Bug 1464349

Hi,

Seeing this issue as well. Its especially impactful when using AWS. It will assign a internal hostname for the OAP_PUBLIC_MASTER_URL and OAP_LOGOUT_REDIRECT environment variables.

Its possible to fix it manually of course but its still a pain as it requires a manual step.

*** Bug 1478937 has been marked as a duplicate of this bug. ***

@anli,

I'm not sure I'm completely following your question. However, if you specify openshift_logging_master_url or openshift_logging_public_url then you will see those values propagated down into the Kibana DC definition. Otherwise it will use the defaults taken from openshift_facts. I suppose if the defaults would not correctly point to your public_hostname for the cluster then you would want to specify a value for openshift_logging_master_public_url.

In openshift_logging/defaults/main.yml:
openshift_logging_master_url: "https://kubernetes.default.svc.{{ openshift.common.dns_domain }}"
openshift_logging_master_public_url: "{{ 'https://' + openshift.common.public_hostname + ':' ~ (openshift_master_api_port | default('8443', true)) }}"

---> 

In openshift_logging/tasks/install_logging.yaml:
openshift_logging_kibana_master_url: "{{ openshift_logging_master_url }}"
openshift_logging_kibana_master_public_url: "{{ openshift_logging_master_public_url }}"

--->

In openshift_logging_kibana/templates/kibana.j2:
-
 name: "OAP_MASTER_URL"
 value: {{ openshift_logging_kibana_master_url }}
-
 name: "OAP_PUBLIC_MASTER_URL"
 value: {{ openshift_logging_kibana_master_public_url }}
-
 name: "OAP_LOGOUT_REDIRECT"
 value: {{ openshift_logging_kibana_master_public_url }}/console/logout

Created attachment 1340756 [details]
The inventory and deploy logs

The OAP_PUBLIC_MASTER_URL was set to first master.  it should use cluster_public_hostname instead of public_hostname in openshift_logging/defaults/main.yml


ansible --private-key=/root/libra.pem masters[0] -m setup  |grep public_hostname
                    "public_hostname": "openshift-181.lab.eng.nay.redhat.com", 
                    "cluster_public_hostname": "openshift-208.lab.eng.nay.redhat.com",

@ewolinet,
It is depend on which type/configuration of authentication method [1] the OCP is using.  For example: with LDAP, authentication,  the kibana can get the identification from any masters.   For github authentication, only the PUBLIC_MASTER_URL is trusted, the kibana must redirect to the PUBLIC_MASTER_URL.



[1] https://docs.openshift.com/container-platform/3.6/install_config/configuring_authentication.html

@ewolinet,  
 
If we want to fix in document level, We should ask Document team to add PUBLIC_MASTER_URL as mandatory variable in [1].   If we change in code level to set OAP_PUBLIC_MASTER_URL as cluster_public_hostname, PUBLIC_MASTER_URL will be options.

[1]https://docs.openshift.com/container-platform/3.6/install_config/aggregate_logging.html

I believe this should be resolved with documentation.
PUBLIC_MASTER_URL is not a variable that can be passed in. However we currently do document setting the following two variables:

openshift_logging_master_url
	
The URL for the Kubernetes master, this does not need to be public facing but should be accessible from within the cluster.


openshift_logging_master_public_url
	
The public facing URL for the Kubernetes master. This is used for Authentication redirection by the Kibana proxy.

For openshift_logging_master_public_url do can solve this issue. I will verified this bug. 

BTW, I will open another bug for 'OAP_PUBLIC_MASTER_URL  is first master when openshift_logging_master_public_url is not set.'

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:3188