Bug 971685

Description of problem:
When the additional supplementary group for a user is is set via GEAR_SUPL_GRPS in /etc/openshift/node.conf, creating an application in the node results to failure in cloning the app's git repo and inability to ssh to the app. 

Commit: https://github.com/openshift/origin-server/pull/2005/files

How reproducible:
Always

Steps to Reproduce:
1. vi /etc/openshift/node.conf in the current node
2. Set variable GEAR_SUPL_GRPS to an existing group:
    GEAR_SUPL_GRPS="wheel"
3. Create an application in the node
    rhc create app <appName> <appType>
4. Attempt to ssh to the application

Actual results:
For Step 3. (under Steps to Reproduce), creating an application in the node results to the following:
[root@ip-10-38-13-78 ~]# rhc app create rubyAppTest ruby-1.9
Application Options
-------------------
  Namespace:  nimbus
  Cartridges: ruby-1.9
  Gear Size:  default
  Scaling:    no

Creating application 'rubyAppTest' ... done

Waiting for your DNS name to be available ... done

Downloading the application Git repository ...
Initialized empty Git repository in /root/rubyapptest/.git/
The authenticity of host 'rubyapptest-nimbus.dev.rhcloud.com (10.38.13.78)' can't be established.
RSA key fingerprint is d8:48:6b:4e:bb:0f:9c:37:df:42:03:d4:80:22:6d:b1.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'rubyapptest-nimbus.dev.rhcloud.com' (RSA) to the list of known hosts.
fatal: protocol error: bad line length character: Inva

Unable to clone your repository. Called Git with: git clone ssh://c32fb9bacf3a11e2a33812313d2722a4.rhcloud.com/~/git/rubyapptest.git/
"rubyapptest"

rubyapptest @ http://rubyapptest-nimbus.dev.rhcloud.com/ (uuid: c32fb9bacf3a11e2a33812313d2722a4)
-------------------------------------------------------------------------------------------------
  Created: 2:23 AM
  Gears:   1 (defaults to small)
  Git URL: ssh://c32fb9bacf3a11e2a33812313d2722a4.rhcloud.com/~/git/rubyapptest.git/
  SSH:     c32fb9bacf3a11e2a33812313d2722a4.rhcloud.com

  ruby-1.9 (Ruby 1.9)
  -------------------
    Gears: 1 small

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING:  Your application was created successfully but had problems during
          configuration. Below is a list of the issues and steps you can
          take to complete the configuration of your application.

  Application URL: http://rubyapptest-nimbus.dev.rhcloud.com/

  Issues:
    1. We were unable to clone your application's git repo - Unable to clone your repository. Called Git with: git clone
ssh://c32fb9bacf3a11e2a33812313d2722a4.rhcloud.com/~/git/rubyapptest.git/ "rubyapptest"

  Steps to complete your configuration:
    1. Clone your git repo
      $ rhc git-clone rubyapptest

  If you can't get your application 'rubyapptest' running in the browser,
  you can try destroying and recreating the application:

    $ rhc app delete rubyapptest --confirm

  If this doesn't work for you, let us know in the forums or in IRC and we'll
  make sure to get you up and running.

    Forums - https://www.openshift.com/forums/openshift
    IRC - #openshift (on Freenode)

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!


After attempting to clone git repo as suggested in step 1 ('rhc git-clone rubyapptest'), the response output cloning is:

[root@ip-10-38-13-78 ~]# rhc git-clone rubyapptest
Initialized empty Git repository in /root/rubyapptest/.git/
fatal: protocol error: bad line length character: Inva
Unable to clone your repository. Called Git with: git clone ssh://c32fb9bacf3a11e2a33812313d2722a4.rhcloud.com/~/git/rubyapptest.git/
"rubyapptest"


For Step 4 under the (under Steps to Reproduce),attempting to ssh to the app results to

[root@ip-10-38-13-78 ~]# ssh c32fb9bacf3a11e2a33812313d2722a4.rhcloud.com
Invalid context: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023, expected unconfined_u:system_r:openshift_t:s0:c0,c504

Connection to rubyapptest-nimbus.dev.rhcloud.com closed.


Expected results:
App should be created successfully without any warning about git repo not being cloned and ssh access to the app should be allowed


Additional info:
The /etc/group in the node is updated correctly 
  wheel:x:10:root,c32fb9bacf3a11e2a33812313d2722a4

Running groups <user> in the node also shows the group being added

[root@ip-10-38-13-78 ~]# groups c32fb9bacf3a11e2a33812313d2722a4
c32fb9bacf3a11e2a33812313d2722a4 : c32fb9bacf3a11e2a33812313d2722a4 wheel



When the GEAR_SUPL_GRPS is commented out,  (#GEAR_SUPL_GRPS="wheel") and another application is created, the result from creating a new app is:
RESULT:
Application rubyapptest2 was created.
The cartridge ruby deployed a template application

and ssh access to rubyapptest2 is successful.


Running 'usermod -a -G wheel 51b17f14160d2c130600000a' (after a new app is created and the GEAR_SUPL_GRPS is commented out) and trying to ssh to the app results to the same ssh error:

[root@ip-10-38-13-78 ~]# ssh 51b17f14160d2c130600000a.rhcloud.com
Invalid context: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023, expected unconfined_u:system_r:openshift_t:s0:c0,c505

Connection to rubyapptest2-nimbus.dev.rhcloud.com closed.