Bug 1679941

Summary: warning message in router logs when create edge and reencrypt routes
Product: OpenShift Container Platform Reporter: Hongan Li <hongli>
Component: NetworkingAssignee: Miciah Dashiel Butler Masters <mmasters>
Networking sub component: router QA Contact: Hongan Li <hongli>
Status: CLOSED ERRATA Docs Contact:
Severity: medium    
Priority: low CC: aos-bugs, dmace, vlaad
Version: 4.1.0   
Target Milestone: ---   
Target Release: 4.1.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-04 10:44:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Hongan Li 2019-02-22 09:58:01 UTC 
Description of problem:
W0222 09:26:13.564333       1 router.go:1036] a edge terminated route with host edge-route-hongli.apps.hongli221.qe.devcluster.openshift.com does not have the required certificates.  The route will still be created but no certificates will be written

Repeat the same step with v3.11 but didn't see the warning message.
Compare the ENV of v3.11 and v4.0 and find some differences:
# 3.11
      - env:
        - name: DEFAULT_CERTIFICATE_DIR
          value: /etc/pki/tls/private
        - name: DEFAULT_CERTIFICATE_PATH
          value: /etc/pki/tls/private/tls.crt

# 4.0
        - env:
          <---snip--->
          - name: DEFAULT_CERTIFICATE_DIR
            value: /etc/pki/tls/private



Version-Release number of selected component (if applicable):
4.0.0-0.nightly-2019-02-20-194410

How reproducible:
always

Steps to Reproduce:
1. create pod, svc and edge route
$ oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/caddy-docker.json
$ oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/edge/service_unsecure.jso
$ oc create route edge edge-route --service=service-unsecure

2. check router logs


Actual results:
shows warning message

Expected results:
should keep the same with v3.11 and no this warning message

Additional info:
https://github.com/openshift/router/blob/master/pkg/router/template/router.go#L1031
Comment 2 Miciah Dashiel Butler Masters 2019-03-27 22:29:37 UTC 
This looks like a regression of bug 1401503.
Comment 3 Hongan Li 2019-03-28 06:34:46 UTC 
checked with latest 4.0.0-0.nightly-2019-03-25-180911 build, didn't see the warning for reencrypt route but still can see it for edge route as below while router reloaded.

W0328 05:33:34.884056       1 router.go:1036] a edge terminated route with host myroute-pf5ts.apps.hongli911.qe.devcluster.openshift.com does not have the required certificates.  The route will still be created but no certificates will be written

--- creating pod, svc and edge route ---
oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/caddy-docker.json
oc create -f https://raw.githubusercontent.com/openshift-qe/v3-testfiles/master/routing/unsecure/service_unsecure.json
oc create route edge myroute --service=service-unsecure
---
Comment 5 Hongan Li 2019-03-29 09:37:54 UTC 
https://github.com/openshift/router/pull/21
Comment 8 Hongan Li 2019-04-04 05:44:01 UTC 
Tested with 4.0.0-0.nightly-2019-04-03-202419 but still saw WARNING logs when creating edge routes.


W0404 01:58:51.697879       1 router.go:1036] a edge terminated route with host downloads-openshift-console.apps.hongli404.qe.devcluster.openshift.com does not have the required certificates.  The route will still be created but no certificates will be written

W0404 05:33:23.604752       1 router.go:1036] a edge terminated route with host edge-route-hongli.apps.hongli404.qe.devcluster.openshift.com does not have the required certificates.  The route will still be created but no certificates will be written
Comment 9 Hongan Li 2019-04-15 01:39:35 UTC 
verified with 4.0.0-0.nightly-2019-04-10-182914 and the issue has been fixed. no WARNING logs when creating edge and passthrough routes.

$ oc -n openshift-ingress logs router-default-6cf74b4696-mz4dz
I0415 00:55:49.545557       1 template.go:299] Starting template router (v4.1.0-201904092032)
Comment 11 errata-xmlrpc 2019-06-04 10:44:26 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:0758