Red Hat Bugzilla – Bug 974034
[Origin_runtime_card#137] Cannot list ssl port for app which created via ssl enabled cartridge
Last modified: 2015-05-14 19:21:33 EDT
Description of problem: Create app with an external cartridge which has enabled ssl option. The manifest.yml looks like: Endpoints: - Private-IP-Name: IP Private-Port-Name: PORT Private-Port: 8080 Public-Port-Name: PROXY_PORT - Private-IP-Name: SSL_IP Private-Port-Name: SSL_PORT Private-Port: 8443 Public-Port-Name: SSL_PROXY_PORT Options: { "ssl_to_gear": true } Mappings: - Frontend: "" Backend: "" Options: { websocket: true } - Frontend: "/health" Backend: "" Options: { health: true } SSH login to the app and run rhc-list-ports command to check the ports being listened on. Only 8080 can be listed. Version-Release number of selected component (if applicable): devenv_3355 How reproducible: always Steps to Reproduce: 1.Modify the cartridge manifest.yml to support ssl 2.Create app by this cartridge 3.SSH login to the app and run rhc-list-ports Actual results: Only 8080 port can be listed. [d1-bmengdev.dev.rhcloud.com 51b99af49e60640758000002]\> rhc-list-ports ruby -> 127.0.253.1:8080 Expected results: The port 8443 which defined in manifest.yml should be listed as well. Additional info:
The cartridge itself has to open up the port for listening in order for it to show up in rhc-list-ports. Its not enough to just add the ports to the manifest. Also, on devenv/Hosted, cartridges are not allowed to listen to port 8443. If I modify a DIY cartridge to listen to both the SSL and non-SSL connection on different IPs, then I get the following: [rm1-rmillner0130.dev.rhcloud.com 51ba2b5a59e8b7347d000001]\> rhc-list-ports ruby -> 127.0.250.129:8080 ruby -> 127.0.250.130:8080
Created attachment 760942 [details] Manifest for modified DIY cart.
Created attachment 760943 [details] start hook for modified diy cart
Created attachment 760944 [details] diy server that listens to both ports.
Attached the files I changed in the DIY cart. One caveat is that it doesn't seem to actually start SSL on the SSL connection configuration but you can test it for connectivity by going to the following URL: http://${OPENSHIFT_GEAR_DNS}:${OPENSHIFT_DIY_SSL_PROXY_PORT}/
Test on devenv_3361, By Rob's method, App with ssl port 8080 specified can list the ports with different IPs. Access the http:${OPENSHIFT_GEAR_DNS}:${OPENSHIFT_DIY_SSL_PROXY_PORT}/ We can find it is using the OPENSHIFT_DIY_SSL_IP via tcpdump. Move the bug to verified.