Bug 974034 - [Origin_runtime_card#137] Cannot list ssl port for app which created via ssl enabled cartridge
Summary: [Origin_runtime_card#137] Cannot list ssl port for app which created via ssl ...
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OpenShift Online
Classification: Red Hat
Component: Containers (Show other bugs)
(Show other bugs)
Version: 2.x
Hardware: Unspecified Unspecified
medium
medium
Target Milestone: ---
: ---
Assignee: Rob Millner
QA Contact: libra bugs
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-06-13 10:26 UTC by Meng Bo
Modified: 2015-05-14 23:21 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-06-24 14:54:30 UTC
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Manifest for modified DIY cart. (2.84 KB, application/x-yaml)
2013-06-13 20:36 UTC, Rob Millner
no flags Details
start hook for modified diy cart (253 bytes, application/x-shellscript)
2013-06-13 20:36 UTC, Rob Millner
no flags Details
diy server that listens to both ports. (862 bytes, application/x-ruby)
2013-06-13 20:37 UTC, Rob Millner
no flags Details

Description Meng Bo 2013-06-13 10:26:36 UTC
Description of problem:
Create app with an external cartridge which has enabled ssl option.
The manifest.yml looks like:
Endpoints:
  - Private-IP-Name:   IP
    Private-Port-Name: PORT
    Private-Port:      8080
    Public-Port-Name:  PROXY_PORT
  - Private-IP-Name:   SSL_IP
    Private-Port-Name: SSL_PORT
    Private-Port:      8443
    Public-Port-Name:  SSL_PROXY_PORT
    Options:           { "ssl_to_gear": true }
    Mappings:
      - Frontend:      ""
        Backend:       ""
        Options:       { websocket: true }
      - Frontend:      "/health"
        Backend:       ""
        Options:       { health: true }

SSH login to the app and run rhc-list-ports command to check the ports being listened on.
Only 8080 can be listed.


Version-Release number of selected component (if applicable):
devenv_3355

How reproducible:
always

Steps to Reproduce:
1.Modify the cartridge manifest.yml to support ssl
2.Create app by this cartridge
3.SSH login to the app and run rhc-list-ports

Actual results:
Only 8080 port can be listed.
[d1-bmengdev.dev.rhcloud.com 51b99af49e60640758000002]\> rhc-list-ports 
ruby -> 127.0.253.1:8080

Expected results:
The port 8443 which defined in manifest.yml should be listed as well.

Additional info:

Comment 1 Rob Millner 2013-06-13 20:34:48 UTC
The cartridge itself has to open up the port for listening in order for it to show up in rhc-list-ports.  Its not enough to just add the ports to the manifest.

Also, on devenv/Hosted, cartridges are not allowed to listen to port 8443.

If I modify a DIY cartridge to listen to both the SSL and non-SSL connection on different IPs, then I get the following:

[rm1-rmillner0130.dev.rhcloud.com 51ba2b5a59e8b7347d000001]\> rhc-list-ports 
ruby -> 127.0.250.129:8080
ruby -> 127.0.250.130:8080

Comment 2 Rob Millner 2013-06-13 20:36:12 UTC
Created attachment 760942 [details]
Manifest for modified DIY cart.

Comment 3 Rob Millner 2013-06-13 20:36:41 UTC
Created attachment 760943 [details]
start hook for modified diy cart

Comment 4 Rob Millner 2013-06-13 20:37:16 UTC
Created attachment 760944 [details]
diy server that listens to both ports.

Comment 5 Rob Millner 2013-06-13 20:39:58 UTC
Attached the files I changed in the DIY cart.  One caveat is that it doesn't seem to actually start SSL on the SSL connection configuration but you can test it for connectivity by going to the following URL:

http://${OPENSHIFT_GEAR_DNS}:${OPENSHIFT_DIY_SSL_PROXY_PORT}/

Comment 6 Meng Bo 2013-06-14 12:02:52 UTC
Test on devenv_3361,

By Rob's method,

App with ssl port 8080 specified can list the ports with different IPs.

Access the http:${OPENSHIFT_GEAR_DNS}:${OPENSHIFT_DIY_SSL_PROXY_PORT}/

We can find it is using the OPENSHIFT_DIY_SSL_IP via tcpdump.

Move the bug to verified.


Note You need to log in before you can comment on or make changes to this bug.