Bug 974034 - [Origin_runtime_card#137] Cannot list ssl port for app which created via ssl enabled cartridge
[Origin_runtime_card#137] Cannot list ssl port for app which created via ssl ...
Status: CLOSED CURRENTRELEASE
Product: OpenShift Online
Classification: Red Hat
Component: Containers (Show other bugs)
2.x
Unspecified Unspecified
medium Severity medium
: ---
: ---
Assigned To: Rob Millner
libra bugs
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-06-13 06:26 EDT by Meng Bo
Modified: 2015-05-14 19:21 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-06-24 10:54:30 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Manifest for modified DIY cart. (2.84 KB, application/x-yaml)
2013-06-13 16:36 EDT, Rob Millner
no flags Details
start hook for modified diy cart (253 bytes, application/x-shellscript)
2013-06-13 16:36 EDT, Rob Millner
no flags Details
diy server that listens to both ports. (862 bytes, application/x-ruby)
2013-06-13 16:37 EDT, Rob Millner
no flags Details

  None (edit)
Description Meng Bo 2013-06-13 06:26:36 EDT
Description of problem:
Create app with an external cartridge which has enabled ssl option.
The manifest.yml looks like:
Endpoints:
  - Private-IP-Name:   IP
    Private-Port-Name: PORT
    Private-Port:      8080
    Public-Port-Name:  PROXY_PORT
  - Private-IP-Name:   SSL_IP
    Private-Port-Name: SSL_PORT
    Private-Port:      8443
    Public-Port-Name:  SSL_PROXY_PORT
    Options:           { "ssl_to_gear": true }
    Mappings:
      - Frontend:      ""
        Backend:       ""
        Options:       { websocket: true }
      - Frontend:      "/health"
        Backend:       ""
        Options:       { health: true }

SSH login to the app and run rhc-list-ports command to check the ports being listened on.
Only 8080 can be listed.


Version-Release number of selected component (if applicable):
devenv_3355

How reproducible:
always

Steps to Reproduce:
1.Modify the cartridge manifest.yml to support ssl
2.Create app by this cartridge
3.SSH login to the app and run rhc-list-ports

Actual results:
Only 8080 port can be listed.
[d1-bmengdev.dev.rhcloud.com 51b99af49e60640758000002]\> rhc-list-ports 
ruby -> 127.0.253.1:8080

Expected results:
The port 8443 which defined in manifest.yml should be listed as well.

Additional info:
Comment 1 Rob Millner 2013-06-13 16:34:48 EDT
The cartridge itself has to open up the port for listening in order for it to show up in rhc-list-ports.  Its not enough to just add the ports to the manifest.

Also, on devenv/Hosted, cartridges are not allowed to listen to port 8443.

If I modify a DIY cartridge to listen to both the SSL and non-SSL connection on different IPs, then I get the following:

[rm1-rmillner0130.dev.rhcloud.com 51ba2b5a59e8b7347d000001]\> rhc-list-ports 
ruby -> 127.0.250.129:8080
ruby -> 127.0.250.130:8080
Comment 2 Rob Millner 2013-06-13 16:36:12 EDT
Created attachment 760942 [details]
Manifest for modified DIY cart.
Comment 3 Rob Millner 2013-06-13 16:36:41 EDT
Created attachment 760943 [details]
start hook for modified diy cart
Comment 4 Rob Millner 2013-06-13 16:37:16 EDT
Created attachment 760944 [details]
diy server that listens to both ports.
Comment 5 Rob Millner 2013-06-13 16:39:58 EDT
Attached the files I changed in the DIY cart.  One caveat is that it doesn't seem to actually start SSL on the SSL connection configuration but you can test it for connectivity by going to the following URL:

http://${OPENSHIFT_GEAR_DNS}:${OPENSHIFT_DIY_SSL_PROXY_PORT}/
Comment 6 Meng Bo 2013-06-14 08:02:52 EDT
Test on devenv_3361,

By Rob's method,

App with ssl port 8080 specified can list the ports with different IPs.

Access the http:${OPENSHIFT_GEAR_DNS}:${OPENSHIFT_DIY_SSL_PROXY_PORT}/

We can find it is using the OPENSHIFT_DIY_SSL_IP via tcpdump.

Move the bug to verified.

Note You need to log in before you can comment on or make changes to this bug.