Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1169324

Summary: routing-daemon unable to delete ssl cert private key.
Product: OpenShift Container Platform Reporter: Johnny Liu <jialiu>
Component: NodeAssignee: Miciah Dashiel Butler Masters <mmasters>
Status: CLOSED ERRATA QA Contact: libra bugs <libra-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 2.2.0CC: adellape, bleanhar, calfonso, jokerman, libra-onpremise-devel, mmasters, mmccomas
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: rubygem-openshift-origin-routing-daemon-0.20.2.5-1.el6op Doc Type: Bug Fix
Doc Text:
When using the routing daemon with an nginx router, the routing daemon previously did not properly delete SSL certificates for applications when the "rhc alias delete-cert" command was invoked by a user. The command reported a successful deletion, however the certificate was still in place. This was due to a bug in the routing daemon's nginx back end. This bug fix updates the routing daemon to correct this issue, and as a result SSL certificates are now properly deleted in this scenario. After applying this update, the openshift-routing-daemon service must be restarted.
 Story Points: ---
Clone Of:
: 1169392 (view as bug list) Environment:
Last Closed: 2014-12-10 13:25:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1169392    
Bug Blocks:    

Description Johnny Liu 2014-12-01 10:43:12 UTC 
Description of problem:
$ rhc alias update-cert scaruby20app www.app1.com --certificate server.crt --private-key server.key
SSL certificate successfully added.

$ rhc alias delete-cert scaruby20app www.app1.com --confirm
SSL certificate successfully deleted.

Go to /opt/rh/nginx16/root/etc/nginx/conf.d:
# ll
total 20
-rw-rw-rw-. 1 root root  373 Dec  1 17:54 alias_pool_ose_scaruby20app_jialiu_80_ha-scaruby20app-jialiu.example.com.conf
-rw-rw-rw-. 1 root root  329 Dec  1 18:39 alias_pool_ose_scaruby20app_jialiu_80_www.app1.com.conf
-rw-rw-rw-. 1 root root  105 Dec  1 18:09 pool_ose_scaruby20app_jialiu_80.conf
-rw-rw-rw-. 1 root root  315 Nov 27 14:52 server.conf
-rw-rw-rw-. 1 root root 1675 Dec  1 18:39 www.app1.com.key

www.app1.com.key is still be there.

The following backtrace is seen:
==> /var/log/openshift/routing-daemon.log <==
D, [2014-12-01T18:39:53.145217 #10580] DEBUG -- : Received message ID:node2.ose22-auto.com.cn-27243-1417420618371-5:27:-1:1:1:
#v+
---
:action: :remove_ssl
:app_name: scaruby20app
:namespace: jialiu
:alias: www.app1.com

