Hide Forgot
Description of problem: Customer has configured to enable external elasticsearch route access and faced the following issue on Openshift Diagnostics due to the external URL was not added to kibana-proxy: ``` "ERROR: [AGL0147 from diagnostic AggregatedLogging@openshift/origin/pkg/oc/admin/diagnostics/diagnostics/cluster/aggregated_logging/diagnostic.go:129] OauthClient 'kibana-proxy' does not include a redirectURI for route 'logging-es' which is ‘elasticsearch-external.apps.example.com'") ``` By observing the installation playbook[1], I'm currently seeing that it's not possible to add it with an ansible variable right now. This RFE has the objective to add an option to add kibana proxy hostnames with an inventory variable [1] https://github.com/openshift/openshift-ansible/blob/2fb6224c12fffd7862a0e0cceba4eac57279c652/roles/openshift_logging_kibana/tasks/main.yaml#L171 Version-Release number of selected component (if applicable): 3.11
External route name to Kibana is configurable by providing the appropriate inventory variable described in: https://docs.okd.io/3.11/install_config/aggregate_logging.html#aggregate-logging-ansible-variables https://github.com/openshift/openshift-ansible/blob/release-3.11/roles/openshift_logging_kibana/defaults/main.yml#L13 I would expect setting the variable and rerunning the playbook to resolve the issue. Closing NOTABUG. Please reopen with additional details if this does not your requirements
With the introduction of OpenShift 4, Red Hat has delivered or roadmapped a substantial number of features based on feedback by our customers. Many of the enhancements encompass specific RFEs which have been requested, or deliver a comparable solution to a customer problem, rendering an RFE redundant. This bz (RFE) has been identified as a feature request not yet planned or scheduled for an OpenShift release and is being closed. If this feature is still an active request that needs to be tracked, Red Hat Support can assist in filing a request in the new JIRA RFE system, as well as provide you with updates as the RFE progress within our planning processes. Please open a new support case: https://access.redhat.com/support/cases/#/case/new Opening a New Support Case: https://access.redhat.com/support/cases/#/case/new As the new Jira RFE system is not yet public, Red Hat Support can help answer your questions about your RFEs via the same support case system.
This isn't a RFE it's a bug still present in latest v3.11.232 $ oc adm diagnostics aggregatedlogging ERROR: [AGL0147 from diagnostic AggregatedLogging@openshift/origin/pkg/oc/cli/admin/diagnostics/diagnostics/cluster/aggregated_logging/diagnostic.go:138] OauthClient 'kibana-proxy' does not include a redirectURI for route 'logging-es' which is 'es.10.10.94.12.nip.io' NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD logging-es es.10.10.94.12.nip.io logging-es <all> reencrypt None logging-kibana kibana.10.10.94.12.nip.io logging-kibana <all> reencrypt/Redirect None $ oc get oauthclient NAME SECRET WWW-CHALLENGE TOKEN-MAX-AGE REDIRECT URIS kibana-proxy MnC0sEYDxXROcuCT9QI2r3OOjoMN0xR9X4uZzUN92qJZ6CaFoojugWd5gVxd2TkM FALSE 168h0m0s https://kibana.10.10.94.12.nip.io $ oc get oauthclient kibana-proxy -o yaml accessTokenMaxAgeSeconds: 604800 apiVersion: oauth.openshift.io/v1 kind: OAuthClient redirectURIs: - https://kibana.10.10.94.12.nip.io Diagnostics check mistakenly(?) thinks ES external route "logging-es" should be part of redirectURIs for "kibana-proxy" OAuthclient. I don't believe that is the purpose of this ES route - it is optional to provide "external Elasticsearch" access enabled by inventory settings: openshift_logging_es_allow_external=true openshift_logging_es_hostname=es.10.10.94.12.nip.io
The work around is to manually edit the oauthclient to add the required issue. Closing WONTFIX