1169324 – routing-daemon unable to delete ssl cert private key.

Bug 1169324 - routing-daemon unable to delete ssl cert private key.

Summary: routing-daemon unable to delete ssl cert private key.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Node
Sub Component:
Version:	2.2.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Miciah Dashiel Butler Masters
QA Contact:	libra bugs
Docs Contact:
URL:
Whiteboard:
Depends On:	1169392
Blocks:
TreeView+	depends on / blocked

Reported:	2014-12-01 10:43 UTC by Johnny Liu
Modified:	2014-12-10 13:25 UTC (History)
CC List:	7 users (show)
Fixed In Version:	rubygem-openshift-origin-routing-daemon-0.20.2.5-1.el6op
Doc Type:	Bug Fix
Doc Text:	When using the routing daemon with an nginx router, the routing daemon previously did not properly delete SSL certificates for applications when the "rhc alias delete-cert" command was invoked by a user. The command reported a successful deletion, however the certificate was still in place. This was due to a bug in the routing daemon's nginx back end. This bug fix updates the routing daemon to correct this issue, and as a result SSL certificates are now properly deleted in this scenario. After applying this update, the openshift-routing-daemon service must be restarted.
Clone Of:
Clones:	1169392 (view as bug list)
Environment:
Last Closed:	2014-12-10 13:25:47 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2014:1978	0	normal	SHIPPED_LIVE	Red Hat OpenShift Enterprise 2.2.2 routing daemon bug fix update	2014-12-10 18:24:14 UTC

Description Johnny Liu 2014-12-01 10:43:12 UTC

Description of problem:
$ rhc alias update-cert scaruby20app www.app1.com --certificate server.crt --private-key server.key
SSL certificate successfully added.

$ rhc alias delete-cert scaruby20app www.app1.com --confirm
SSL certificate successfully deleted.

Go to /opt/rh/nginx16/root/etc/nginx/conf.d:
# ll
total 20
-rw-rw-rw-. 1 root root  373 Dec  1 17:54 alias_pool_ose_scaruby20app_jialiu_80_ha-scaruby20app-jialiu.example.com.conf
-rw-rw-rw-. 1 root root  329 Dec  1 18:39 alias_pool_ose_scaruby20app_jialiu_80_www.app1.com.conf
-rw-rw-rw-. 1 root root  105 Dec  1 18:09 pool_ose_scaruby20app_jialiu_80.conf
-rw-rw-rw-. 1 root root  315 Nov 27 14:52 server.conf
-rw-rw-rw-. 1 root root 1675 Dec  1 18:39 www.app1.com.key

www.app1.com.key is still be there.

The following backtrace is seen:
==> /var/log/openshift/routing-daemon.log <==
D, [2014-12-01T18:39:53.145217 #10580] DEBUG -- : Received message ID:node2.ose22-auto.com.cn-27243-1417420618371-5:27:-1:1:1:
#v+
---
:action: :remove_ssl
:app_name: scaruby20app
:namespace: jialiu
:alias: www.app1.com

