Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 2003961

Summary:	Instructions for httpErrorCodePages feature in Ingress Controller unclear, can cause cluster outage
Product:	OpenShift Container Platform	Reporter:	Xander Soldaat <xsoldaat>
Component:	Documentation	Assignee:	Vikram Goyal <vigoyal>
Status:	CLOSED CURRENTRELEASE	QA Contact:	jechen <jechen>
Severity:	urgent	Docs Contact:	Vikram Goyal <vigoyal>
Priority:	high
Version:	4.9	CC:	aos-bugs, hongli, jechen, jokerman, misalunk, sarthoma, trees
Target Milestone:	---	Keywords:	Reopened
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2021-10-14 17:23:06 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Xander Soldaat 2021-09-14 08:41:10 UTC

Document URL: https://deploy-preview-36065--osdocs.netlify.app/openshift-enterprise/latest/networking/ingress-operator?utm_source=github&utm_campaign=bot_dp#nw-customize-ingress-error-pages_configuring-ingress


Section Number and Name: 
The entire "Customizing Ingress Controller error pages" section

Describe the issue: 
The example, as is, does not provide any clues as to what the content of the files mentioned in the command line should be:
$ oc -n openshift-config create configmap my-custom-error-code-pages --from-file=error-page-503.http--from-file=error-page-404.http

The problem is that if the contents are not exactly right, the ingress controller for which this configmap has been configured will fail to come up, and cause wide-spread application outage.

Suggestions for improvement: 
The root of the problem lies in the name of the key "httpErrorCodePages". This should have been named "httpErrorCodeResponses", as simply passing an HTML file causes catastrophic failure. The HAProxy expects a pre-cooked HTTP response, including a properly formatted HTTP header, and any and all HTML code that must be sent to the connecting client. The documentation should reflect this, with explicit instructions on how to create these files, using simple examples.

Please see the linked BZ for more information on what needs to be in these files.

Additional information: 
Without specific details on how these files should be formatted, this will cause cluster outages and large volumes of support tickets.

Comment 1 Miheer Salunke 2021-09-14 13:25:12 UTC

>> The root of the problem lies in the name of the key "httpErrorCodePages". This should have been named "httpErrorCodeResponses", as simply passing an HTML file causes catastrophic failure. The HAProxy expects a pre-cooked HTTP response, including a properly formatted HTTP header, and any and all HTML code that must be sent to the connecting client. The documentation should reflect this, with explicit instructions on how to create these files, using simple examples.

1. I appreciate your feedback on the name of the field but we are setting the errorfile directive which specifies an HTTP response status code and the path to an HTML page. That is why we think Pages in httpErrorCodePages is fine

https://www.haproxy.com/documentation/hapee/latest/configuration/config-sections/http-errors/

2. The documentation work is still in progress.

I have shared my review on this PR https://github.com/openshift/openshift-docs/pull/36065 related to this feature.

@sarthoma can please look into this a your earliest ?

Comment 2 Xander Soldaat 2021-09-14 13:39:01 UTC

I have no problems if the name is picked to remain consistent with the albeit badly chosen term in HAProxy. 

Some examples, such as in the HAProxy documentation would go a long way to explain what it is expecting. I do like the additional explanation of the mechanism of how the data is integrated with the Ingress Controller, in the PR.

Comment 8 Timothy Rees 2021-09-16 11:19:35 UTC

@sarthoma - is this the latest preview of the docs?

https://deploy-preview-36065--osdocs.netlify.app/openshift-enterprise/latest/networking/ingress-operator?utm_source=github&utm_campaign=bot_dp#nw-customize-ingress-error-pages_configuring-ingress

I am checking before I report more issues, for instance the first command; "oc -n openshift-config create config map my-custom-error-code-pages"  should have configmap as one word.  In addition, we should end each line after it with '\' as its a continuation of the command.

Comment 10 Sara Thomas 2021-09-17 13:17:28 UTC

@ti

Comment 14 Sara Thomas 2021-10-13 15:14:29 UTC

@xsoldaa

Comment 18 Sara Thomas 2021-10-14 17:23:06 UTC

I added an IMPORTANT notice to step 1 in the config, so hopefully customers will notice here before calling in support: https://docs.openshift.com/container-platform/4.9/networking/ingress-operator.html#nw-customize-ingress-error-pages_configuring-ingress 

Xander ACK'd this change in a Slack message, so I'm marking CLOSED at CURRENT RELEASE.