Bug 1467653

Summary: Hawkular - reencryption on F5 causes to shows Page Not Found 404
Product: OpenShift Container Platform Reporter: Vladislav Walek <vwalek>
Component: NetworkingAssignee: Rajat Chopra <rchopra>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Meng Bo <bmeng>
Severity: high Docs Contact:
Priority: unspecified    
Version: 3.4.0CC: aos-bugs, bbennett, vwalek
Target Milestone: ---   
Target Release: 3.6.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-07-31 20:25:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Vladislav Walek 2017-07-04 12:58:06 UTC 
Description of problem:

Customer is running the metrics, but he is not able to see anything in the web console. When you tried to see the default hawkular url, it shows that it is running, however nothing is shown in the Metrics tab of the pod. Their configuration uses F5 as loadbalancer.

I was checking it with curl and when running on master - you will get the reply. If running on system outside of the openshift - it shows 404 Page not found. 

Their configuration is client -> f5 -> reverse proxy -> router -> pod.
from master everything works.

I found that the f5 is probably doing reencryption as you will get different certs with two calls.
I will attach the replies in private comment.

Version-Release number of selected component (if applicable):
OpenShift Container Platform 3.4.1

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 3 Matt Wringe 2017-07-10 16:28:52 UTC 
I believe the problem is that your setup is decoding the encoded URL before it gets to Hawkular Metrics. Specifically its changing the %2F to an unencoded '/' 

This is why you are getting a 404 error message from Hawkular Metrics, the path its trying to access is not url encoded anymore.

The endpoints between 3.4 have not changed, they have always used %2F in their urls.

There is probably something which have changed with your F5 setup. Some routers and proxies may have problems when '/' are encoded within the url. Is there an option to allow for these types of URL to pass through properly?

There is nothing the metrics team can do about this, I am reassigning to the networking team.
Comment 4 Rajat Chopra 2017-07-12 16:56:23 UTC 
To verify what as suspected in comment#3, do we know that the base url works? The one without '/'.
Meanwhile, check on the Apache reverse proxy. If they ever upgraded that, it is possible that the encoded %2F gets dropped by default. See this: http://httpd.apache.org/docs/2.2/mod/core.html#allowencodedslashes

That would explain who is serving the 404.

Also, as next piece of investigation, do we have logs on whether hawkular actually receives the request?
Comment 5 Vladislav Walek 2017-07-13 07:28:59 UTC 
Hello Rajat,
Thank you, I will check with customer.
Comment 6 Ben Bennett 2017-07-31 20:25:15 UTC 
Closing due to lack of activity... please reopen if there's an update.