Bug 1017878 - SNI Proxy needs migration for existing applications
SNI Proxy needs migration for existing applications
Status: CLOSED CURRENTRELEASE
Product: OpenShift Online
Classification: Red Hat
Component: Containers (Show other bugs)
2.x
Unspecified Unspecified
high Severity high
: ---
: ---
Assigned To: Rob Millner
libra bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-10 12:38 EDT by Rob Millner
Modified: 2015-05-14 19:29 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-10-17 09:35:02 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Rob Millner 2013-10-10 12:38:44 EDT
Description of problem:

Existing applications with aliases require a migration before they can add the SNI cartridge or the aliases will be inconsistent.

The API generally assumes that frontends have been created before using them and a new plugin will be a clean slate.


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Disable the SNI proxy and restart mcollective
2. Create applications
3. Add aliases
4. Enable the SNI proxy and restart mcollective
5. run oo-frontend-plugin-modify --save

Actual results:
Step 5 fails on an exception

Expected results:
Step 5 succeeds to dump the frontend configuration for a gear.

Additional info:
Think about a module specific migration.  I don't like the idea of deleting the whole configuration and recreating it on a busy prod node.  That will cause downtime and make a mess.
Comment 1 Rob Millner 2013-10-10 14:33:49 EDT
To disable and enable the SNI proxy, edit /etc/openshift/node.conf and remove or add "openshift-origin-frontend-haproxy-sni-proxy" to the OPENSHIFT_FRONTEND_HTTP_PLUGINS parameter.
Comment 2 openshift-github-bot 2013-10-10 16:03:07 EDT
Commit pushed to master at https://github.com/openshift/origin-server

https://github.com/openshift/origin-server/commit/362257caf788bd985c72a93f5559873675fb1918
Bug 1017878 - Do not fail if the module was not initialized.
Comment 3 Rob Millner 2013-10-10 16:11:01 EDT
Also added a migration script to be run on every application serving node:
rhc-populate-sni-proxy

https://github.com/openshift/li/pull/1971
Comment 4 chunchen 2013-10-11 03:51:57 EDT
It's fixed, verified on devenv_3885, please refer to the followint results:

1. Disable the SNI proxy and restart mcollective
2. Create applications
rhc app create cmk20 mock-0.4 --no-git
3. Add aliases
rhc alias add cmk20 c.m.com
4. Enable the SNI proxy and restart mcollective
5. run oo-frontend-plugin-modify --save

# oo-frontend-plugin-modify --save
Backing up 14 frontends.
[
  {"json_class":"OpenShift::Runtime::FrontendHttpServer","data":{"container_uuid":"52578f1632d13e6593000007","fqdn":"cmk89-cdm.dev.rhcloud.com","container_name":"cmk89","namespace":"cdm","connections":[["TLS_PORT_1","127.1.244.1:8123",{"protocols":["tls"]}]],"aliases":[],"ssl_certs":[],"idle":null,"sts":null}},
  {"json_class":"OpenShift::Runtime::FrontendHttpServer","data":{"container_uuid":"5257909132d13e6593000021","fqdn":"cmk8-cdm.dev.rhcloud.com","container_name":"cmk8","namespace":"cdm","connections":[["TLS_PORT_1","127.1.244.129:8123",{"protocols":["tls"]}]],"aliases":[],"ssl_certs":[],"idle":null,"sts":null}},
  {"json_class":"OpenShift::Runtime::FrontendHttpServer","data":{"container_uuid":"525790da32d13e659300003b","fqdn":"cmk-cdm.dev.rhcloud.com","container_name":"cmk","namespace":"cdm","connections":[["TLS_PORT_1","127.1.245.1:8123",{"protocols":["tls"]}]],"aliases":[],"ssl_certs":[],"idle":null,"sts":null}},
  {"json_class":"OpenShift::Runtime::FrontendHttpServer","data":{"container_uuid":"5257917132d13e6593000055","fqdn":"cmk1-cdm.dev.rhcloud.com","container_name":"cmk1","namespace":"cdm","connections":[["TLS_PORT_1","127.1.245.129:8123",{"protocols":["tls"]}]],"aliases":[],"ssl_certs":[],"idle":null,"sts":null}},
  {"json_class":"OpenShift::Runtime::FrontendHttpServer","data":{"container_uuid":"5257921632d13e659300006f","fqdn":"crb18-cdm.dev.rhcloud.com","container_name":"crb18","namespace":"cdm","connections":[["","127.1.246.1:8080",{"protocols":["http","ws"],"connections":5,"bandwidth":100,"websocket":1}],["/health","",{"protocols":["http"],"health":1}]],"aliases":[],"ssl_certs":[],"idle":null,"sts":null}},
  {"json_class":"OpenShift::Runtime::FrontendHttpServer","data":{"container_uuid":"525793b132d13e659300008a","fqdn":"cmk2-cdm.dev.rhcloud.com","container_name":"cmk2","namespace":"cdm","connections":[],"aliases":[],"ssl_certs":[],"idle":null,"sts":null}},
  {"json_class":"OpenShift::Runtime::FrontendHttpServer","data":{"container_uuid":"5257941132d13e65930000a2","fqdn":"cmk3-cdm.dev.rhcloud.com","container_name":"cmk3","namespace":"cdm","connections":[],"aliases":[],"ssl_certs":[],"idle":null,"sts":null}},
  {"json_class":"OpenShift::Runtime::FrontendHttpServer","data":{"container_uuid":"5257946e32d13e65930000ba","fqdn":"cmk4-cdm.dev.rhcloud.com","container_name":"cmk4","namespace":"cdm","connections":[],"aliases":[],"ssl_certs":[],"idle":null,"sts":null}},
  {"json_class":"OpenShift::Runtime::FrontendHttpServer","data":{"container_uuid":"5257949b32d13e65930000d2","fqdn":"cmk5-cdm.dev.rhcloud.com","container_name":"cmk5","namespace":"cdm","connections":[],"aliases":[],"ssl_certs":[],"idle":null,"sts":null}},
  {"json_class":"OpenShift::Runtime::FrontendHttpServer","data":{"container_uuid":"525794e032d13e65930000ea","fqdn":"cmk6-cdm.dev.rhcloud.com","container_name":"cmk6","namespace":"cdm","connections":[["TLS_PORT_1","127.1.248.129:8123",{"protocols":["tls"]}]],"aliases":[],"ssl_certs":[],"idle":null,"sts":null}},
  {"json_class":"OpenShift::Runtime::FrontendHttpServer","data":{"container_uuid":"525795b632d13e6593000104","fqdn":"cmk7-cdm.dev.rhcloud.com","container_name":"cmk7","namespace":"cdm","connections":[],"aliases":[],"ssl_certs":[],"idle":null,"sts":null}},
  {"json_class":"OpenShift::Runtime::FrontendHttpServer","data":{"container_uuid":"52579de332d13e6593000120","fqdn":"phpfirst-nweidomain.dev.rhcloud.com","container_name":"phpfirst","namespace":"nweidomain","connections":[["","127.1.249.129:8080",{"protocols":["http","ws"],"connections":5,"bandwidth":100,"websocket":1}],["/health","",{"protocols":["http"],"health":1}]],"aliases":[],"ssl_certs":[],"idle":null,"sts":null}},
  {"json_class":"OpenShift::Runtime::FrontendHttpServer","data":{"container_uuid":"5257a4a932d13e6593000140","fqdn":"cmk18-cdm.dev.rhcloud.com","container_name":"cmk18","namespace":"cdm","connections":[["TLS_PORT_1","127.1.250.1:8123",{"protocols":["tls"]}]],"aliases":[],"ssl_certs":[],"idle":null,"sts":null}},
  {"json_class":"OpenShift::Runtime::FrontendHttpServer","data":{"container_uuid":"5257ac4b32d13e6593000172","fqdn":"cmk20-cdm.dev.rhcloud.com","container_name":"cmk20","namespace":"cdm","connections":[],"aliases":["c.m.com"],"ssl_certs":[],"idle":null,"sts":null}}
]

Note You need to log in before you can comment on or make changes to this bug.