#v-
I, [2014-12-01T18:39:53.145830 #10580]  INFO -- : Deleting ssl configuration for www.app1.com in pool pool_ose_scaruby20app_jialiu_80
D, [2014-12-01T18:39:53.146083 #10580] DEBUG -- : Removing SSL configuration for alias www.app1.com for pool pool_ose_scaruby20app_jialiu_80
W, [2014-12-01T18:39:53.146477 #10580]  WARN -- : Got an exception: uninitialized constant OpenShift::NginxLoadBalancerModel::FIle
D, [2014-12-01T18:39:53.146562 #10580] DEBUG -- : Backtrace:
/opt/rh/ruby193/root/usr/share/gems/gems/openshift-origin-routing-daemon-0.20.2.4/lib/openshift/routing/models/nginx.rb:220:in `remove_ssl'
/opt/rh/ruby193/root/usr/share/gems/gems/openshift-origin-routing-daemon-0.20.2.4/lib/openshift/routing/controllers/simple.rb:67:in `remove_ssl'
/opt/rh/ruby193/root/usr/share/gems/gems/openshift-origin-routing-daemon-0.20.2.4/lib/openshift/routing/daemon.rb:405:in `remove_ssl'
/opt/rh/ruby193/root/usr/share/gems/gems/openshift-origin-routing-daemon-0.20.2.4/lib/openshift/routing/daemon.rb:265:in `handle'
/opt/rh/ruby193/root/usr/share/gems/gems/openshift-origin-routing-daemon-0.20.2.4/lib/openshift/routing/daemon.rb:227:in `listen'
/etc/init.d/openshift-routing-daemon:94:in `block (2 levels) in <main>'
/opt/rh/ruby193/root/usr/share/gems/gems/daemons-1.0.10/lib/daemons/application.rb:215:in `call'
/opt/rh/ruby193/root/usr/share/gems/gems/daemons-1.0.10/lib/daemons/application.rb:215:in `block in start_proc'
/opt/rh/ruby193/root/usr/share/gems/gems/daemons-1.0.10/lib/daemons/daemonize.rb:192:in `call'
/opt/rh/ruby193/root/usr/share/gems/gems/daemons-1.0.10/lib/daemons/daemonize.rb:192:in `call_as_daemon'
/opt/rh/ruby193/root/usr/share/gems/gems/daemons-1.0.10/lib/daemons/application.rb:219:in `start_proc'
/opt/rh/ruby193/root/usr/share/gems/gems/daemons-1.0.10/lib/daemons/application.rb:255:in `start'
/opt/rh/ruby193/root/usr/share/gems/gems/daemons-1.0.10/lib/daemons/controller.rb:69:in `run'
/opt/rh/ruby193/root/usr/share/gems/gems/daemons-1.0.10/lib/daemons.rb:188:in `block in run_proc'
/opt/rh/ruby193/root/usr/share/gems/gems/daemons-1.0.10/lib/daemons/cmdline.rb:105:in `call'
/opt/rh/ruby193/root/usr/share/gems/gems/daemons-1.0.10/lib/daemons/cmdline.rb:105:in `catch_exceptions'
/opt/rh/ruby193/root/usr/share/gems/gems/daemons-1.0.10/lib/daemons.rb:187:in `run_proc'
/etc/init.d/openshift-routing-daemon:93:in `block in <main>'
/etc/init.d/openshift-routing-daemon:37:in `block (2 levels) in locked'
/opt/rh/ruby193/root/usr/share/gems/gems/openshift-origin-common-1.29.1.1/lib/openshift-origin-common/utils/path_utils.rb:94:in `block in flock'
/opt/rh/ruby193/root/usr/share/gems/gems/openshift-origin-common-1.29.1.1/lib/openshift-origin-common/utils/path_utils.rb:88:in `open'
/opt/rh/ruby193/root/usr/share/gems/gems/openshift-origin-common-1.29.1.1/lib/openshift-origin-common/utils/path_utils.rb:88:in `flock'
/etc/init.d/openshift-routing-daemon:36:in `block in locked'
/opt/rh/ruby193/root/usr/share/ruby/timeout.rb:69:in `timeout'
/etc/init.d/openshift-routing-daemon:35:in `locked'
/etc/init.d/openshift-routing-daemon:80:in `<main>'



Version-Release number of selected component (if applicable):
rubygem-openshift-origin-routing-daemon-0.20.2.4-1.el6op.noarch

How reproducible:
Always

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Miciah Dashiel Butler Masters 2014-12-01 14:35:45 UTC 
PR: https://github.com/openshift/origin-server/pull/5991
Comment 2 Miciah Dashiel Butler Masters 2014-12-01 14:36:39 UTC 
Whoops, ignore the previous comment.

PR: https://github.com/openshift/enterprise-server/pull/455
Comment 5 Johnny Liu 2014-12-03 06:27:42 UTC 
Verified this bug with rubygem-openshift-origin-routing-daemon-0.20.2.5-1.el6op.noarch, and PASS.

alias ssl cert private ssl key could be deleted now, and no error is seen in service log.
Comment 7 errata-xmlrpc 2014-12-10 13:25:47 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2014-1978.html