1379552 – [dev-preview-stg] reencrypt route will always wake up the idled service

Bug 1379552 - [dev-preview-stg] reencrypt route will always wake up the idled service

Summary: [dev-preview-stg] reencrypt route will always wake up the idled service

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	OpenShift Online
Classification:	Red Hat
Component:	Networking
Sub Component:
Version:	3.x
Hardware:	All
OS:	All
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Miciah Dashiel Butler Masters
QA Contact:	Meng Bo
Docs Contact:
URL:
Whiteboard:
Depends On:	1366180
Blocks:
TreeView+	depends on / blocked

Reported:	2016-09-27 06:43 UTC by Hongan Li
Modified:	2016-10-04 13:08 UTC (History)
CC List:	13 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1366180
Environment:
Last Closed:	2016-10-04 13:08:34 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Origin (Github)	10420	0	None	None	None	2016-09-27 06:43:52 UTC

Comment 1 Miciah Dashiel Butler Masters 2016-09-27 15:54:28 UTC

Looks like I need to backport https://github.com/openshift/origin/commit/b08af4a7b7a9d9e216a46f4bbed4cf8f24e79bcb to our custom router template.

Comment 2 Miciah Dashiel Butler Masters 2016-09-27 17:35:19 UTC

The custom router template is supposed to prohibit regular users from using reencrypt routes in dev-preview.  Is the template failing to block reencrypt routes for regular users?

Based on the commit, it appears the inverted logic is not specific to reencrypt routes, which means the healthcheck will wake up *any* idle application, irrespective of the route type (unsecure, edge, reencrypt, or passthrough).  Also, it looks like the router will *not* perform healthchecks when it should for non-idle applications.  Do I understand correctly?

Comment 3 Miciah Dashiel Butler Masters 2016-09-27 17:37:12 UTC

Solly, maybe you can help with the second question in <https://bugzilla.redhat.com/show_bug.cgi?id=1379552#c2>.

Comment 4 Solly Ross 2016-09-27 17:45:38 UTC

Yeah, it's not specific to the re-encrypt routes.  At some point during the PR, an extra "not" snuck in, causing the router to *only* perform health checks on idled services (and not on non-idled services).  The commit above fixes that.

Comment 5 Stefanie Forrester 2016-09-27 23:19:02 UTC

Dev-preview-stg has been updated with the latest change and the router has been redeployed with the new template. (Built into openshift-scripts-online-3.3.0.6-1.el7.x86_64)

Comment 6 Hongan Li 2016-09-28 02:31:38 UTC

Verified on STG after router redeployed, no issues found

Note You need to log in before you can comment on or make changes to this bug.