Bug 1126836 - deploy "https" download package to app via REST API failed
Summary: deploy "https" download package to app via REST API failed
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: OpenShift Online
Classification: Red Hat
Component: Master
Version: 2.x
Hardware: Unspecified
OS: Unspecified
medium
low
Target Milestone: ---
: ---
Assignee: Rory Thrasher
QA Contact: Liang Xia
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-08-05 12:05 UTC by Guolei Sun
Modified: 2017-05-31 18:22 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-05-31 18:22:11 UTC


Attachments (Terms of Use)

Description Guolei Sun 2014-08-05 12:05:56 UTC
Description of problem:
deploy "https" download package to app via REST API failed, https protocol should be supported

Version-Release number of selected component (if applicable):
devenv_5041

How reproducible:
always

Steps to Reproduce:
1. create one app
    rhc app create php php-5.3
2. create another app
    rhc app create php2 php-5.3
3. snapshot save the second app with "--deployment"
    rhc snapshot save php2 --deployment
4. move the second app tar file to its repo and git push
    mv php2.tar.gz php2
    cd php2; git add .; git commit -amp; git push
5. deploy the second "https" download package to the first app
    curl -k -H "Content-Type: application/json" -u gusun+1@redhat.com:* https://$server/broker/rest/application/53db7f5e6cec0ef884001e72/deployments -d '{"artifact_url":"https://php2-gusun1.*.rhcloud.com/php2.tar.gz"}' -X POST | json_reformat

    curl -k -H "Accept: application/xml" -u gusun+1@redhat.com:* https://$server/broker/rest/application/53db7f5e6cec0ef884001e72/deployments -d artifact_url="https://php2-gusun1.*.rhcloud.com/php2.tar.gz" -X POST

3. check the result to expect the success message

Actual results:
The deployment is failed.

##################
[guoleis@localhost php2]$ curl -k -H "Content-Type: application/json" -u gusun+1@redhat.com:* https://$server/broker/rest/application/53db7f5e6cec0ef884001e72/deployments -d '{"artifact_url":"https://php2-gusun1.*.rhcloud.com/php2.tar.gz"}' -X POST | json_reformat

{
  "api_version": 1.7,
  "data": null,
  "messages": [
    {
      "exit_code": 2,
      "field": null,
      "index": null,
      "severity": "debug",
      "text": "Unable to extract deployment archive using command: /usr/bin/curl https://php2-gusun1.*.rhcloud.com/php2.tar.gz | /bin/tar -xz"
    },
    {
      "exit_code": 2,
      "field": null,
      "index": null,
      "severity": "error",
      "text": "Unable to complete the requested operation due to: An invalid exit code (2) was returned from the server $server.  This indicates an unexpected problem during the execution of your request.\nReference ID: 23794d15b1795fd237ef6abb4fad1dc7"
    }
  ],
  "status": "internal_server_error",
  "supported_api_versions": [
    1.0,
    1.1,
    1.2,
    1.3,
    1.4,
    1.5,
    1.6,
    1.7
  ],
  "type": null,
  "version": "1.7"
}
[guoleis@localhost php2]$ curl -k -H "Accept: application/xml" -u gusun+1@redhat.com:* https://$server/broker/rest/application/53db7f5e6cec0ef884001e72/deployments -d artifact_url="https://php2-gusun1.*.rhcloud.com/php2.tar.gz" -X POST
<?xml version="1.0" encoding="UTF-8"?>
<response>
  <status>internal_server_error</status>
  <type nil="true"></type>
  <data>
    <datum nil="true"></datum>
  </data>
  <messages>
    <message>
      <severity>debug</severity>
      <text>Unable to extract deployment archive using command: /usr/bin/curl https://php2-gusun1.*.rhcloud.com/php2.tar.gz | /bin/tar -xz</text>
      <exit-code>2</exit-code>
      <field nil="true"></field>
      <index nil="true"></index>
    </message>
    <message>
      <severity>error</severity>
      <text>Unable to complete the requested operation due to: An invalid exit code (2) was returned from the server $server.  This indicates an unexpected problem during the execution of your request.
Reference ID: d173bed5024c04fb9ea6f4ae785e981b</text>
      <exit-code>2</exit-code>
      <field nil="true"></field>
      <index nil="true"></index>
    </message>
  </messages>
  <version>1.7</version>
  <api-version>1.7</api-version>
  <supported-api-versions>
    <supported-api-version>1.0</supported-api-version>
    <supported-api-version>1.1</supported-api-version>
    <supported-api-version>1.2</supported-api-version>
    <supported-api-version>1.3</supported-api-version>
    <supported-api-version>1.4</supported-api-version>
    <supported-api-version>1.5</supported-api-version>
    <supported-api-version>1.6</supported-api-version>
    <supported-api-version>1.7</supported-api-version>
  </supported-api-versions>
</response>

##################

Expected results:
The deployment should be succeed.

Additional info:
Both xml and json are unavailable.

Below command should work with "-k". But we should consider the ssl security.
curl -k $url | tar -zx

Comment 3 openshift-github-bot 2015-12-18 20:22:24 UTC
Commits pushed to master at https://github.com/openshift/origin-server

https://github.com/openshift/origin-server/commit/0110818ab94c1e3e0ff10901db3d868b75e12ad4
deployments.rb: Changes :err to be visible to user

Using the REST api for binary deployments could result in errors with the node using the curl command, however the user would not be able to see why or how the curl command failed.

