Bug 1464349 - Kibana deployment config error
Kibana deployment config error
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer (Show other bugs)
Unspecified Unspecified
medium Severity medium
: ---
: 3.7.0
Assigned To: ewolinet
Anping Li
: 1478937 (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 2017-06-23 03:45 EDT by Miheer Salunke
Modified: 2017-11-28 16:58 EST (History)
13 users (show)

See Also:
Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2017-11-28 16:58:46 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
The inventory and deploy logs (747.66 KB, application/x-gzip)
2017-10-19 09:04 EDT, Anping Li
no flags Details

  None (edit)
Comment 1 Takeshi Larsson 2017-06-28 12:05:19 EDT

Seeing this issue as well. Its especially impactful when using AWS. It will assign a internal hostname for the OAP_PUBLIC_MASTER_URL and OAP_LOGOUT_REDIRECT environment variables.

Its possible to fix it manually of course but its still a pain as it requires a manual step.
Comment 11 Johan Swensson 2017-08-08 02:12:13 EDT
*** Bug 1478937 has been marked as a duplicate of this bug. ***
Comment 16 ewolinet 2017-10-17 17:59:50 EDT

I'm not sure I'm completely following your question. However, if you specify openshift_logging_master_url or openshift_logging_public_url then you will see those values propagated down into the Kibana DC definition. Otherwise it will use the defaults taken from openshift_facts. I suppose if the defaults would not correctly point to your public_hostname for the cluster then you would want to specify a value for openshift_logging_master_public_url.

In openshift_logging/defaults/main.yml:
openshift_logging_master_url: "https://kubernetes.default.svc.{{ openshift.common.dns_domain }}"
openshift_logging_master_public_url: "{{ 'https://' + openshift.common.public_hostname + ':' ~ (openshift_master_api_port | default('8443', true)) }}"


In openshift_logging/tasks/install_logging.yaml:
openshift_logging_kibana_master_url: "{{ openshift_logging_master_url }}"
openshift_logging_kibana_master_public_url: "{{ openshift_logging_master_public_url }}"


In openshift_logging_kibana/templates/kibana.j2:
 value: {{ openshift_logging_kibana_master_url }}
 value: {{ openshift_logging_kibana_master_public_url }}
 value: {{ openshift_logging_kibana_master_public_url }}/console/logout
Comment 18 Anping Li 2017-10-19 09:04 EDT
Created attachment 1340756 [details]
The inventory and deploy logs

The OAP_PUBLIC_MASTER_URL was set to first master.  it should use cluster_public_hostname instead of public_hostname in openshift_logging/defaults/main.yml

ansible --private-key=/root/libra.pem masters[0] -m setup  |grep public_hostname
                    "public_hostname": "openshift-181.lab.eng.nay.redhat.com", 
                    "cluster_public_hostname": "openshift-208.lab.eng.nay.redhat.com",
Comment 20 Anping Li 2017-10-19 21:38:42 EDT
It is depend on which type/configuration of authentication method [1] the OCP is using.  For example: with LDAP, authentication,  the kibana can get the identification from any masters.   For github authentication, only the PUBLIC_MASTER_URL is trusted, the kibana must redirect to the PUBLIC_MASTER_URL.

[1] https://docs.openshift.com/container-platform/3.6/install_config/configuring_authentication.html
Comment 22 Anping Li 2017-10-22 09:13:36 EDT
If we want to fix in document level, We should ask Document team to add PUBLIC_MASTER_URL as mandatory variable in [1].   If we change in code level to set OAP_PUBLIC_MASTER_URL as cluster_public_hostname, PUBLIC_MASTER_URL will be options.

Comment 23 ewolinet 2017-10-23 09:58:05 EDT
I believe this should be resolved with documentation.
PUBLIC_MASTER_URL is not a variable that can be passed in. However we currently do document setting the following two variables:

The URL for the Kubernetes master, this does not need to be public facing but should be accessible from within the cluster.

The public facing URL for the Kubernetes master. This is used for Authentication redirection by the Kibana proxy.
Comment 24 Anping Li 2017-10-23 23:41:07 EDT
For openshift_logging_master_public_url do can solve this issue. I will verified this bug. 

BTW, I will open another bug for 'OAP_PUBLIC_MASTER_URL  is first master when openshift_logging_master_public_url is not set.'
Comment 27 errata-xmlrpc 2017-11-28 16:58:46 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.