Bug 1467653 - Hawkular - reencryption on F5 causes to shows Page Not Found 404
Hawkular - reencryption on F5 causes to shows Page Not Found 404
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking (Show other bugs)
Unspecified Unspecified
unspecified Severity high
: ---
: 3.6.z
Assigned To: Rajat Chopra
Meng Bo
Depends On:
  Show dependency treegraph
Reported: 2017-07-04 08:58 EDT by Vladislav Walek
Modified: 2017-10-27 08:52 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2017-07-31 16:25:15 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Vladislav Walek 2017-07-04 08:58:06 EDT
Description of problem:

Customer is running the metrics, but he is not able to see anything in the web console. When you tried to see the default hawkular url, it shows that it is running, however nothing is shown in the Metrics tab of the pod. Their configuration uses F5 as loadbalancer.

I was checking it with curl and when running on master - you will get the reply. If running on system outside of the openshift - it shows 404 Page not found. 

Their configuration is client -> f5 -> reverse proxy -> router -> pod.
from master everything works.

I found that the f5 is probably doing reencryption as you will get different certs with two calls.
I will attach the replies in private comment.

Version-Release number of selected component (if applicable):
OpenShift Container Platform 3.4.1

How reproducible:

Steps to Reproduce:

Actual results:

Expected results:

Additional info:
Comment 3 Matt Wringe 2017-07-10 12:28:52 EDT
I believe the problem is that your setup is decoding the encoded URL before it gets to Hawkular Metrics. Specifically its changing the %2F to an unencoded '/' 

This is why you are getting a 404 error message from Hawkular Metrics, the path its trying to access is not url encoded anymore.

The endpoints between 3.4 have not changed, they have always used %2F in their urls.

There is probably something which have changed with your F5 setup. Some routers and proxies may have problems when '/' are encoded within the url. Is there an option to allow for these types of URL to pass through properly?

There is nothing the metrics team can do about this, I am reassigning to the networking team.
Comment 4 Rajat Chopra 2017-07-12 12:56:23 EDT
To verify what as suspected in comment#3, do we know that the base url works? The one without '/'.
Meanwhile, check on the Apache reverse proxy. If they ever upgraded that, it is possible that the encoded %2F gets dropped by default. See this: http://httpd.apache.org/docs/2.2/mod/core.html#allowencodedslashes

That would explain who is serving the 404.

Also, as next piece of investigation, do we have logs on whether hawkular actually receives the request?
Comment 5 Vladislav Walek 2017-07-13 03:28:59 EDT
Hello Rajat,
Thank you, I will check with customer.
Comment 6 Ben Bennett 2017-07-31 16:25:15 EDT
Closing due to lack of activity... please reopen if there's an update.

Note You need to log in before you can comment on or make changes to this bug.