Bug 1308718

Summary: It is better to return meaningful error message when do ssh in head gear of scalable app with incorrect user id or ssh url
Product: OpenShift Container Platform Reporter: Vu Dinh <vdinh>
Component: ContainersAssignee: Vu Dinh <vdinh>
Status: CLOSED ERRATA QA Contact: DeShuai Ma <dma>
Severity: low Docs Contact:
Priority: low    
Version: 2.2.0CC: aos-bugs, bmeng, dmcphers, gpei, jokerman, mmccomas, omnifacesha, rthrashe, vdinh, xtian
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: openshift-origin-cartridge-haproxy-1.31.5.1-1.el6op Doc Type: Bug Fix
Doc Text:
Cause: In scaled application, the HAProxy cartridge in head gear contains a ssh wrapper that is set to quiet mode (-q flag). Consequence: As a result, if user executes ssh commands with invalid parameters, no errors are shown as they are suppressed by the -q flag. Fix: The ssh wrapper in HAProxy cartridge is removed as it's no longer needed. The oo-ssh now exists and the node runtime either uses it or specifies the required flags wherever it invokes ssh commands. As a result, ssh in head gear will use standard ssh from /usr/bin/ssh which doesn't have -q flag. Result: If an invalid ssh command is executed, the meaningful error message will be prompted to the user.
 Story Points: ---
Clone Of: 1082610 Environment:
Last Closed: 2016-03-22 16:54:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1082610    
Bug Blocks:    

Description Vu Dinh 2016-02-15 21:03:00 UTC 
+++ This bug was initially created as a clone of Bug #1082610 +++

Description of problem:

ssh command executed from gear "does nothing"

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. From local desktop, ssh into main gear using ssh [id]@[app name].rhcloud.com
2. From remote shell, try to ssh into HA gear
3.

Actual results:

Nothings happens. ssh returns immediately without any response


Expected results:

connection to remote gear


Additional info:

Gives the same response when trying to ssh into non-existing hosts, like "ssh foo", "ssh this_does_not_work" etc.

--- Additional comment from omnifaces on 2014-03-31 11:15:36 EDT ---

As it appears, ssh does work, but is by default silent. It wasn't clear what the URL addresses of the additional gears were, but they were apparently wrong.

Invoking ssh with the -v option does give basic feedback.

--- Additional comment from Meng Bo on 2014-04-01 22:43:18 EDT ---

At first, the function works for me as below on current STG.


root@openshift-ubuntu1310:~/openshifttest# ssh 533b74cf2587c8bbd400100a.rhcloud.com

    *********************************************************************

    You are accessing a service that is for use only by authorized users.
    If you do not have authorization, discontinue use at once.
    Any use of the services is subject to the applicable terms of the 
    agreement which can be found at: 
    https://www.openshift.com/legal

    *********************************************************************

    Welcome to OpenShift shell

    This shell will assist you in managing OpenShift applications.

    !!! IMPORTANT !!! IMPORTANT !!! IMPORTANT !!!
    Shell access is quite powerful and it is possible for you to
    accidentally damage your application.  Proceed with care!
    If worse comes to worst, destroy your application with "rhc app delete"
    and recreate it
    !!! IMPORTANT !!! IMPORTANT !!! IMPORTANT !!!

    Type "help" for more info.


[php54s-bmengsstg.stg.rhcloud.com 533b74cf2587c8bbd400100a]\> ssh 533b75902587c826b6000bbe.rhcloud.com

    *********************************************************************

    You are accessing a service that is for use only by authorized users.  
    If you do not have authorization, discontinue use at once. 
    Any use of the services is subject to the applicable terms of the 
    agreement which can be found at: 
    https://www.openshift.com/legal

    *********************************************************************

    Welcome to OpenShift shell

    This shell will assist you in managing OpenShift applications.

    !!! IMPORTANT !!! IMPORTANT !!! IMPORTANT !!!
    Shell access is quite powerful and it is possible for you to
    accidentally damage your application.  Proceed with care!
    If worse comes to worst, destroy your application with "rhc app delete"
    and recreate it
    !!! IMPORTANT !!! IMPORTANT !!! IMPORTANT !!!

