Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-1188

Ingress router crashing while creaing route with edge termination by providing cert's key value empty in ocp4.x

XMLWordPrintable

      1. Proposed title of this feature request

       Avoid crashing ingress router while creating an application route with  edge termination by providing the cert 's key value empty. 

      • command syntax:

      #oc create route edge --service=frontend \
      --cert=${MASTER_CONFIG_DIR}/ca.crt \
      --key=${MASTER_CONFIG_DIR}/ca.key \  <==== this was not provided
      --ca-cert=${MASTER_CONFIG_DIR}/ca.crt \
      --hostname=www.example.com

       Error logs:
      router-logs]$ cat router-default-f9b4d8746-ft4w6.log
      cat router-default-f9b4d8746-dzmnj.log

      ~~~
      I0806 01:52:48.217477 1 router.go:548] template "level"=0 "msg"="router reloaded" "output"=" - Checking http:
      //localhost:80 ...\n - Health check ok : 0 retry attempt(s).\n"
      E0806 01:56:51.921968 1 limiter.go:140] error reloading router: waitid: no child processes

      E0810 17:45:29.363640 1 limiter.go:140] error reloading router: exit status 1
      [ALERT] 222/174529 (30533) : parsing [/var/lib/haproxy/conf/haproxy.config:117] : 'bind
      127.0.0.1
      :10444' : 'crt-list
      ' : error processing line 1 in file '/var/lib/haproxy/conf/cert_config.map' : unable to load SSL certificate file '/
      var/lib/haproxy/router/certs/http-echo:bad-route.pem' file does not exist.
      [ALERT] 222/174529 (30533) : Error(s) found in configuration file : /var/lib/haproxy/conf/haproxy.config
      [ALERT] 222/174529 (30533) : Fatal errors found in configuration.
      E0810 17:46:12.820382 1 limiter.go:140] error reloading router: exit status 1
      [ALERT] 222/174612 (30536) : parsing [/var/lib/haproxy/conf/haproxy.config:117] : 'bind
      127.0.0.1
      :10444' : 'crt-list
      ' : error processing line 1 in file '/var/lib/haproxy/conf/cert_config.map' : unable to load SSL certificate file '/
      var/lib/haproxy/router/certs/http-echo:bad-route.pem' file does not exist.
      [ALERT] 224/122351 (30899) : Error(s) found in configuration file : /var/lib/haproxy/conf/haproxy.config
      [ALERT] 224/122351 (30899) : Fatal errors found in configuration.
      ~~~
       

      2. Why does the customer need this? (List the business requirements here)

      Customer said:

      ~~~
      As a platform operator, administrators are aware not to provide an empty key. However, many end-users do not understand the required fields. one end user is able to break the haproxy for all users of the platform.

      ~~~

      Customer's concern is to prevent breaking the router even if the supplied key value is missing.

       

            mcurry@redhat.com Marc Curry
            rhn-support-mjahangi Muhammad Selim Jahangir
            Votes:
            1 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: