-
Bug
-
Resolution: Done
-
Critical
-
7.2.0.GA, 7.3.0.CD15
We are not able to query jolokia on OCP 4.1 as we used to be on OCP 3.11. Here is what we did
# Start EAP oc import-image jboss-eap-7-tech-preview/eap-cd-openshift --from=registry.access.redhat.com/jboss-eap-7-tech-preview/eap-cd-openshift --confirm oc new-app eap-cd-openshift --name jolokia-reproducer oc expose svc/jolokia-reproducer # Query jolokia # Command contains pod name which has to be changed and token which you can get with `oc whoami -t` curl -v -k --oauth2-bearer GNOw3jTbgWu143pF21b8cSSG5Mksr_0t8_ZLG4zRrXI https://api.eap-qe-ocp41-cluster.eap-qe-ocp41-cluster.fw.rhcloud.com:6443/api/v1/namespaces/mchoma/pods/https:jolokia-reproducer-1-xnjrs:8778/proxy/jolokia/ * Trying 3.14.209.123... * TCP_NODELAY set * Connected to api.eap-qe-ocp41-cluster.eap-qe-ocp41-cluster.fw.rhcloud.com (3.14.209.123) port 6443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Request CERT (13): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: CN=api.eap-qe-ocp41-cluster.eap-qe-ocp41-cluster.fw.rhcloud.com * start date: May 2 06:49:44 2019 GMT * expire date: Jun 1 06:49:45 2019 GMT * issuer: OU=openshift; CN=kube-apiserver-lb-signer * SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Server auth using Bearer with user '' * Using Stream ID: 1 (easy handle 0x562191462590) > GET /api/v1/namespaces/mchoma/pods/https:jolokia-reproducer-1-xnjrs:8778/proxy/jolokia/ HTTP/2 > Host: api.eap-qe-ocp41-cluster.eap-qe-ocp41-cluster.fw.rhcloud.com:6443 > Authorization: Bearer GNOw3jTbgWu143pF21b8cSSG5Mksr_0t8_ZLG4zRrXI > User-Agent: curl/7.61.1 > Accept: */* > * Connection state changed (MAX_CONCURRENT_STREAMS == 2000)! < HTTP/2 401 < audit-id: e8a1815b-9901-4a87-910d-476e38ea8f5c < cache-control: no-store < date: Thu, 02 May 2019 11:34:23 GMT < www-authenticate: Basic realm="jolokia" < content-length: 0 < * Connection #0 to host api.eap-qe-ocp41-cluster.eap-qe-ocp41-cluster.fw.rhcloud.com left intact
Problem is request is not authenticated. Similar command in OCP 3.11 authenticates and returns something
curl -v -k --oauth2-bearer 10n_P-FK6ssm0RjY_1oJKDc3Yr9csThrLRJ9XP1viwA https://api.all-in-one-034.dynamic.xpaas:8443/api/v1/namespaces/mchoma/pods/https:eap-cd-openshift-1-j9dd5:8778/proxy/jolokia/ * Trying 10.0.76.171... * TCP_NODELAY set * Connected to api.all-in-one-034.dynamic.xpaas (10.0.76.171) port 8443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Request CERT (13): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Certificate (11): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305 * ALPN, server accepted to use h2 * Server certificate: * subject: CN=10.0.76.171 * start date: Apr 12 08:05:02 2019 GMT * expire date: Apr 11 08:05:03 2021 GMT * issuer: CN=openshift-signer@1555056302 * SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Server auth using Bearer with user '' * Using Stream ID: 1 (easy handle 0x561c92508590) > GET /api/v1/namespaces/mchoma/pods/https:eap-cd-openshift-1-j9dd5:8778/proxy/jolokia/ HTTP/2 > Host: api.all-in-one-034.dynamic.xpaas:8443 > Authorization: Bearer 10n_P-FK6ssm0RjY_1oJKDc3Yr9csThrLRJ9XP1viwA > User-Agent: curl/7.61.1 > Accept: */* > * Connection state changed (MAX_CONCURRENT_STREAMS == 250)! < HTTP/2 200 < cache-control: no-store < cache-control: no-cache < content-type: text/plain; charset=utf-8 < date: Thu, 02 May 2019 11:26:47 GMT < expires: Thu, 02 May 2019 10:26:47 GMT < pragma: no-cache < content-length: 848 < * Connection #0 to host api.all-in-one-034.dynamic.xpaas left intact {"request":{"type":"version"},"value":{"agent":"1.5.0","protocol":"7.2","config":{"listenForHttpService":"true","maxCollectionSize":"0","authIgnoreCerts":"false","agentId":"10.128.1.52-490-6e0be858-jvm","agentType":"jvm","policyLocation":"classpath:\/jolokia-access.xml","agentContext":"\/jolokia","mimeType":"text\/plain","discoveryEnabled":"false","streaming":"true","password":"VXey5eTaxdKwhNozLqnUtSf5vCNcqw","historyMaxEntries":"10","allowDnsReverseLookup":"true","maxObjects":"0","debug":"false","serializeException":"false","maxDepth":"15","authMode":"basic","canonicalNaming":"true","allowErrorDetails":"true","realm":"jolokia","includeStackTrace":"true","user":"jolokia","useRestrictorService":"false","debugMaxEntries":"100"},"info":{"product":"JBoss EAP CD","vendor":"RedHat","version":"7.3.0.CD15"}},"timestamp":1556796407,"status":200}
I have seen this also on amq image in tests.
- is cloned by
-
JBEAP-17530 [CD 18] [OCP 4.1] Not able to query jolokia on jboss images (doc updates)
- Closed
- is related to
-
JBEAP-17561 Genericize support for Jolokia and Java Open Console
- Closed