Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-1188

Ingress router crashing while creaing route with edge termination by providing cert's key value empty in ocp4.x

    XMLWordPrintable

Details

    • 0
    • 0% 0%

    Description

      1. Proposed title of this feature request

       Avoid crashing ingress router while creating an application route with  edge termination by providing the cert 's key value empty. 

      • command syntax:

      #oc create route edge --service=frontend \
      --cert=${MASTER_CONFIG_DIR}/ca.crt \
      --key=${MASTER_CONFIG_DIR}/ca.key \  <==== this was not provided
      --ca-cert=${MASTER_CONFIG_DIR}/ca.crt \
      --hostname=www.example.com

       Error logs:
      router-logs]$ cat router-default-f9b4d8746-ft4w6.log
      cat router-default-f9b4d8746-dzmnj.log

      ~~~
      I0806 01:52:48.217477 1 router.go:548] template "level"=0 "msg"="router reloaded" "output"=" - Checking http:
      //localhost:80 ...\n - Health check ok : 0 retry attempt(s).\n"
      E0806 01:56:51.921968 1 limiter.go:140] error reloading router: waitid: no child processes

      E0810 17:45:29.363640 1 limiter.go:140] error reloading router: exit status 1
      [ALERT] 222/174529 (30533) : parsing [/var/lib/haproxy/conf/haproxy.config:117] : 'bind
      127.0.0.1
      :10444' : 'crt-list
      ' : error processing line 1 in file '/var/lib/haproxy/conf/cert_config.map' : unable to load SSL certificate file '/
      var/lib/haproxy/router/certs/http-echo:bad-route.pem' file does not exist.
      [ALERT] 222/174529 (30533) : Error(s) found in configuration file : /var/lib/haproxy/conf/haproxy.config
      [ALERT] 222/174529 (30533) : Fatal errors found in configuration.
      E0810 17:46:12.820382 1 limiter.go:140] error reloading router: exit status 1
      [ALERT] 222/174612 (30536) : parsing [/var/lib/haproxy/conf/haproxy.config:117] : 'bind
      127.0.0.1
      :10444' : 'crt-list
      ' : error processing line 1 in file '/var/lib/haproxy/conf/cert_config.map' : unable to load SSL certificate file '/
      var/lib/haproxy/router/certs/http-echo:bad-route.pem' file does not exist.
      [ALERT] 224/122351 (30899) : Error(s) found in configuration file : /var/lib/haproxy/conf/haproxy.config
      [ALERT] 224/122351 (30899) : Fatal errors found in configuration.
      ~~~
       

      2. Why does the customer need this? (List the business requirements here)

      Customer said:

      ~~~
      As a platform operator, administrators are aware not to provide an empty key. However, many end-users do not understand the required fields. one end user is able to break the haproxy for all users of the platform.

      ~~~

      Customer's concern is to prevent breaking the router even if the supplied key value is missing.

       

      Attachments

        Activity

          People

            mcurry@redhat.com Marc Curry
            rhn-support-mjahangi Muhammad Selim Jahangir
            Votes:
            1 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: