+++ This bug was initially created as a clone of Bug #1187812 +++ Description of problem: When running rhc setup with the '--ssl-client-key-file' option, the configuration for the ssl client key file is not written to the servers.yml file. Version-Release number of selected component (if applicable): rhc 1.34.2 How reproducible: Always Steps to Reproduce: 1. Provide the `rhc setup` command with a client key file: $ rhc setup --ssl-client-cert-file example.crt --ssl-client-key-file example.key 2. 3. Actual results: Certificate file (among other options) are written to servers.yml, but the ssl client key file is not: - server: hostname: broker.example.com nickname: example login: tiwillia use_authorization_tokens: true insecure: true ssl_client_cert_file: /home/tiwillia/example.crt Expected results: Both certificate and key file are written to servers.yml: - server: hostname: broker.example.com nickname: example login: tiwillia use_authorization_tokens: true insecure: true ssl_client_cert_file: /home/tiwillia/example.crt ssl_client_key_file: /home/tiwillia/example.key --- Additional comment from XiuJuan Wang on 2015-02-01 23:53:16 EST --- Could reproduce this issue with rhc-1.34.2 And if use ‘server add’ a server with '--ssl-client-key-file' option , the key could be written into server.yml, but can't list this parameter using 'server list' issue: $cat server.yml - server: hostname: broker.example.com nickname: example login: xiuwang use_authorization_tokens: true insecure: true ssl_client_key_file: /home/.openshift/example.key $rhc server list Server 'example' (in use) ---------------------- Hostname: broker.example.com Login: xiuwang Use Auth Tokens: true Insecure: true --- Additional comment from Fabiano Franz on 2015-02-02 14:40:09 EST --- Fixed in https://github.com/openshift/rhc/pull/671 --- Additional comment from XiuJuan Wang on 2015-02-03 04:36:51 EST --- Test with rhc-1.35.0_build from lastest code When 'rhc setup' could writte '--ssl-client-key-file' value into server.yml, but still can't 'server list' this parameter. $cat server.yml - server: hostname: broker.example.com nickname: example login: xiuwang use_authorization_tokens: true insecure: true ssl_client_key_file: /home/.openshift/example.key $rhc server list Server 'example' (in use) ---------------------- Hostname: broker.example.com Login: xiuwang Use Auth Tokens: true Insecure: true --- Additional comment from Fabiano Franz on 2015-02-03 17:17:51 EST --- Fixed in https://github.com/openshift/rhc/pull/671 --- Additional comment from XiuJuan Wang on 2015-02-03 22:29:39 EST --- Verified with rhc-1.35.0 build with code in https://github.com/openshift/rhc/pull/671 Could also 'server list' '--ssl-client-key-file' value. Server 'server1' (in use) ------------------------- Hostname: ec2-54-166-108-190.compute-1.amazonaws.com Login: xiuwang Use Auth Tokens: true Insecure: true SSL x509 Client Key File: /root/.openshift/cert/server.key Thanks! --- Additional comment from openshift-github-bot on 2015-02-07 00:28:30 EST --- Commit pushed to master at https://github.com/openshift/rhc https://github.com/openshift/rhc/commit/3a2a5a9dd8c37b940580742aef8132e16858f755 Bug 1187812 - must handle ssl_client_key_file in config files
Verify this bug with rhc 1.35.1.1 1. When using 'rhc setup' with the ssl client key options, related configuration would be saving to /root/.openshift/express.conf, list clearly when running 'rhc server list' [root@broker ~]# rhc setup -l gpei --ssl-client-cert-file /root/gpei.crt --ssl-client-key-file /root/gpei.key --ssl_ca_file /root/ca.crt ... Saving configuration to /root/.openshift/express.conf ... done [root@broker ~]# cat /root/.openshift/express.conf |grep -v '^#'|sort default_rhlogin=gpei insecure=false libra_server=broker.ose22-manual.com.cn ssl_ca_file=/root/ca.crt ssl_client_cert_file=/root/gpei.crt ssl_client_key_file=/root/gpei.key use_authorization_tokens=true [root@broker ~]# rhc server list Server 'server1' (in use) ------------------------- Hostname: broker.ose22-manual.com.cn Login: gpei Use Auth Tokens: true Insecure: false SSL x509 Client Cert File: /root/gpei.crt SSL x509 Client Key File: /root/gpei.key SSL Cert CA File: /root/ca.crt 2. When using ‘server add’ to setup the configuration of a server with '--ssl-client-key-file' option, the key configuration could be written into server.yml, and could be list using 'server list'. [root@broker ~]# rhc server add broker.ose22-manual.com.cn ose --ssl-client-cert-file /root/gpei.crt --ssl-client-key-file /root/gpei.key --ssl-ca-file /root/ca.crt ... Saving server configuration to /root/.openshift/servers.yml ... done [root@broker .openshift]# cat servers.yml --- - server: login: gpei ssl_ca_file: /root/ca.crt hostname: broker.ose22-manual.com.cn nickname: ose ssl_client_key_file: /root/gpei.key ssl_client_cert_file: /root/gpei.crt use_authorization_tokens: true insecure: false [root@broker .openshift]# rhc server list Server 'ose' (in use) --------------------- Hostname: broker.ose22-manual.com.cn Login: gpei Use Auth Tokens: true Insecure: false SSL x509 Client Cert File: /root/gpei.crt SSL x509 Client Key File: /root/gpei.key SSL Cert CA File: /root/ca.crt
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-0779.html