Bug 1187047

Summary: [routing-daemon] "oo-admin-ctl-routing delete-alias" does not delete related alias cert files
Product: OpenShift Container Platform Reporter: Johnny Liu <jialiu>
Component: NodeAssignee: chris alfonso <calfonso>
Status: CLOSED ERRATA QA Contact: libra bugs <libra-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 2.2.0CC: calfonso, hbrock, jdetiber, jokerman, libra-onpremise-devel, mmccomas
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: rubygem-openshift-origin-routing-daemon-0.22.1.2-1.el6op Doc Type: Bug Fix
Doc Text:
Cause: oo-admin-ctl-routing delete-alias did not delete SSL certificates. Consequence: Alias certificates were not removed when deleting an alias. Fix: oo-admin-ctl-routing node removes alias certificates. Result: oo-admin-ctl-routing node now removes alias certificates.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2015-02-12 13:10:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Johnny Liu 2015-01-29 09:14:51 UTC 
Description of problem:


Version-Release number of selected component (if applicable):
rubygem-openshift-origin-routing-daemon-0.22.1.1-1.el6op.noarch

How reproducible:
Always

Steps to Reproduce:
1. Set up an env with routing-daemon service, here I am using nginx LB.
2. Create an scalable app, add alias, upload ssl cert for this alias.
3. Run the following command
# oo-admin-ctl-routing list-pools; oo-admin-ctl-routing list-aliases
Listing pools.
  pool_ose_scaphp53app_jialiu_80 (2 members)
Listing aliases for all pools.
Pool pool_ose_scaphp53app_jialiu_80 has alias ha-scaphp53app-jialiu.example.com.
Pool pool_ose_scaphp53app_jialiu_80 has alias www.app1.com.
# oo-admin-ctl-routing delete-alias pool_ose_scaphp53app_jialiu_80 www.app1.com
Deleting alias pool_ose_scaphp53app_jialiu_80 from pool www.app1.com.
# pwd
/opt/rh/nginx16/root/etc/nginx/conf.d
# ll
total 28
-rw-rw-rw-. 1 root root  369 Jan 28 20:07 alias_pool_ose_scaphp53app_jialiu_80_ha-scaphp53app-jialiu.example.com.conf
-rw-rw-rw-. 1 root root  108 Jan 29 11:20 pool_ose_scaphp53app_jialiu_80.conf
-rw-rw-rw-. 1 root root  315 Jan 28 19:24 server.conf
-rw-rw-rw-. 1 root root 1164 Jan 29 16:58 www.app1.com.crt
-rw-rw-rw-. 1 root root 1675 Jan 29 16:58 www.app1.com.key



Actual results:
After delete alias via oo-admin-ctl-routing command, the alias ssl cert files are still kept there. While call "rhc alias-delete" command, routing-daemon would delete both aliases and ssl cert files.

Expected results:
"oo-admin-ctl-routing delete-alias" should delete both aliases and related ssl cert files.

Additional info:
I guess the F5 LB also has the same issue.
Comment 1 chris alfonso 2015-01-30 14:53:52 UTC 
This has been merged upstream https://github.com/openshift/origin-server/pull/6061
Comment 4 Johnny Liu 2015-02-03 06:01:37 UTC 
Verified this bug with rubygem-openshift-origin-routing-daemon-0.22.1.2-1.el6op.noarch, and PASS.


[root@dhcp-128-178 conf.d]# ll
total 24
-rw-rw-rw-. 1 root root  369 Feb  3 11:18 alias_pool_ose_scaphp53app_jialiu_80_ha-scaphp53app-jialiu.example.com.conf
-rw-rw-rw-. 1 root root  415 Feb  3 13:58 alias_pool_ose_scaphp53app_jialiu_80_www.app1.com.conf
-rw-rw-rw-. 1 root root   78 Feb  3 11:18 pool_ose_scaphp53app_jialiu_80.conf
-rw-rw-rw-. 1 root root  315 Jan 28 19:24 server.conf
-rw-rw-rw-. 1 root root 1164 Feb  3 13:58 www.app1.com.crt
-rw-rw-rw-. 1 root root 1675 Feb  3 13:58 www.app1.com.key

[root@dhcp-128-178 conf.d]# oo-admin-ctl-routing list-pools; oo-admin-ctl-routing list-aliases
Listing pools.
I, [2015-02-03T13:58:55.295942 #8223]  INFO -- : Initializing controller...
I, [2015-02-03T13:58:55.297250 #8223]  INFO -- : Initializing nginx model...
I, [2015-02-03T13:58:55.297866 #8223]  INFO -- : Requesting list of pools from load balancer...
  pool_ose_scaphp53app_jialiu_80 (1 members)
Listing aliases for all pools.
I, [2015-02-03T13:58:55.414263 #8242]  INFO -- : Initializing controller...
I, [2015-02-03T13:58:55.415810 #8242]  INFO -- : Initializing nginx model...
I, [2015-02-03T13:58:55.416484 #8242]  INFO -- : Requesting list of pools from load balancer...
Pool pool_ose_scaphp53app_jialiu_80 has alias www.app1.com.
Pool pool_ose_scaphp53app_jialiu_80 has alias ha-scaphp53app-jialiu.example.com.



[root@dhcp-128-178 conf.d]# oo-admin-ctl-routing delete-alias pool_ose_scaphp53app_jialiu_80 www.app1.com
Deleting alias pool_ose_scaphp53app_jialiu_80 from pool www.app1.com.
I, [2015-02-03T13:59:49.344212 #8434]  INFO -- : Initializing controller...
I, [2015-02-03T13:59:49.345762 #8434]  INFO -- : Initializing nginx model...
I, [2015-02-03T13:59:49.346446 #8434]  INFO -- : Requesting list of pools from load balancer...
D, [2015-02-03T13:59:49.347133 #8434] DEBUG -- : Removing SSL configuration for alias www.app1.com for pool pool_ose_scaphp53app_jialiu_80


[root@dhcp-128-178 conf.d]# oo-admin-ctl-routing list-pools; oo-admin-ctl-routing list-aliases
Listing pools.
I, [2015-02-03T14:00:16.750743 #8556]  INFO -- : Initializing controller...
I, [2015-02-03T14:00:16.752177 #8556]  INFO -- : Initializing nginx model...
I, [2015-02-03T14:00:16.752881 #8556]  INFO -- : Requesting list of pools from load balancer...
  pool_ose_scaphp53app_jialiu_80 (1 members)
Listing aliases for all pools.
I, [2015-02-03T14:00:16.870159 #8575]  INFO -- : Initializing controller...
I, [2015-02-03T14:00:16.872019 #8575]  INFO -- : Initializing nginx model...
I, [2015-02-03T14:00:16.872728 #8575]  INFO -- : Requesting list of pools from load balancer...
Pool pool_ose_scaphp53app_jialiu_80 has alias ha-scaphp53app-jialiu.example.com.



[root@dhcp-128-178 conf.d]# ll
total 12
-rw-rw-rw-. 1 root root 369 Feb  3 11:18 alias_pool_ose_scaphp53app_jialiu_80_ha-scaphp53app-jialiu.example.com.conf
-rw-rw-rw-. 1 root root  78 Feb  3 11:18 pool_ose_scaphp53app_jialiu_80.conf
-rw-rw-rw-. 1 root root 315 Jan 28 19:24 server.conf
Comment 6 errata-xmlrpc 2015-02-12 13:10:08 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0220.html