Bug 996952

Summary: [origin_runtime_209] SSH key of the haproxy will not be removed from gear authorized_keys after the gear with that haproxy is down
Product: OpenShift Online Reporter: Meng Bo <bmeng>
Component: PodAssignee: Rajat Chopra <rchopra>
Status: CLOSED CURRENTRELEASE QA Contact: libra bugs <libra-bugs>
Severity: low Docs Contact:
Priority: medium    
Version: 2.xCC: abhgupta, mpatel
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-01-24 03:22:46 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Meng Bo 2013-08-14 10:59:21 UTC 
Description of problem:
Create scalable app with multiple haproxy instances, all the ssh keys will be added to each gear of the app under ~/.ssh/authorized_keys. But after the gear with haproxy cartridge is down, the keys do not be removed from gears.

Version-Release number of selected component (if applicable):
devenv_3647

How reproducible:
always

Steps to Reproduce:
1.Set multiplier to 2 and max to 5 for haproxy cartridge
2.Create scalable app
3.Scale up the app to make the haproxy run on other gears
4.Scale down the app to make haproxy down
5.Check the .ssh/authorized_keys of the remained gears

Actual results:
The ssh keys which come from the haproxy who is down will be still listed.

Expected results:
The ssh key should be removed from gears when the haproxy instance down.

Additional info:
For my example, the max haproxy instances set to 5, but when I am checking the authorized_keys on my gear, there are 12 lines remaining.

[root@ip-10-80-223-220 93adc94604b611e388e812313d1cd02e]# cat .ssh/authorized_keys |wc -l
12
Comment 1 Abhishek Gupta 2013-08-14 17:16:25 UTC 
We have never explicitly removed ssh keys added for the haproxy cartridge as we always assumed that haproxy could not be removed by user action from a scalable application.

This bug is a result of the new use case brought about by the introduction of multiple haproxies.
Comment 2 Rajat Chopra 2013-11-05 23:49:30 UTC 
Should not happen now. ssh keys are now preferably marked with gear_ids.
https://github.com/openshift/origin-server/pull/4084
Comment 3 Meng Bo 2013-11-06 08:15:40 UTC 
Checked on devenv_3993, not only for the haproxy, all the new gears will add entry to the authorized_keys.

And after gear removed, the related ssh key will be removed.

Move bug to verified.