Thank you for your answer Nick.
I tried applying your solution on one of my webseals, but now it no longer starts even though I removed the configuration you recommended.
In the message log of the webseal I have this error:
HPDCO0156E Configuration item missing (junction, basicauth-dummy-passwd).
Original Message:
Sent: Fri October 11, 2024 12:40 AM
From: Nick Lloyd
Subject: Webseal junction on Kubernetes openshift
Hi Fabio,
I just helped a customer with this exact same issue. Check the ping-uri in the WRP config file. For example,
[junction]
ping-method = HEAD
ping-uri = /
ping-response-code-rules = +2??
We used the curl command built-in to the admin CLI to run the above to the junction server. For example,
isva> tools
isva:tools> curl -v -s -k -X HEAD https://backendserver:port
We saw that a 500 was returned. The backend did not like the HEAD command or accessing using /. We added a one-off health check like,
[junction:/jct]
ping-method = GET
ping-uri = /appname
ping-response-code-rules = +2??
This resolved the issue and the server always shows running as it should be.
Given your problem description this sounds like the exact same issue and you'll need to figure out a proper health check.
------------------------------
Nick
IBM Security Verify Customer Support
Original Message:
Sent: Thu October 10, 2024 05:08 AM
From: Fabio Morziello
Subject: Webseal junction on Kubernetes openshift
Hi Scott,
Thank you for your answer,
I have an application exposed by RH Openshift via a route like http://myapp.myopenshit.com/myapp.
I created a trasparent junction like this:
Server task mywebseal create -t tcp -h myapp.myopenshit.com -p 80 -v myapp.myopenshit.com -x /myapp
If I try to see the status of this new junction via the command:
Server task mywebseal show /myapp
I can see that the resource is online but the server status is not running as you can see from the following image.
If I then call my junction from my portal (https://my.websealdomain.it/myapp) it works fine and the server status goes from 'not running' to 'running' and then returns to a 'not running' status after some time.
If I may add one more piece of information if I try to connect to the same endpoint configured on the junction it responds correctly.
What do i have to configure on webseal side or on RH Openshift side to make the junction always running?
where is my error?
Regards,
Fabio
------------------------------
Fabio Morziello
Original Message:
Sent: Wed October 09, 2024 04:47 PM
From: Scott Exton
Subject: Webseal junction on Kubernetes openshift
Fabio,
Are you able to provide some further clarification on what you mean when you say the junction is up or down. You have shown screenshots of the UI, but in a containerised environment the configuration container does not directly communicate with the junction and so it won't show the status of the junction.
Are you saying that in the WRP container you are seeing log messages stating that the junction is cycling between available and unavailable?
Thanks.
Scott A. Exton
Senior Software Engineer
Chief Programmer - IBM Security Verify Access
IBM Master Inventor
Original Message:
Sent: 10/9/2024 7:42:00 AM
From: Fabio Morziello
Subject: Webseal junction on Kubernetes openshift
Hello,
I have set up a junction to my openshift platform.
I have a strange behaviour, the junction results down but if I call the junction the application behind work fine and at that moment the junction is up, only to come back down after some time.
before invoking the junction
After invoking the junction
what do i need to configure to have the junction always up and running?
------------------------------
Fabio Morziello
------------------------------