Hi, Seeing this issue as well. Its especially impactful when using AWS. It will assign a internal hostname for the OAP_PUBLIC_MASTER_URL and OAP_LOGOUT_REDIRECT environment variables. Its possible to fix it manually of course but its still a pain as it requires a manual step.
*** Bug 1478937 has been marked as a duplicate of this bug. ***
@anli, I'm not sure I'm completely following your question. However, if you specify openshift_logging_master_url or openshift_logging_public_url then you will see those values propagated down into the Kibana DC definition. Otherwise it will use the defaults taken from openshift_facts. I suppose if the defaults would not correctly point to your public_hostname for the cluster then you would want to specify a value for openshift_logging_master_public_url. In openshift_logging/defaults/main.yml: openshift_logging_master_url: "https://kubernetes.default.svc.{{ openshift.common.dns_domain }}" openshift_logging_master_public_url: "{{ 'https://' + openshift.common.public_hostname + ':' ~ (openshift_master_api_port | default('8443', true)) }}" ---> In openshift_logging/tasks/install_logging.yaml: openshift_logging_kibana_master_url: "{{ openshift_logging_master_url }}" openshift_logging_kibana_master_public_url: "{{ openshift_logging_master_public_url }}" ---> In openshift_logging_kibana/templates/kibana.j2: - name: "OAP_MASTER_URL" value: {{ openshift_logging_kibana_master_url }} - name: "OAP_PUBLIC_MASTER_URL" value: {{ openshift_logging_kibana_master_public_url }} - name: "OAP_LOGOUT_REDIRECT" value: {{ openshift_logging_kibana_master_public_url }}/console/logout
Created attachment 1340756 [details] The inventory and deploy logs The OAP_PUBLIC_MASTER_URL was set to first master. it should use cluster_public_hostname instead of public_hostname in openshift_logging/defaults/main.yml ansible --private-key=/root/libra.pem masters[0] -m setup |grep public_hostname "public_hostname": "openshift-181.lab.eng.nay.redhat.com", "cluster_public_hostname": "openshift-208.lab.eng.nay.redhat.com",
@ewolinet, It is depend on which type/configuration of authentication method [1] the OCP is using. For example: with LDAP, authentication, the kibana can get the identification from any masters. For github authentication, only the PUBLIC_MASTER_URL is trusted, the kibana must redirect to the PUBLIC_MASTER_URL. [1] https://docs.openshift.com/container-platform/3.6/install_config/configuring_authentication.html
@ewolinet, If we want to fix in document level, We should ask Document team to add PUBLIC_MASTER_URL as mandatory variable in [1]. If we change in code level to set OAP_PUBLIC_MASTER_URL as cluster_public_hostname, PUBLIC_MASTER_URL will be options. [1]https://docs.openshift.com/container-platform/3.6/install_config/aggregate_logging.html
I believe this should be resolved with documentation. PUBLIC_MASTER_URL is not a variable that can be passed in. However we currently do document setting the following two variables: openshift_logging_master_url The URL for the Kubernetes master, this does not need to be public facing but should be accessible from within the cluster. openshift_logging_master_public_url The public facing URL for the Kubernetes master. This is used for Authentication redirection by the Kibana proxy.
For openshift_logging_master_public_url do can solve this issue. I will verified this bug. BTW, I will open another bug for 'OAP_PUBLIC_MASTER_URL is first master when openshift_logging_master_public_url is not set.'
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2017:3188