Bug 1145810
| Summary: | Scaled application fails when HTTP Basic authentication is used | |||
|---|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Eric Sauer <esauer> | |
| Component: | ImageStreams | Assignee: | Jason DeTiberus <jdetiber> | |
| Status: | CLOSED ERRATA | QA Contact: | libra bugs <libra-bugs> | |
| Severity: | high | Docs Contact: | ||
| Priority: | high | |||
| Version: | 2.1.0 | CC: | gpei, jialiu, jokerman, libra-onpremise-devel, lmeyer, mmasters, mmccomas, thunt | |
| Target Milestone: | --- | Keywords: | Upstream | |
| Target Release: | --- | |||
| Hardware: | x86_64 | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | openshift-origin-cartridge-haproxy-1.27.2-1.git.64.ef6cd67.el6op | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1146112 (view as bug list) | Environment: | ||
| Last Closed: | 2014-11-03 19:55:05 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | 1146112 | |||
| Bug Blocks: | 1129405 | |||
|
Description
Eric Sauer
2014-09-23 20:01:50 UTC
Created PR at: https://github.com/openshift/origin-server/pull/5835 Is this a duplicate of bug 1128242, or do we want to fix both problems (HTTP 401 should be recognised as a successful response in the health check, and the health check should authenticate if configured with credentials)? A fix requiring that the user has to 'do something' in order to make this work doesn't quite fit our use case. We are deploying an OSE environment with overridden default templates for each cartridge that already contain Basic Authentication. If we require user intervention, then those applications will be created in a broken state. We would like some way of fixing this globally. Satisfactory options here would be: - Simple hard code addition to haproxy.cnf.erb, (very small change, see PR) - Some kind of global config option that would allow admins to set a list of accepted codes - Delegate a subsection of the haproxy.cnf file as a configuration file. Then admins would be able to customized behvior to include expected response, GET uri for healthchk, authentication info, etc. Note, there is also a trello card for this: https://trello.com/c/0X9wpRLF/225-support-configurable-haproxy-url-response-code-for-status-checks I have a feeling someone will want to both customize the health check URI and the acceptable response codes. Basically, complete customization of the health check. Just a note: as implemented, the routing layer will never receive this information and will presumably use the cartridge-specified health check unless otherwise customized. I'm not actually sure how the routing layer even could receive this information. I guess the main use case is setting env vars via the REST API which the broker could theoretically publish, except that AFAIK we don't have an "update_endpoint" event for the routing SPI yet. Verified this bug with openshift-origin-cartridge-haproxy-1.27.2-1.git.64.ef6cd67.el6op.noarch Create app using "rhc create-app basicauthtest jbosseap-6 --from-url=https://github.com/etsauer/openshift-quickstart-basic-auth.git -s" Access the url without any auth info input, 401 code will return. And it returns "1" if access /health page. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2014-1796.html |