Red Hat Bugzilla – Bug 1467653
Hawkular - reencryption on F5 causes to shows Page Not Found 404
Last modified: 2017-10-27 08:52:33 EDT
Description of problem:
Customer is running the metrics, but he is not able to see anything in the web console. When you tried to see the default hawkular url, it shows that it is running, however nothing is shown in the Metrics tab of the pod. Their configuration uses F5 as loadbalancer.
I was checking it with curl and when running on master - you will get the reply. If running on system outside of the openshift - it shows 404 Page not found.
Their configuration is client -> f5 -> reverse proxy -> router -> pod.
from master everything works.
I found that the f5 is probably doing reencryption as you will get different certs with two calls.
I will attach the replies in private comment.
Version-Release number of selected component (if applicable):
OpenShift Container Platform 3.4.1
Steps to Reproduce:
I believe the problem is that your setup is decoding the encoded URL before it gets to Hawkular Metrics. Specifically its changing the %2F to an unencoded '/'
This is why you are getting a 404 error message from Hawkular Metrics, the path its trying to access is not url encoded anymore.
The endpoints between 3.4 have not changed, they have always used %2F in their urls.
There is probably something which have changed with your F5 setup. Some routers and proxies may have problems when '/' are encoded within the url. Is there an option to allow for these types of URL to pass through properly?
There is nothing the metrics team can do about this, I am reassigning to the networking team.
To verify what as suspected in comment#3, do we know that the base url works? The one without '/'.
Meanwhile, check on the Apache reverse proxy. If they ever upgraded that, it is possible that the encoded %2F gets dropped by default. See this: http://httpd.apache.org/docs/2.2/mod/core.html#allowencodedslashes
That would explain who is serving the 404.
Also, as next piece of investigation, do we have logs on whether hawkular actually receives the request?
Thank you, I will check with customer.
Closing due to lack of activity... please reopen if there's an update.