Bug 1464349 - Kibana deployment config error
Kibana deployment config error
Status: CLOSED ERRATA
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer (Show other bugs)
3.5.0
Unspecified Unspecified
medium Severity medium
: ---
: 3.7.0
Assigned To: ewolinet
Anping Li
:
: 1478937 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-23 03:45 EDT by Miheer Salunke
Modified: 2017-11-28 16:58 EST (History)
13 users (show)

See Also:
Fixed In Version:
Doc Type: No Doc Update
Doc Text:
undefined
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-11-28 16:58:46 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
The inventory and deploy logs (747.66 KB, application/x-gzip)
2017-10-19 09:04 EDT, Anping Li
no flags Details

  None (edit)
Comment 1 Takeshi Larsson 2017-06-28 12:05:19 EDT
Hi,

Seeing this issue as well. Its especially impactful when using AWS. It will assign a internal hostname for the OAP_PUBLIC_MASTER_URL and OAP_LOGOUT_REDIRECT environment variables.

Its possible to fix it manually of course but its still a pain as it requires a manual step.
Comment 11 Johan Swensson 2017-08-08 02:12:13 EDT
*** Bug 1478937 has been marked as a duplicate of this bug. ***
Comment 16 ewolinet 2017-10-17 17:59:50 EDT
@anli,

I'm not sure I'm completely following your question. However, if you specify openshift_logging_master_url or openshift_logging_public_url then you will see those values propagated down into the Kibana DC definition. Otherwise it will use the defaults taken from openshift_facts. I suppose if the defaults would not correctly point to your public_hostname for the cluster then you would want to specify a value for openshift_logging_master_public_url.

In openshift_logging/defaults/main.yml:
openshift_logging_master_url: "https://kubernetes.default.svc.{{ openshift.common.dns_domain }}"
openshift_logging_master_public_url: "{{ 'https://' + openshift.common.public_hostname + ':' ~ (openshift_master_api_port | default('8443', true)) }}"

---> 

In openshift_logging/tasks/install_logging.yaml:
openshift_logging_kibana_master_url: "{{ openshift_logging_master_url }}"
openshift_logging_kibana_master_public_url: "{{ openshift_logging_master_public_url }}"

--->

In openshift_logging_kibana/templates/kibana.j2:
-
 name: "OAP_MASTER_URL"
 value: {{ openshift_logging_kibana_master_url }}
-
 name: "OAP_PUBLIC_MASTER_URL"
 value: {{ openshift_logging_kibana_master_public_url }}
-
 name: "OAP_LOGOUT_REDIRECT"
 value: {{ openshift_logging_kibana_master_public_url }}/console/logout
Comment 18 Anping Li 2017-10-19 09:04 EDT
Created attachment 1340756 [details]
The inventory and deploy logs

The OAP_PUBLIC_MASTER_URL was set to first master.  it should use cluster_public_hostname instead of public_hostname in openshift_logging/defaults/main.yml


ansible --private-key=/root/libra.pem masters[0] -m setup  |grep public_hostname
                    "public_hostname": "openshift-181.lab.eng.nay.redhat.com", 
                    "cluster_public_hostname": "openshift-208.lab.eng.nay.redhat.com",
Comment 20 Anping Li 2017-10-19 21:38:42 EDT
@ewolinet,
It is depend on which type/configuration of authentication method [1] the OCP is using.  For example: with LDAP, authentication,  the kibana can get the identification from any masters.   For github authentication, only the PUBLIC_MASTER_URL is trusted, the kibana must redirect to the PUBLIC_MASTER_URL.



[1] https://docs.openshift.com/container-platform/3.6/install_config/configuring_authentication.html
Comment 22 Anping Li 2017-10-22 09:13:36 EDT
@ewolinet,  
 
If we want to fix in document level, We should ask Document team to add PUBLIC_MASTER_URL as mandatory variable in [1].   If we change in code level to set OAP_PUBLIC_MASTER_URL as cluster_public_hostname, PUBLIC_MASTER_URL will be options.

[1]https://docs.openshift.com/container-platform/3.6/install_config/aggregate_logging.html
Comment 23 ewolinet 2017-10-23 09:58:05 EDT
I believe this should be resolved with documentation.
PUBLIC_MASTER_URL is not a variable that can be passed in. However we currently do document setting the following two variables:

openshift_logging_master_url
	
The URL for the Kubernetes master, this does not need to be public facing but should be accessible from within the cluster.


openshift_logging_master_public_url
	
The public facing URL for the Kubernetes master. This is used for Authentication redirection by the Kibana proxy.
Comment 24 Anping Li 2017-10-23 23:41:07 EDT
For openshift_logging_master_public_url do can solve this issue. I will verified this bug. 

BTW, I will open another bug for 'OAP_PUBLIC_MASTER_URL  is first master when openshift_logging_master_public_url is not set.'
Comment 27 errata-xmlrpc 2017-11-28 16:58:46 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:3188

Note You need to log in before you can comment on or make changes to this bug.