Bug 1857023
Summary: | Creating faulty(bad formatted cert&key) route makes other existing routes inaccessible | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | OpenShift BugZilla Robot <openshift-bugzilla-robot> |
Component: | Networking | Assignee: | Miciah Dashiel Butler Masters <mmasters> |
Networking sub component: | router | QA Contact: | Arvind iyengar <aiyengar> |
Status: | CLOSED ERRATA | Docs Contact: | |
Severity: | high | ||
Priority: | unspecified | CC: | aiyengar, amcdermo, aos-bugs, hongli |
Version: | 3.11.0 | ||
Target Milestone: | --- | ||
Target Release: | 4.3.z | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-09-23 13:52:39 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1857022 | ||
Bug Blocks: |
Comment 1
Miciah Dashiel Butler Masters
2020-07-30 08:26:27 UTC
The 4.3.z backport is waiting on the 4.4.z backport (bug 1857022). We'll continue tracking this in the upcoming sprint. The test was performed with "4.3.0-0.nightly-2020-09-10-171754" payload. With this release version, we see the similar to other present y-stream release the router now accepts badly formatted cert/pem file and corrects them as well without any crash or failure: ----- $ oc get clusterversion NAME VERSION AVAILABLE PROGRESSING SINCE STATUS version 4.3.0-0.nightly-2020-09-10-171754 True False 20m Cluster version is 4.3.0-0.nightly-2020-09-10-171754 route creation: $ oc create route edge myroute --port=http --service=service-unsecure --hostname=myroute-test-1.internalapps.oc43-1857023-1109.qe.devcluster.openshift.com --cert=/home/aiyengar/QE_OC_TASKS/kube-configs/1843856/1843856-bad.pem route.route.openshift.io/myroute created $ oc get route myroute -o yaml apiVersion: route.openshift.io/v1 kind: Route metadata: creationTimestamp: "2020-09-11T11:22:47Z" labels: name: service-unsecure name: myroute namespace: test-1 ... .. spec: host: myroute-test-1.internalapps.oc43-1857023-1109.qe.devcluster.openshift.com port: targetPort: http tls: certificate: |+ -----BEGIN CERTIFICATE----- MIIGnTCCBYWgAwIBAgITMAABqrxgky5s36Pm5QAAAAGqvDANBgkqhkiG9w0BAQsFADBcMQswCQYD VQQGEwJCRTERMA8GA1UEChMIUHJveGltdXMxFTATBgNVBAsTDHByb3hpbXVzLmNvbTEjMCEGA1UE nK4M1zl3MdCXc4k0/ZjXEDuDIKWVfiG/RplQ4CtaXTh1ZXiVZDn75X/7jfs= -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEA1zRtfzz4YVQ9lineLvM85bJUEBgzrMECZKr4GyVnZJs/dwYm qMNRxC1iNbaRBvuZ4WinTQGG1elbAhVrg23abMlbIScqyrkGGUYKpk2EbJks8mkn ZAzCWKsg7fgC+wBMreoQzYRimc4qUwhjpcWmAKwEO9Xgo3I0gRFLATgZPvgBtX0W IbzMGlK4fSSLl4OblFP+7cstzlAM2sKsOMDPXo1vAT+x10oik+dO -----END RSA PRIVATE KEY----- termination: edge Router logs post the route addition: $ oc -n openshift-ingress logs router-default-6c57c77f9-wmbvs --tail 10 I0911 11:17:10.686345 1 router.go:548] template "level"=0 "msg"="router reloaded" "output"=" - Proxy protocol on, checking http://localhost:80 ...\n - Health check ok : 0 retry attempt(s).\n" I0911 11:17:15.647428 1 router.go:548] template "level"=0 "msg"="router reloaded" "output"=" - Proxy protocol on, checking http://localhost:80 ...\n - Health check ok : 0 retry attempt(s).\n" I0911 11:17:20.642233 1 router.go:548] template "level"=0 "msg"="router reloaded" "output"=" - Proxy protocol on, checking http://localhost:80 ...\n - Health check ok : 0 retry attempt(s).\n" I0911 11:17:25.664322 1 router.go:548] template "level"=0 "msg"="router reloaded" "output"=" - Proxy protocol on, checking http://localhost:80 ...\n - Health check ok : 0 retry attempt(s).\n" I0911 11:17:30.667062 1 router.go:548] template "level"=0 "msg"="router reloaded" "output"=" - Proxy protocol on, checking http://localhost:80 ...\n - Health check ok : 0 retry attempt(s).\n" I0911 11:17:36.720674 1 router.go:548] template "level"=0 "msg"="router reloaded" "output"=" - Proxy protocol on, checking http://localhost:80 ...\n - Health check ok : 0 retry attempt(s).\n" I0911 11:17:41.700545 1 router.go:548] template "level"=0 "msg"="router reloaded" "output"=" - Proxy protocol on, checking http://localhost:80 ...\n - Health check ok : 0 retry attempt(s).\n" E0911 11:22:47.568003 1 limiter.go:140] error reloading router: wait: no child processes - Proxy protocol on, checking http://localhost:80 ... - Health check ok : 0 retry attempt(s). ----- Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.3.38 bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:3609 |