Bug 1024706 - Message of the day doesn't appear for root user in devenv
Message of the day doesn't appear for root user in devenv
Status: CLOSED WONTFIX
Product: OpenShift Online
Classification: Red Hat
Component: Command Line Interface (Show other bugs)
2.x
Unspecified Unspecified
low Severity low
: ---
: ---
Assigned To: Jordan Liggitt
libra bugs
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-30 05:43 EDT by weiwei jiang
Modified: 2016-10-30 18:53 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-11-20 08:36:06 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
the script which help setup a kerberos server (1.29 KB, application/x-shellscript)
2013-10-30 05:43 EDT, weiwei jiang
no flags Details

  None (edit)
Description weiwei jiang 2013-10-30 05:43:36 EDT
Created attachment 817373 [details]
the script which help setup a kerberos server

Description of problem:
when ssh in the app with kerberos ticket, duplicate messages show up.

# rhc ssh app
Connecting to 5270cf47e97c04dfc1000008@app-y.dev.rhcloud.com ...
Last login: Wed Oct 30 05:25:36 2013 from 10.238.185.170

*********************************************************************

You are accessing a service that is for use only by authorized users.  
If you do not have authorization, discontinue use at once. 
Any use of the services is subject to the applicable terms of the 
agreement which can be found at: 
https://openshift.redhat.com/app/legal

*********************************************************************





    *********************************************************************

    You are accessing a service that is for use only by authorized users.  
    If you do not have authorization, discontinue use at once. 
    Any use of the services is subject to the applicable terms of the 
    agreement which can be found at: 
    https://www.openshift.com/legal

    *********************************************************************

    Welcome to OpenShift shell

    This shell will assist you in managing OpenShift applications.

    !!! IMPORTANT !!! IMPORTANT !!! IMPORTANT !!!
    Shell access is quite powerful and it is possible for you to
    accidentally damage your application.  Proceed with care!
    If worse comes to worst, destroy your application with "rhc app delete"
    and recreate it
    !!! IMPORTANT !!! IMPORTANT !!! IMPORTANT !!!

    Type "help" for more info.


Version-Release number of selected component (if applicable):
devenv_3966

How reproducible:
always

Steps to Reproduce:
1.run attachment script on instance
2.create an app
3.remove all other type sshkeys
4.add a krb5-principal type sshkey
5.change the selinux context
chcon -t krb5_home_t /var/lib/openshift/$gear_id/.k5login
6.initialize a ticket for the krb5-principal sshkey content
6.ssh into the app

Actual results:
# rhc ssh app
Connecting to 5270cf47e97c04dfc1000008@app-y.dev.rhcloud.com ...
Last login: Wed Oct 30 05:25:36 2013 from 10.238.185.170

*********************************************************************

You are accessing a service that is for use only by authorized users.  
If you do not have authorization, discontinue use at once. 
Any use of the services is subject to the applicable terms of the 
agreement which can be found at: 
https://openshift.redhat.com/app/legal

*********************************************************************





    *********************************************************************

    You are accessing a service that is for use only by authorized users.  
    If you do not have authorization, discontinue use at once. 
    Any use of the services is subject to the applicable terms of the 
    agreement which can be found at: 
    https://www.openshift.com/legal

    *********************************************************************

    Welcome to OpenShift shell

    This shell will assist you in managing OpenShift applications.

    !!! IMPORTANT !!! IMPORTANT !!! IMPORTANT !!!
    Shell access is quite powerful and it is possible for you to
    accidentally damage your application.  Proceed with care!
    If worse comes to worst, destroy your application with "rhc app delete"
    and recreate it
    !!! IMPORTANT !!! IMPORTANT !!! IMPORTANT !!!

    Type "help" for more info.

Expected results:
It should not display duplicate messages

Additional info:
Comment 1 Mark Lamourine 2013-10-30 11:11:24 EDT
Actually, it appears that the kerberos 5 login is behaving correctly.

The first (non-indented) message comes from /etc/motd.  This is the system login message.  The second is produced by /usr/bin/rhcsh, the OpenShift "restricted shell".  These are two separate messages, that happen, in the devenv to have identical messages except for the indentation.

Logins with the SSH authorized key do not produce the system message of the day.
Comment 2 Mark Lamourine 2013-10-30 11:21:23 EDT
PR 4019 will eliminate duplicate calls to oo-trap-user

https://github.com/openshift/origin-server/pull/4019

The motd has been suppressed for SSH authorized_keys logins by the inclusion of a command= clause in the key entries.  This indicates to SSH that the command will be connected to a pipe from the client so the MOTD would be noise.

The kerberos logins do not use anything like the command= and so normal shell logins include the system MOTD as well as the rhcsh banner.  Other remote commands will not show the banner as SSH will again suppress the MOTD for inbound SSH logins which include a command to run on the server host. (ala rsync etc).
Comment 3 Mark Lamourine 2013-10-30 11:23:43 EDT
The presentation of the MOTD banner for shell logins is correct.  The apparent duplicate is because the top of the rhcsh banner is identical to the devenv /etc/motd contents.

This is the expected behavior, though we may want to change the contents of the /etc/motd to avoid the appearance of duplicate output.
Comment 4 Jordan Liggitt 2013-10-30 12:52:23 EDT
We can turn off system motd behavior for the devenv, so that rhcsh is the only way it gets output.
Comment 5 Jordan Liggitt 2013-10-30 12:58:01 EDT
Turned off system-generated message of the day in devenv, now rhcsh is the only script that will output it, which makes kerberos auth and ssh auth behave consistently.

Merged in https://github.com/openshift/li/pull/2065
Comment 6 openshift-github-bot 2013-10-30 15:42:09 EDT
Commit pushed to master at https://github.com/openshift/li

https://github.com/openshift/li/commit/7403a637ba6a14ac1592e8070f5bfe1b14b71b8d
Fix bug 1024706 - turn off message of the day for devenv
Comment 7 weiwei jiang 2013-10-31 00:56:09 EDT
Tried on devenv_3973 and it can solve this issue, but when ssh into the instance, the legal banner message is missing if fix like this.

# ssh -i libra-new.pem ec2-23-23-43-202.compute-1.amazonaws.com
[root@ip-10-244-134-36 ~]#

# rhc ssh php
Connecting to 5271dfcb0ad1743f4a000007@php-y.dev.rhcloud.com ...

    *********************************************************************

    You are accessing a service that is for use only by authorized users.  
    If you do not have authorization, discontinue use at once. 
    Any use of the services is subject to the applicable terms of the 
    agreement which can be found at: 
    https://www.openshift.com/legal

    *********************************************************************

    Welcome to OpenShift shell

    This shell will assist you in managing OpenShift applications.

    !!! IMPORTANT !!! IMPORTANT !!! IMPORTANT !!!
    Shell access is quite powerful and it is possible for you to
    accidentally damage your application.  Proceed with care!
    If worse comes to worst, destroy your application with "rhc app delete"
    and recreate it
    !!! IMPORTANT !!! IMPORTANT !!! IMPORTANT !!!

    Type "help" for more info.


[php-y.dev.rhcloud.com 5271dfcb0ad1743f4a000007]\>
Comment 8 Jordan Liggitt 2013-11-08 10:08:46 EST
SSHing into the devenv as root no longer displays message of the day.

SSHing into a gear works because rhcsh handles printing the message of the day
Comment 9 Jordan Liggitt 2013-11-20 08:36:06 EST
If we want the message of the day to appear consistently for gear users using kerberos or publickey auth, this is the solution we have to use.

Note You need to log in before you can comment on or make changes to this bug.