How to use http scheme for talaria

[karthika-ab]

Hi All,

We are using the docker-compose setup of xmidt without TLS .With the recent builds we have observed that the Petasos redirection url is changed to https://talaria instead of http://talaria .

The above issue was seen after the following commit : https://github.com/xmidt-org/talaria/pull/190 where the http scheme was removed from the address.

Please find the below logs from talaria,petasos and simulator :

Talaria logs:

{"datacenter":"","eventCount":2,"instances":[],"level":"error","msg":"service discovery update","passingOnly":true,"service":"talaria","tags":["stage=dev","flavor=mint"],"ts":"2021-09-14T08:16:13.795583075Z"} {"level":"info","msg":"registering on service discovery update","ts":"2021-09-14T08:16:13.795678953Z"} {"action":"register","address":"4acc26e52ee6","id":"4acc26e52ee6","instance":"http://4acc26e52ee6:6200","service":"talaria","tags":"[stage=dev flavor=mint]","ts":"2021-09-14T08:16:13.805702694Z"} {"datacenter":"","eventCount":2,"level":"error","msg":"disconnecting all devices: service discovery updated with no instances","passingOnly":true,"service":"talaria","tags":["stage=dev","flavor=mint"],"ts":"2021-09-14T08:16:13.805760414Z"} {"datacenter":"","eventCount":3,"instances":["4acc26e52ee6:6200"],"level":"error","msg":"service discovery update","passingOnly":true,"service":"talaria","tags":["stage=dev","flavor=mint"],"ts":"2021-09-14T08:16:19.826884696Z"} {"datacenter":"","eventCount":3,"level":"info","msg":"rehash starting","passingOnly":true,"service":"talaria","tags":["stage=dev","flavor=mint"],"ts":"2021-09-14T08:16:19.83028304Z"} {"datacenter":"","disconnectCount":0,"duration":"20.639µs","eventCount":3,"level":"info","msg":"rehash complete","passingOnly":true,"service":"talaria","tags":["stage=dev","flavor=mint"],"ts":"2021-09-14T08:16:19.830371095Z"}

Petasos logs:

{"datacenter":"","eventCount":3,"instances":["4acc26e52ee6:6200"],"level":"error","msg":"service discovery update","passingOnly":true,"service":"talaria","tags":["stage=dev","flavor=mint"],"ts":"2021-09-14T08:16:19.838227957Z"}

Simulator logs:

[1631607781][PARODUS][Error]: nopoll_conn.c:3067 websocket server denied connection with: 307 Temporary Redirect [1631607781][PARODUS][Error]: nopoll_conn.c:2914 Received uncomplete listener handshake reply (0 0 0) [1631607781][PARODUS][Info]: nopoll_conn.c:5229 nopoll_conn_wait_for_status_until_connection_ready() response: message: Redirect:https://4acc26e52ee6:6200/api/v2/device [1631607781][PARODUS][Info]: Received temporary redirection response message Redirect:https://4acc26e52ee6:6200/api/v2/device [1631607781][PARODUS][Info]: full url: https://4acc26e52ee6:6200/api/v2/device [1631607781][PARODUS][Info]: server address copied from url [1631607781][PARODUS][Info]: server 4acc26e52ee6, port 6200, http_match 0 [1631607781][PARODUS][Info]: nopoll_ctx.c:338 Unregistered connection id 270 [1631607781][PARODUS][Info]: cloud_status set as offline after connection close [1631607781][PARODUS][Info]: Connecting in Ipv4 mode [1631607781][PARODUS][Info]: nopoll_conn.c:331 IPv4 address of 4acc26e52ee6 is 172.29.0.5

[1631607781][PARODUS][Info]: nopoll_conn.c:377 Create socket with non blocking-mode [1631607781][PARODUS][Info]: nopoll_conn.c:264 Result of wait after connect EINPROGRESS = 0

[1631607781][PARODUS][Error]: nopoll_conn.c:827 Failed to configure CA certificate (/etc/ssl/certs/ca-certificates.crt), SSL_CTX_load_verify_locations () failed [1631607781][PARODUS][Error]: nopoll_conn.c:1024 Unable to configure additional SSL options, unable to continue, conn->ssl_ctx=0x55c3369efde0, conn->ssl=0 [1631607781][PARODUS][Error]: Error connecting to server [1631607781][PARODUS][Error]: RDK-10037 - WebPA Connection Lost [1631607781][PARODUS][Info]: nopoll_ctx.c:338 Unregistered connection id 271 [1631607781][PARODUS][Info]: cloud_status set as offline after connection close [1631607781][PARODUS][Info]: Waiting max delay 3 backoffRetryTime 3 secs 0 usecs [1631607784][PARODUS][Info]: nopoll_conn.c:331 IPv4 address of petasos is 172.29.0.4

`[root@ip-172-31-4-205 docker-compose]# curl -i  -H "X-Webpa-Device-Name:mac:112233445566" localhost:6400/api/v2/device
HTTP/1.1 307 Temporary Redirect
Content-Type: text/html; charset=utf-8
Location: https://4acc26e52ee6:6200/api/v2/device
X-Petasos-Build: unkown
X-Petasos-Flavor: mint
X-Petasos-Region: east
X-Petasos-Server: 779f9ab8461e
X-Petasos-Start-Time: 14 Sep 21 08:35 UTC
Date: Tue, 14 Sep 2021 08:44:08 GMT
Content-Length: 72

<a href="https://4acc26e52ee6-0:6200/api/v2/device">Temporary Redirect</a>.
`

We have used the envt variable HOSTNAME from https://github.com/xmidt-org/talaria/blob/6cd8ee52a0a29bcb601a6cff7bd0cec460bddeee/deploy/packaging/talaria_spruce.yaml#L402 to concat http prefix ,but the above approach is giving HTTP 500 error probably as the same envt variable is used in the server field too.

The only solution that works for me is to specify a new envt variable HOSTNAME_ADDRESS replacing the existing https://github.com/xmidt-org/talaria/blob/6cd8ee52a0a29bcb601a6cff7bd0cec460bddeee/deploy/packaging/talaria_spruce.yaml#L402 and concat http prefix to the variable in the docker-compose.yml file :

 **address: (( grab $HOSTNAME_ADDRESS || "talaria" ))**  

Is there any other approach to make the configuration work with http scheme instead of https?

[karthika-ab]

Hi @Sachin4403 and @joe94 ,

Could you please share your insights ?

[Sachin4403]

Hi @karthika-ab,

There was an issue in the configuration due to which the talaria rehasher was not working properly for that I had raised #190. For this your current issue I had raised a PR https://github.com/xmidt-org/petasos/pull/71 once this is merged you will be unblocked.

As of now you can checkout my branch and make a docker image locally post that you can run deploy.sh which will pick my image and your local setup will run smoothly with the HTTP scheme.

[karthika-ab]

okay Thanks @Sachin4403 .I will try the same.

[Sachin4403]

Hello @karthika-ab

This issue can be closed?