Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1254880

Summary: Secure communication for Heapster metric collection
Product: OpenShift Container Platform Reporter: Ali Sogukpinar <asogukpi>
Component: HawkularAssignee: Matt Wringe <mwringe>
Status: CLOSED ERRATA QA Contact: chunchen <chunchen>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 3.0.0CC: aos-bugs, bleanhar, dmcphers, jcantril, jokerman, libra-bugs, pruan, wsun
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-01-26 19:16:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ali Sogukpinar 2015-08-19 07:44:31 UTC 
- Proposed title of this feature request  
Secure Access to OpenShift cluster for collecting metrics.
   
- What is the nature and description of the request?  
At the moment Heapster is using readonly port to collect metrics from OpenShift cluster however, traffic is not encrypted.
  
- Why does the customer need this?

Due to corporate security policies requirements all traffic needs to be encrypted.
  
  
- How would the customer like to achieve this? 

Traffic from nodes to Heapster needs to go through secured channel. (i.e ssl)
  
- For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.  
  
- Is there already an existing RFE upstream or in Red Hat Bugzilla?  
No
  
- Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?  
OSE 3.1  

- Is the sales team involved in this request and do they have any additional input?  
Yes
  
- Would the customer be able to assist in testing this functionality if implemented?  
Yes
Comment 1 Ali Sogukpinar 2015-08-19 07:46:23 UTC 
Upstream discussion related to this subject
https://github.com/openshift/origin/issues/3020
Comment 3 Luke Meyer 2015-09-23 17:59:24 UTC 
In progress via https://trello.com/c/kej8gRJg
Comment 4 Jeff Cantrill 2016-01-06 20:22:53 UTC 
Card was accepted in Oct.
Comment 5 chunchen 2016-01-07 07:06:27 UTC 
It's fixed, checked with latest metrics stack images as below:

openshift3/metrics-deployer image 277d6f10f28e
openshift3/metrics-hawkular-metrics image b44dc66d64f2
openshift3/metrics-cassandra image 8ea21f4b3377
openshift3/metrics-heapster image 800434e62203

Test results:
The metrics endpoints are using secure http method, like below:

https://hawkular-metrics.0107-1kp.qe.rhcloud.com/hawkular/metrics/counters/hawkular-metrics%2F270d1075-b509-11e5-b264-fa163ea9e676%2Fcpu%2Fusage/data?buckets=61&start=1452148364643
Comment 7 errata-xmlrpc 2016-01-26 19:16:15 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2016:0070