Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1337322

Summary: Generated route host DNS segment should not exceed 63 characters
Product: OpenShift Container Platform Reporter: Matt Woodson <mwoodson>
Component: NetworkingAssignee: Ram Ranganathan <ramr>
Networking sub component: router QA Contact: zhaozhanqi <zzhao>
Status: CLOSED ERRATA Docs Contact:
Severity: medium    
Priority: medium CC: aos-bugs, bbennett, eparis, jokerman, mmccomas, tdawson, yadu
Version: 3.1.0   
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: We were not validating that the generated host names for routes were lower than the DNS max lengths. Consequence: We were generating names (based on the user-provided template) that would not be usable in DNS. Fix: Add more stringent validation of the generated names. Result: We catch the error for the user when the route is processed by the router and provide a clear error about why the route won't work.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2017-01-18 12:40:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Matt Woodson 2016-05-18 19:54:21 UTC 
Description of problem:

This isn't a high priority problem, but we ran into it today and it's causing issues for us.

According to the RFC found here:

https://www.ietf.org/rfc/rfc1035.txt

a DNS "label" (I think I'm naming this correctly) can only have 63 characters in it.  IF it has more, DNS fails.  I believe the Openshift shouldn't allow users to have labels that are longer than 63 characters.  Here is further explanation.

If my dns name is:

<label1>.<label2>.<label3>

example:

foo.example.com

Each "label" can only have 63 chars.  More than that, dns fails to resolve.

In our case, we have this:

project name: ops-monitor-appbuildxxxxxx-xxxx-xxxx-xxxx-xxxxx
pod name in project:  nodejs-example

The output of "oc get route nodejs-example" -n ops-monitor-appbuildxxxxxx-xxxx-xxxx-xxxx-xxxxx" shows:

..<snip>..
spec:
    host: nodejs-example-ops-monitor-appbuildxxxxxx-xxxx-xxxx-xxxx-xxxxx.yyyy.zzzz.tttttt.com
..<snip>..

This host name is not valid and can not be resolved, so this is invalid.

Again, not a huge concern, but it is biting us.  This is a really long project name, so it's a unique situation, but we should be aware of it.

Version-Release number of selected component (if applicable):

atomic-openshift-3.1.1.6-6

How reproducible:

Very with long pod names and/or project names

Steps to Reproduce:
1.  create a really long project name
2.  create a really long pod name in the project created in #1
3.  try to resolve pod name

Actual results:

Dns will fail

Expected results:

Maybe Openshift shouldn't allow projects + pod to exceed 63 characters.
Comment 1 Ben Bennett 2016-08-08 17:28:46 UTC 
Ram: Not necessarily asking you to fix this, but I need design advice.  Is it reasonable for the router to screen the names and reject routes where the name is too long (with appropriate status in the label?)  Or is there a better approach?
Comment 2 Ram Ranganathan 2016-08-15 21:37:56 UTC 
@Ben: so we already have validation when a route host name is specified. 
https://github.com/openshift/origin/blob/master/pkg/route/api/validation/validation.go#L29

For generated names at runtime using the hostname template (which seems to be the case here that Matt listed), the approach you listed sounds good. 
I'll create a PR for this with a fix.
Comment 3 Ram Ranganathan 2016-08-16 18:05:50 UTC 
Associated PR: https://github.com/openshift/origin/pull/10434
Comment 4 zhaozhanqi 2016-11-01 02:24:35 UTC 
since this bug was reported on OCP, so mark this bug to 'MODIFIED' for now. please feel free change to 'ON_QA' once it is merged to OCP. thanks.
Comment 5 Troy Dawson 2016-11-02 17:56:49 UTC 
This has been merged into ose and is in OSE v3.4.0.19 or newer.
Comment 7 zhaozhanqi 2016-11-03 05:52:26 UTC 
Verified this bug on:
openshift v3.4.0.19+346a31d
kubernetes v1.4.0+776c994
etcd 3.1.0-rc.0

with haproxy images (v3.4.0.19           6e54d63e6bc9        13 hours ago        628.7 MB)

steps:

1. create one 63 chars route host. success 
2. Create one 64 chars route host. failed.
Comment 9 errata-xmlrpc 2017-01-18 12:40:57 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:0066