#v-
I, [2014-12-01T18:39:53.145830 #10580]  INFO -- : Deleting ssl configuration for www.app1.com in pool pool_ose_scaruby20app_jialiu_80
D, [2014-12-01T18:39:53.146083 #10580] DEBUG -- : Removing SSL configuration for alias www.app1.com for pool pool_ose_scaruby20app_jialiu_80
W, [2014-12-01T18:39:53.146477 #10580]  WARN -- : Got an exception: uninitialized constant OpenShift::NginxLoadBalancerModel::FIle
D, [2014-12-01T18:39:53.146562 #10580] DEBUG -- : Backtrace:
/opt/rh/ruby193/root/usr/share/gems/gems/openshift-origin-routing-daemon-0.20.2.4/lib/openshift/routing/models/nginx.rb:220:in `remove_ssl'
/opt/rh/ruby193/root/usr/share/gems/gems/openshift-origin-routing-daemon-0.20.2.4/lib/openshift/routing/controllers/simple.rb:67:in `remove_ssl'
/opt/rh/ruby193/root/usr/share/gems/gems/openshift-origin-routing-daemon-0.20.2.4/lib/openshift/routing/daemon.rb:405:in `remove_ssl'
/opt/rh/ruby193/root/usr/share/gems/gems/openshift-origin-routing-daemon-0.20.2.4/lib/openshift/routing/daemon.rb:265:in `handle'
/opt/rh/ruby193/root/usr/share/gems/gems/openshift-origin-routing-daemon-0.20.2.4/lib/openshift/routing/daemon.rb:227:in `listen'
/etc/init.d/openshift-routing-daemon:94:in `block (2 levels) in <main>'
/opt/rh/ruby193/root/usr/share/gems/gems/daemons-1.0.10/lib/daemons/application.rb:215:in `call'
/opt/rh/ruby193/root/usr/share/gems/gems/daemons-1.0.10/lib/daemons/application.rb:215:in `block in start_proc'
/opt/rh/ruby193/root/usr/share/gems/gems/daemons-1.0.10/lib/daemons/daemonize.rb:192:in `call'
/opt/rh/ruby193/root/usr/share/gems/gems/daemons-1.0.10/lib/daemons/daemonize.rb:192:in `call_as_daemon'
/opt/rh/ruby193/root/usr/share/gems/gems/daemons-1.0.10/lib/daemons/application.rb:219:in `start_proc'
/opt/rh/ruby193/root/usr/share/gems/gems/daemons-1.0.10/lib/daemons/application.rb:255:in `start'
/opt/rh/ruby193/root/usr/share/gems/gems/daemons-1.0.10/lib/daemons/controller.rb:69:in `run'
/opt/rh/ruby193/root/usr/share/gems/gems/daemons-1.0.10/lib/daemons.rb:188:in `block in run_proc'
/opt/rh/ruby193/root/usr/share/gems/gems/daemons-1.0.10/lib/daemons/cmdline.rb:105:in `call'
/opt/rh/ruby193/root/usr/share/gems/gems/daemons-1.0.10/lib/daemons/cmdline.rb:105:in `catch_exceptions'
/opt/rh/ruby193/root/usr/share/gems/gems/daemons-1.0.10/lib/daemons.rb:187:in `run_proc'
/etc/init.d/openshift-routing-daemon:93:in `block in <main>'
/etc/init.d/openshift-routing-daemon:37:in `block (2 levels) in locked'
/opt/rh/ruby193/root/usr/share/gems/gems/openshift-origin-common-1.29.1.1/lib/openshift-origin-common/utils/path_utils.rb:94:in `block in flock'
/opt/rh/ruby193/root/usr/share/gems/gems/openshift-origin-common-1.29.1.1/lib/openshift-origin-common/utils/path_utils.rb:88:in `open'
/opt/rh/ruby193/root/usr/share/gems/gems/openshift-origin-common-1.29.1.1/lib/openshift-origin-common/utils/path_utils.rb:88:in `flock'
/etc/init.d/openshift-routing-daemon:36:in `block in locked'
/opt/rh/ruby193/root/usr/share/ruby/timeout.rb:69:in `timeout'
/etc/init.d/openshift-routing-daemon:35:in `locked'
/etc/init.d/openshift-routing-daemon:80:in `<main>'



Version-Release number of selected component (if applicable):
rubygem-openshift-origin-routing-daemon-0.20.2.4-1.el6op.noarch

How reproducible:
Always

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Miciah Dashiel Butler Masters 2014-12-01 14:35:45 UTC

PR: https://github.com/openshift/origin-server/pull/5991

Comment 2 Miciah Dashiel Butler Masters 2014-12-01 14:36:39 UTC

Whoops, ignore the previous comment.

PR: https://github.com/openshift/enterprise-server/pull/455

Comment 5 Johnny Liu 2014-12-03 06:27:42 UTC

Verified this bug with rubygem-openshift-origin-routing-daemon-0.20.2.5-1.el6op.noarch, and PASS.

alias ssl cert private ssl key could be deleted now, and no error is seen in service log.

Comment 7 errata-xmlrpc 2014-12-10 13:25:47 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2014-1978.html

Note You need to log in before you can comment on or make changes to this bug.