Bug 2100237

Summary: cephadm user/home removed during RPM upgrade
Product: [Fedora] Fedora Reporter: Scott Shambarger <scott-fedora>
Component: cephAssignee: Kaleb KEITHLEY <kkeithle>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 35CC: branto, danmick, david, fedora, i, josef, kkeithle, loic, ramkrsna, steve
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ceph-16.2.9-2.fc35 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-07-02 01:19:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Scott Shambarger 2022-06-22 19:34:22 UTC 
Description of problem:
Upgrading the cephadm package removes the cephadm user (and home directory), which removes the ~cephadm/.ssh/authorized_keys file, causing the node to appear offline in the orchestrator.

Version-Release number of selected component (if applicable):
cephadm-16.2.7-3.fc35.noarch

How reproducible:
Always when upgrading the cephadm package from a prior release.

Steps to Reproduce:
1. Install cephadm
2. Install ssh public keys in ~cephadm/.ssh/authorized_keys
3. Upgrade cephadm

Actual results:
~cephadm home directory is removed

Expected results:
~cephadm/.ssh/authorized_keys should remain unchanged.

Additional info:
I've reported this upstream at https://tracker.ceph.com/issues/55664 (now fixed)

To fix the Fedora rpm spec, two patches are required... (both applied to ceph master and being backported)

# only remove cephadm user on uninstall:
https://github.com/ceph/ceph/pull/46272

# correctly mark ~cephadm/.ssh/authorized_keys as config(noreplace):
https://github.com/ceph/ceph/pull/45347

For ref: there is also a bug for this issue fixed in Red Hat Ceph Storage: https://bugzilla.redhat.com/show_bug.cgi?id=2013085
Comment 1 Fedora Update System 2022-06-23 11:40:15 UTC 
FEDORA-2022-8c9a42cf02 has been submitted as an update to Fedora 35. https://bodhi.fedoraproject.org/updates/FEDORA-2022-8c9a42cf02
Comment 2 Scott Shambarger 2022-06-23 20:01:05 UTC 
Looks good, worked on second reinstall (of course, during upgrade from previous version, cephadm was still removed as the bug was still present in the old package... but that's to be expected)
Comment 3 Fedora Update System 2022-06-24 02:22:17 UTC 
FEDORA-2022-8c9a42cf02 has been pushed to the Fedora 35 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-8c9a42cf02`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-8c9a42cf02

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 4 Fedora Update System 2022-07-02 01:19:58 UTC 
FEDORA-2022-8c9a42cf02 has been pushed to the Fedora 35 stable repository.
If problem still persists, please make note of it in this bug report.