fabric8 console route certificate issue
88 views
Skip to first unread message
ibrahim dursun
Jul 5, 2015, 1:00:13 PM7/5/15
to fab...@googlegroups.com
Hi,
Thanks for the awesome work you have done with fabric8. I have done vagrant installation and everything works great.
I wanted to install the same setup on an ubuntu server on digitalocean to understand architecture even better. I have created a DNS record with wildcard subdomains and installed OpenShift Origin v1. Everything works fine.
I have installed fabric8 and created routes to the service. I see fabric8 console is being loaded at http://fabric8.mydomain.com but websocket connections are showing the following error in the browser console. "fabric8 WebSocket opening handshake was canceled". I have done some googling and found out that it might be related to SSL certificates. I wanted to add a secure route to fabric8 console but couldn't figure out how.
My problem might be different than what I suspect. It would be great if you guys can show me some pointers.
Thanks.
Thanks for the awesome work you have done with fabric8. I have done vagrant installation and everything works great.
I wanted to install the same setup on an ubuntu server on digitalocean to understand architecture even better. I have created a DNS record with wildcard subdomains and installed OpenShift Origin v1. Everything works fine.
I have installed fabric8 and created routes to the service. I see fabric8 console is being loaded at http://fabric8.mydomain.com but websocket connections are showing the following error in the browser console. "fabric8 WebSocket opening handshake was canceled". I have done some googling and found out that it might be related to SSL certificates. I wanted to add a secure route to fabric8 console but couldn't figure out how.
My problem might be different than what I suspect. It would be great if you guys can show me some pointers.
Thanks.
James Strachan
Jul 6, 2015, 4:00:29 AM7/6/15
to ibrahim dursun, fab...@googlegroups.com
We've yet to create great documentation around this but we found issues with trusting the Certificate Authority were causing browser issues when running the fabric8 console on Google's GKE. I wonder if you explicitly trust the ca.crt file from your OpenShift installation in your browser it helps? (e.g. in Preferences -> advanced -> Manage certificates... ) then try dragging the ca.crt file in there and saying you accept the CA?
Does the browser try and redirect you to the OpenShift login page? (Does reloading help? :)
--
You received this message because you are subscribed to the Google Groups "fabric8" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fabric8+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Medium: https://medium.com/@jstrachan/
Blog: http://macstrac.blogspot.com/
fabric8: http://fabric8.io/
Blog: http://macstrac.blogspot.com/
fabric8: http://fabric8.io/
ibrahim dursun
Jul 6, 2015, 3:52:44 PM7/6/15
to fab...@googlegroups.com, ibrahim...@gmail.com
Hi James,
It does redirect to openshift login page and then shows the connection is insecure warning, and immediately redirects to fabric8 console. I see html and css is loaded but the loading icon stays forever and browser console contains errors:
Failed to load resource: net::ERR_INSECURE_RESPONSE https://fabric8.mydomainnamehere.com:8443/api/v1/namespaces
and many other
Adding ca.cert to browser doesn't help either. It fails with the following error: sec_error_untrusted_issuer
I am not expert at this, but i have tried to create certificates (not sure if i have to) for server but it also didn't help.
6 Temmuz 2015 Pazartesi 11:00:29 UTC+3 tarihinde James Strachan yazdı:
It does redirect to openshift login page and then shows the connection is insecure warning, and immediately redirects to fabric8 console. I see html and css is loaded but the loading icon stays forever and browser console contains errors:
Failed to load resource: net::ERR_INSECURE_RESPONSE https://fabric8.mydomainnamehere.com:8443/api/v1/namespaces
and many other
Adding ca.cert to browser doesn't help either. It fails with the following error: sec_error_untrusted_issuer
I am not expert at this, but i have tried to create certificates (not sure if i have to) for server but it also didn't help.
6 Temmuz 2015 Pazartesi 11:00:29 UTC+3 tarihinde James Strachan yazdı:
ibrahim dursun
Jul 6, 2015, 4:34:33 PM7/6/15
to fab...@googlegroups.com, ibrahim...@gmail.com
Hi!
I have finally made it work. What I have done was to enable SELinux on CentOS. Fabric8 console is loading with some error in console but I am ok with that.
Thanks.
I have finally made it work. What I have done was to enable SELinux on CentOS. Fabric8 console is loading with some error in console but I am ok with that.
Thanks.
6 Temmuz 2015 Pazartesi 11:00:29 UTC+3 tarihinde James Strachan yazdı:
We've yet to create great documentation around this but we found issues with trusting the Certificate Authority were causing browser issues when running the fabric8 console on Google's GKE. I wonder if you explicitly trust the ca.crt file from your OpenShift installation in your browser it helps? (e.g. in Preferences -> advanced -> Manage certificates... ) then try dragging the ca.crt file in there and saying you accept the CA?
James Strachan
Jul 7, 2015, 5:34:35 AM7/7/15
to ibrahim dursun, fab...@googlegroups.com
On 6 July 2015 at 20:52, ibrahim dursun <ibrahim...@gmail.com> wrote:
Hi James,
It does redirect to openshift login page and then shows the connection is insecure warning, and immediately redirects to fabric8 console.
I've seen this too - its a PITA!
So you never got chance to actually login with user/password right? If so hit reload on the browser and it should take you back to the Advanced page then you should be able to click Advanced -> Proceed -> then it should redirect to the login page?
I see html and css is loaded but the loading icon stays forever and browser console contains errors:
Failed to load resource: net::ERR_INSECURE_RESPONSE https://fabric8.mydomainnamehere.com:8443/api/v1/namespaces
and many other
Adding ca.cert to browser doesn't help either. It fails with the following error: sec_error_untrusted_issuer
I wish kubernetes used a trusted certificate authority or something so things worked OOTB. I'm not sure how else we can fix this TBH - its currently quite painful.
ibrahim dursun
Jul 7, 2015, 5:56:47 PM7/7/15
to fab...@googlegroups.com, ibrahim...@gmail.com
Yes it is exactly what happens. Even though it works, sometimes I see websocket errors in the browser console and refreshing fixes that too. I hope it gets better.
Thanks for taking time to reply. Keep up the good work!
7 Temmuz 2015 Salı 12:34:35 UTC+3 tarihinde James Strachan yazdı:
Thanks for taking time to reply. Keep up the good work!
7 Temmuz 2015 Salı 12:34:35 UTC+3 tarihinde James Strachan yazdı:
Reply all
Reply to author
Forward
0 new messages