Changes the :out and :err streams sent to the node to be nil, so that the error output is sent back to the user as part of the text variable.  Also changes the corresponding test.

Bug 1126836
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1126836

https://github.com/openshift/origin-server/commit/d88d40f04cad557adb04af1d8dedc2c2dc139a4e
Merge pull request #6317 from thrasher-redhat/bug1126836

Merged by openshift-bot

Comment 4 Rory Thrasher 2016-01-06 21:54:30 UTC
QA,

Please verify that users should now be able to see more accurate responses in the 'text' field of the returned json.  The steps to reproduce should still fail, however it there will be information on why the failure happened.

1. The results from the reproduction steps should result in a failure with the error from the command shown in the 'text' field, similar to the result below:

$ curl -k -H "Content-Type: application/json" -u gusun+1@redhat.com:*   https://$server/broker/rest/application/53db7f5e6cec0ef884001e72/deployments -d '{"artifact_url":"https://php2-gusun1.*.rhcloud.com/php2.tar.gz"}' -X POST | json_reformat
{
  "api_version": 1.7,
  "data": null,
  "messages": [
    {
      "exit_code": 2,
      "field": null,
      "index": null,
      "severity": "debug",
      "text": "Unable to extract deployment archive using command: /usr/bin/curl https://php2-gusun1.*.rhcloud.com/php2.tar.gz | /bin/tar -xz"
    },
    {
      "exit_code": 2,
      "field": null,
      "index": null,
      "severity": "error",
      "text": "Unable to extract deployment archive using command: /usr/bin/curl https://php2-gusun.dev.rhcloud.com/php2.tar.gz | /bin/tar -xz\n\n\ncurl: (60) Peer certificate cannot be authenticated with known CA certificates\nMore details here: http://curl.haxx.se/docs/sslcerts.html\n\ncurl performs SSL certificate verification by default, using a \"bundle\"\n of Certificate Authority (CA) public keys (CA certs). If the default\n bundle file isn't adequate, you can specify an alternate file\n using the --cacert option.\nIf this HTTPS server uses a certificate signed by a CA represented in\n the bundle, the certificate verification probably failed due to a\n problem with the certificate (it might be expired, or the name might\n not match the domain name in the URL).\nIf you'd like to turn off curl's verification of the certificate, use\n the -k (or --insecure) option.\n\ngzip: stdin: unexpected end of file\n/bin/tar: Child returned status 1\n/bin/tar: Error is not recoverable: exiting now\n", :exitcode=>2, :addtl_params=>nil
      }
    }
  ],
  "status": "internal_server_error",
  "supported_api_versions": [
    1.0,
    1.1,
    1.2,
    1.3,
    1.4,
    1.5,
    1.6,
    1.7
  ],
  "type": null,
  "version": "1.7"
}

Comment 5 Liang Xia 2016-01-07 05:53:19 UTC
Checked on build devenv_5746, we can got the detail info as describe in #comment 4, so move the bug to verified.

# server=<ifno...hide...here>
# curl -k -H "Accept: application/xml" -u lxia:* https://$server/broker/rest/domains/lxiad/applications/php/deployments -d artifact_url="https://php2-lxiad.dev.rhcloud.com/php2.tar.gz" -X POST
<?xml version="1.0" encoding="UTF-8"?>
<response>
  <status>internal_server_error</status>
  <type nil="true"></type>
  <data>
    <datum nil="true"></datum>
  </data>
  <messages>
    <message>
      <severity>debug</severity>
      <text>Unable to extract deployment archive using command: /usr/bin/curl https://php2-lxiad.dev.rhcloud.com/php2.tar.gz | /bin/tar -xz


curl: (60) Peer certificate cannot be authenticated with known CA certificates
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

gzip: stdin: unexpected end of file
/bin/tar: Child returned status 1
/bin/tar: Error is not recoverable: exiting now
</text>
      <exit-code>2</exit-code>
      <field nil="true"></field>
      <index nil="true"></index>
    </message>
    <message>
      <severity>error</severity>
      <text>Unable to complete the requested operation due to: An invalid exit code (2) was returned from the server ip-172-18-7-171.  This indicates an unexpected problem during the execution of your request.
Reference ID: 3a30f5413ced160f3957c056da75a2bb</text>
      <exit-code>2</exit-code>
      <field nil="true"></field>
      <index nil="true"></index>
    </message>
  </messages>
  <version>1.7</version>
  <api-version>1.7</api-version>
  <supported-api-versions>
    <supported-api-version>1.0</supported-api-version>
    <supported-api-version>1.1</supported-api-version>
    <supported-api-version>1.2</supported-api-version>
    <supported-api-version>1.3</supported-api-version>
    <supported-api-version>1.4</supported-api-version>
    <supported-api-version>1.5</supported-api-version>
    <supported-api-version>1.6</supported-api-version>
    <supported-api-version>1.7</supported-api-version>
  </supported-api-versions>
</response>

Comment 6 Eric Paris 2017-05-31 18:22:11 UTC
We apologize, however, we do not plan to address this report at this time. The majority of our active development is for the v3 version of OpenShift. If you would like for Red Hat to reconsider this decision, please reach out to your support representative. We are very sorry for any inconvenience this may cause.


Note You need to log in before you can comment on or make changes to this bug.