Websocket test Rancher 2

websocket-test-rancher2.md

Run WebSocket test for Rancher 2

Option 1: curl

Replace rancher.yourdomain.com with your Rancher URL and token-xxxxx:string with your API bearer token.

Using curl

This depends on the version of curl used (especially cross operating system)

curl -s -i -N \
                            --http1.1 \
                            -H "Connection: Upgrade" \
                            -H "Upgrade: websocket" \
                            -H "Sec-WebSocket-Key: SGVsbG8sIHdvcmxkIQ==" \
                            -H "Sec-WebSocket-Version: 13" \
                            -H "Authorization: Bearer token-xxxxx:string" \
                            -H "Host: rancher.yourdomain.com" \
                            -k https://rancher.yourdomain.com/v3/subscribe

Using curl via Docker

docker run --net=host appropriate/curl -s -i -N \
                            -H "Connection: Upgrade" \
                            -H "Upgrade: websocket" \
                            -H "Sec-WebSocket-Key: SGVsbG8sIHdvcmxkIQ==" \
                            -H "Sec-WebSocket-Version: 13" \
                            -H "Authorization: Bearer token-xxxxx:string" \
                            -H "Host: rancher.yourdomain.com" \
                            -k https://rancher.yourdomain.com/v3/subscribe

Option 2: rancher2ws

Replace rancher.yourdomain.com with your Rancher URL and token-xxxxx:string with your API bearer token.

docker run --net=host superseb/rancher2ws:latest rancher.yourdomain.com token-xxxxx:string

We are facing the hated wss error in a v2 rancher HA config. [ERROR] Failed to connect to peer wss://10.42.2.3/v3/connect [local ID=10.42.1.4]: websocket: bad handshake\n","stream":"stdout","time":"2020-03-09T18:31:04.703384782Z"}

We have SSL termination in a front end load balancer routing to backend rancher nodes using port 80. Our expectation would be that no ssl would be required between rancher nodes hence we should not face any bad handshake error. Is that assumption wrong?

We are using this test to verify connectivity however and are getting this result:

(node:1) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
events.js:173
throw er; // Unhandled 'error' event
^

Error: Unexpected server response: 401
at ClientRequest.req.on (/node_modules/ws/lib/websocket.js:559:5)
at ClientRequest.emit (events.js:197:13)
at HTTPParser.parserOnIncomingClient [as onIncoming] (_http_client.js:562:21)
at HTTPParser.parserOnHeadersComplete (_http_common.js:113:17)
at TLSSocket.socketOnData (_http_client.js:449:20)
at TLSSocket.emit (events.js:197:13)
at addChunk (_stream_readable.js:288:12)
at readableAddChunk (_stream_readable.js:269:11)
at TLSSocket.Readable.push (_stream_readable.js:224:10)
at TLSWrap.onStreamRead (internal/stream_base_commons.js:145:17)
Emitted 'error' event at:
at abortHandshake (/node_modules/ws/lib/websocket.js:671:15)
at ClientRequest.req.on (/node_modules/ws/lib/websocket.js:559:5)
[... lines matching original stack trace ...]
at TLSSocket.Readable.push (_stream_readable.js:224:10)

Can you offer some insights on what is the expected result for the test and what the above could imply?

May be worth tossing in references to the docs for generating bearer token

https://rancher.com/docs/rancher/v2.5/en/user-settings/api-keys
https://rancher.com/docs/rancher/v2.6/en/user-settings/api-keys/