-
Bug
-
Resolution: Obsolete
-
Minor
-
None
-
4.16.z
-
Quality / Stability / Reliability
-
False
-
-
2
-
Moderate
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
Provided conf for external LB HAProxy fails with SSL_ERROR_SYSCALL
Version-Release number of selected component (if applicable):
4.16.15
How reproducible:
always
Steps to Reproduce:
1. Conf https://github.com/openshift/openshift-docs/blob/7dcedfc/modules/nw-osp-configuring-external-load-balancer.adoc
listen my-cluster-machine-config-api-22623
bind 192.168.1.100:22623
mode tcp
balance roundrobin
option httpchk
http-check connect
http-check send meth GET uri /healthz
http-check expect status 200
server my-cluster-master-2 192.168.1.101:22623 check inter 10s rise 2 fall 2
server my-cluster-master-0 192.168.1.102:22623 check inter 10s rise 2 fall 2
server my-cluster-master-1 192.168.1.103:22623 check inter 10s rise 2 fall 2
2. deploy using openshift-install. OVF is deployed as bootstrap VM (vsphere IPI). Wait until boot has completed.
3. curl -ik https://bootstrap-ip:22623/config/master | less gives 200 OK
4. curl -ik https://LB-IP:22623/config/master | less fails with message curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to LB-IP:22623
Actual results:
3 and 4 do not yield the same results
Expected results:
curl through external LB HAProxy yields correct results
Additional info:
curl without -k fails (CA is "OU = openshift, CN = root-ca") No haproxy.log relevant output Reverting to TCP check without healthcheck (/healthz polling) as per https://access.redhat.com/articles/5127211 makes it work as expected.
