Bug 974034

Summary: [Origin_runtime_card#137] Cannot list ssl port for app which created via ssl enabled cartridge
Product: OpenShift Online Reporter: Meng Bo <bmeng>
Component: ContainersAssignee: Rob Millner <rmillner>
Status: CLOSED CURRENTRELEASE QA Contact: libra bugs <libra-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 2.xCC: mfisher
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-06-24 14:54:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Manifest for modified DIY cart.
none
start hook for modified diy cart
none
diy server that listens to both ports. none

Description Meng Bo 2013-06-13 10:26:36 UTC 
Description of problem:
Create app with an external cartridge which has enabled ssl option.
The manifest.yml looks like:
Endpoints:
  - Private-IP-Name:   IP
    Private-Port-Name: PORT
    Private-Port:      8080
    Public-Port-Name:  PROXY_PORT
  - Private-IP-Name:   SSL_IP
    Private-Port-Name: SSL_PORT
    Private-Port:      8443
    Public-Port-Name:  SSL_PROXY_PORT
    Options:           { "ssl_to_gear": true }
    Mappings:
      - Frontend:      ""
        Backend:       ""
        Options:       { websocket: true }
      - Frontend:      "/health"
        Backend:       ""
        Options:       { health: true }

SSH login to the app and run rhc-list-ports command to check the ports being listened on.
Only 8080 can be listed.


Version-Release number of selected component (if applicable):
devenv_3355

How reproducible:
always

Steps to Reproduce:
1.Modify the cartridge manifest.yml to support ssl
2.Create app by this cartridge
3.SSH login to the app and run rhc-list-ports

Actual results:
Only 8080 port can be listed.
[d1-bmengdev.dev.rhcloud.com 51b99af49e60640758000002]\> rhc-list-ports 
ruby -> 127.0.253.1:8080

Expected results:
The port 8443 which defined in manifest.yml should be listed as well.

Additional info:
Comment 1 Rob Millner 2013-06-13 20:34:48 UTC 
The cartridge itself has to open up the port for listening in order for it to show up in rhc-list-ports.  Its not enough to just add the ports to the manifest.

Also, on devenv/Hosted, cartridges are not allowed to listen to port 8443.

If I modify a DIY cartridge to listen to both the SSL and non-SSL connection on different IPs, then I get the following:

[rm1-rmillner0130.dev.rhcloud.com 51ba2b5a59e8b7347d000001]\> rhc-list-ports 
ruby -> 127.0.250.129:8080
ruby -> 127.0.250.130:8080
Comment 2 Rob Millner 2013-06-13 20:36:12 UTC 
Created attachment 760942 [details]
Manifest for modified DIY cart.
Comment 3 Rob Millner 2013-06-13 20:36:41 UTC 
Created attachment 760943 [details]
start hook for modified diy cart
Comment 4 Rob Millner 2013-06-13 20:37:16 UTC 
Created attachment 760944 [details]
diy server that listens to both ports.
Comment 5 Rob Millner 2013-06-13 20:39:58 UTC 
Attached the files I changed in the DIY cart.  One caveat is that it doesn't seem to actually start SSL on the SSL connection configuration but you can test it for connectivity by going to the following URL:

http://${OPENSHIFT_GEAR_DNS}:${OPENSHIFT_DIY_SSL_PROXY_PORT}/
Comment 6 Meng Bo 2013-06-14 12:02:52 UTC 
Test on devenv_3361,

By Rob's method,

App with ssl port 8080 specified can list the ports with different IPs.

Access the http:${OPENSHIFT_GEAR_DNS}:${OPENSHIFT_DIY_SSL_PROXY_PORT}/

We can find it is using the OPENSHIFT_DIY_SSL_IP via tcpdump.

Move the bug to verified.