/16
openshift_registry_selector="role=infra"
openshift_router_selector="role=infra"
openshift_hosted_router_replicas=3
openshift_hosted_registry_replicas=3
openshift_master_cluster_method=native
openshift_node_local_quota_per_fsgroup=512Mi
openshift_cloudprovider_kind=aws
openshift_master_cluster_hostname=internal-openshift-master.rcook-aws.sysdeseng.com
openshift_master_cluster_public_hostname=openshift-master.rcook-aws.sysdeseng.com
osm_default_subdomain=*.apps.rcook-aws.sysdeseng.com
openshift_master_default_subdomain=*.apps.rcook-aws.sysdeseng.com
osm_default_node_selector="role=app"
deployment_type=openshift-enterprise
os_sdn_network_plugin_name=redhat/openshift-ovs-subnet
#openshift_master_identity_providers=[{'name': 'github', 'challenge': 'false', 'login': 'true', 'kind': 'GitHubIdentityProvider', 'mapping_method': 'true', 'clientID': '3a9c', 'clientSecret': '47a0c', 'organizations': {'['["openshift"]']'}}]
osm_use_cockpit=true
containerized=false
openshift_hosted_registry_storage_kind=object
openshift_hosted_registry_storage_provider=s3
openshift_hosted_registry_storage_s3_accesskey=
openshift_hosted_registry_storage_s3_secretkey=
openshift_hosted_registry_storage_s3_bucket=
openshift_hosted_registry_storage_s3_region=us-east-1
openshift_hosted_registry_storage_s3_chunksize=26214400
openshift_hosted_registry_storage_s3_rootdirectory=/registry
openshift_hosted_registry_pullthrough=true
openshift_hosted_registry_acceptschema2=true
openshift_hosted_registry_enforcequota=true
deploy_openshift_metrics=true
openshift_hosted_metrics_storage_volume_size=20Gi
openshift_hosted_metrics_storage_kind=dynamic
openshift_metrics_install_metrics=true 
openshift_metrics_image_version=v3.5
openshift_metrics_cassandra_storage_type=dynamic
openshift_hosted_logging_storage_kind=dynamic
openshift_logging_image_version=v3.5
openshift_hosted_logging_deploy=true
openshift_hosted_logging_storage_volume_size=20Gi
openshift_hosted_logging_hostname="logging.apps.{{ public_hosted_zone }}"
openshift_metrics_hawkular_hostname="hawkular-metrics.apps.{{ public_hosted_zone }}"



[masters]
ose-master02.rcook-aws.sysdeseng.com
ose-master01.rcook-aws.sysdeseng.com
ose-master03.rcook-aws.sysdeseng.com

[etcd]
ose-master02.rcook-aws.sysdeseng.com
ose-master01.rcook-aws.sysdeseng.com
ose-master03.rcook-aws.sysdeseng.com

[nodes]
ose-master03.rcook-aws.sysdeseng.com openshift_node_labels="{'role': 'master'}"
ose-master01.rcook-aws.sysdeseng.com openshift_node_labels="{'role': 'master'}"
ose-master02.rcook-aws.sysdeseng.com openshift_node_labels="{'role': 'master'}"
ose-app-node02.rcook-aws.sysdeseng.com openshift_node_labels="{'role': 'app'}"
ose-app-node01.rcook-aws.sysdeseng.com openshift_node_labels="{'role': 'app'}"
ose-infra-node03.rcook-aws.sysdeseng.com openshift_node_labels="{'role': 'infra'}"
ose-infra-node02.rcook-aws.sysdeseng.com openshift_node_labels="{'role': 'infra'}"

Comment 2 Peter Portante 2017-06-29 00:21:23 UTC
Can you first try to log into the console of the OpenShift instance, view a pod's logs via the console, and the select "view archive" to view the Kibana logs?

This should get the user properly authorized to access Kibana.

Comment 3 Jan Wozniak 2017-06-29 12:53:09 UTC
If I understand it correctly, you are expecting kibana, for authentication, to redirect to 'openshift_master_cluster_public_hostname=openshift-master.rcook-aws.sysdeseng.com' but instead, it redirects to some AWS internal address? If yes, this may be possibly similar to the first part of this issue reported on github [1]

There, the root cause was the nature of AWS provided "public" hostname, which is, in fact, internal to AWS (it says that in URL as well). The solution was to define 'openshift_logging_master_public_url' in the inventory [2]

Ansible playbook defaults this variable to 'openshift.common.public_hostname', which is populated in openshift_facts.py [3] and has no relationship to 'openshift_master_cluster_public_hostname'. Whether the 'openshift_logging_master_public_url' and 'openshift_master_cluster_public_hostname' should be related or possibly one derived from the other, that is an open question.


[1] https://github.com/openshift/openshift-ansible/issues/4305
[2] https://github.com/openshift/openshift-ansible/tree/master/roles/openshift_logging
[3] https://github.com/openshift/openshift-ansible/blob/master/roles/openshift_facts/library/openshift_facts.py

Comment 4 Ryan Cook 2017-07-13 20:12:18 UTC
@Peter Portante  I believe that may have resolved it. Let me perform an upgrade from 3.4 to 3.5 in the morning but hopefully we can close this

Comment 5 Jan Wozniak 2017-09-08 09:43:17 UTC
Ryan, has it resolved your issue? Do you think we can close this BZ?

Comment 6 Ryan Cook 2017-09-08 12:56:29 UTC
Yes Peter's suggestion worked feel free to close

Comment 7 Peter Portante 2017-09-08 13:49:51 UTC
Seems like this is a dup of an existing BZ if the view archive link works ...