    Type "help" for more info.


[533b75902587c826b6000bbe-bmengsstg.stg.rhcloud.com 533b75902587c826b6000bbe]\>



And I can get your issue when ssh from the head gear to any non-existing gears:

[php54s-bmengsstg.stg.rhcloud.com 533b74cf2587c8bbd400100a]\> ssh non-exist-user@non-exist-site
[php54s-bmengsstg.stg.rhcloud.com 533b74cf2587c8bbd400100a]\> 


Update the title to reflect the real issue.

--- Additional comment from Vu Dinh on 2015-11-14 21:38:23 EST ---

This issue is already fixed as I can't reproduce the issue anymore.

Output:
[test3-vdinh2.dev.rhcloud.com 5647ef6a31b460c5fc000005]\> ssh test@test
ssh: Could not resolve hostname test: Name or service not known

Please verify.

--- Additional comment from Meng Bo on 2015-11-26 00:45:10 EST ---

The issue still can be reproduced on devenv_5273,

[app1s-bmeng1.dev.rhcloud.com 5656783672ff1df137000009]\> ssh  test@test
[app1s-bmeng1.dev.rhcloud.com 5656783672ff1df137000009]\> ssh  test@test
[app1s-bmeng1.dev.rhcloud.com 5656783672ff1df137000009]\> ssh  test@test
[app1s-bmeng1.dev.rhcloud.com 5656783672ff1df137000009]\> ssh -v test@test
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /var/lib/openshift/5656783672ff1df137000009//.openshift_ssh/config
ssh: Could not resolve hostname test: Name or service not known
[app1s-bmeng1.dev.rhcloud.com 5656783672ff1df137000009]\> ssh -v test@test
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /var/lib/openshift/5656783672ff1df137000009//.openshift_ssh/config
ssh: Could not resolve hostname test: Name or service not known

--- Additional comment from openshift-github-bot on 2015-12-07 11:49:40 EST ---

Commit pushed to master at https://github.com/openshift/origin-server

https://github.com/openshift/origin-server/commit/24b0f603fe2249e59963fab7cb292b76e28a9e7c
Bug 1082610 - ssh in head gear of scalable app doesn't return any errors

The HAProxy cartridge in head gear contains a ssh wrapper that is set to
quiet mode (-q flag). As a result, if user executes ssh commands with
invalid parameters, no errors are shown as they are suppressed by the
-q flag.

This commit will remove the ssh wrapper as it's no longer needed in
the HAProxy cartridge. The oo-ssh now exists and the node runtime either
uses it or specifies the required flags wherever it invokes ssh commands.
As a result, ssh in head gear will use standard ssh from /usr/bin/ssh
which doesn't have -q flag.

Bug 1082610
Link <https://bugzilla.redhat.com/show_bug.cgi?id=1082610>

Signed-off-by: Vu Dinh <vdinh>

--- Additional comment from Meng Bo on 2015-12-14 04:09:12 EST ---

[app1s-bmeng.dev.rhcloud.com 566e86b650d509a439000007]\> ssh test@test
ssh: Could not resolve hostname test: Name or service not known


Issue fixed on devenv_5733.
Comment 3 Rory Thrasher 2016-02-22 21:58:59 UTC 
QE,

Can we verify that this no longer fails silently?  If we try to ssh unsuccessfully, we should see a typical error message instead of a silent failure.

Puddle: http://etherpad.corp.redhat.com/puddle-2-2-2016-02-19

Thank you
Comment 4 Gaoyun Pei 2016-02-26 06:41:42 UTC 
Checked with puddle 2.2/2016-02-25.2

[test1-yes.ose22-auto.com.cn yes-test1-1]\> ssh test@test
ssh: Could not resolve hostname test: Name or service not known
[test1-yes.ose22-auto.com.cn yes-test1-1]\> ssh foo
ssh: Could not resolve hostname foo: Name or service not known

Warning is given out when ssh into non-existing hosts inside a gear.
Comment 6 errata-xmlrpc 2016-03-22 16:54:37 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-0489.html