Bug 1203435 - The '--ssl-client-key-file' option does not write to servers.yml
Summary: The '--ssl-client-key-file' option does not write to servers.yml
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: oc
Version: 2.2.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: ---
Assignee: Miciah Dashiel Butler Masters
QA Contact: libra bugs
URL:
Whiteboard:
Depends On: 1187812
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-03-18 19:59 UTC by Brenton Leanhardt
Modified: 2019-04-16 14:43 UTC (History)
10 users (show)

Fixed In Version: rhc-1.35.1.1-1
Doc Type: Bug Fix
Doc Text:
Previously when running the "rhc setup" command with the "--ssl-client-key-file" option, the configuration for the SSL client key file was not written to the ~/.openshift/servers.yml file. Additionally, while using the "rhc server add" command with the "--ssl-client-key-file" option successfully wrote the key file to the servers.yml file, the output for the "rhc server list" command did not list the key file information. This bug fix updates the client tools to ensure the key file configuration is written and listed in these scenarios, and as a result adding key files with the client tools now works as expected.
Clone Of: 1187812
Environment:
Last Closed: 2015-04-06 17:06:53 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:0779 0 normal SHIPPED_LIVE Red Hat OpenShift Enterprise 2.2.5 bug fix and enhancement update 2015-04-06 21:05:45 UTC

Description Brenton Leanhardt 2015-03-18 19:59:53 UTC
+++ This bug was initially created as a clone of Bug #1187812 +++

Description of problem:
When running rhc setup with the '--ssl-client-key-file' option, the configuration for the ssl client key file is not written to the servers.yml file.

Version-Release number of selected component (if applicable):
rhc 1.34.2

How reproducible:
Always


Steps to Reproduce:
1. Provide the `rhc setup` command with a client key file:
    $ rhc setup --ssl-client-cert-file example.crt --ssl-client-key-file example.key
2. 
3.

Actual results:
Certificate file (among other options) are written to servers.yml, but the ssl client key file is not:
- server:
    hostname: broker.example.com
    nickname: example
    login: tiwillia
    use_authorization_tokens: true
    insecure: true
    ssl_client_cert_file: /home/tiwillia/example.crt


Expected results:
Both certificate and key file are written to servers.yml:
- server:
    hostname: broker.example.com
    nickname: example
    login: tiwillia
    use_authorization_tokens: true
    insecure: true
    ssl_client_cert_file: /home/tiwillia/example.crt
    ssl_client_key_file: /home/tiwillia/example.key

--- Additional comment from XiuJuan Wang on 2015-02-01 23:53:16 EST ---

Could reproduce this issue with rhc-1.34.2

And if use ‘server add’ a server with '--ssl-client-key-file' option
, the key could be written into server.yml, but can't list this parameter using 'server list'

issue:

$cat server.yml
 - server:
     hostname: broker.example.com
     nickname: example
     login: xiuwang
     use_authorization_tokens: true
     insecure: true
     ssl_client_key_file: /home/.openshift/example.key

$rhc server list 
Server 'example' (in use)
----------------------
  Hostname:        broker.example.com
  Login:           xiuwang
  Use Auth Tokens: true
  Insecure:        true

--- Additional comment from Fabiano Franz on 2015-02-02 14:40:09 EST ---

Fixed in https://github.com/openshift/rhc/pull/671

--- Additional comment from XiuJuan Wang on 2015-02-03 04:36:51 EST ---

Test with rhc-1.35.0_build from lastest code

When 'rhc setup' could writte '--ssl-client-key-file' value into server.yml, but still can't 'server list' this parameter.


$cat server.yml
 - server:
     hostname: broker.example.com
     nickname: example
     login: xiuwang
     use_authorization_tokens: true
     insecure: true
     ssl_client_key_file: /home/.openshift/example.key

$rhc server list 
Server 'example' (in use)
----------------------
  Hostname:        broker.example.com
  Login:           xiuwang
  Use Auth Tokens: true
  Insecure:        true

--- Additional comment from Fabiano Franz on 2015-02-03 17:17:51 EST ---

Fixed in https://github.com/openshift/rhc/pull/671

--- Additional comment from XiuJuan Wang on 2015-02-03 22:29:39 EST ---

Verified with rhc-1.35.0 build with code in https://github.com/openshift/rhc/pull/671
Could also 'server list' '--ssl-client-key-file' value.

Server 'server1' (in use)
-------------------------
  Hostname:                 ec2-54-166-108-190.compute-1.amazonaws.com
  Login:                    xiuwang
  Use Auth Tokens:          true
  Insecure:                 true
  SSL x509 Client Key File: /root/.openshift/cert/server.key

Thanks!

--- Additional comment from openshift-github-bot on 2015-02-07 00:28:30 EST ---

Commit pushed to master at https://github.com/openshift/rhc

https://github.com/openshift/rhc/commit/3a2a5a9dd8c37b940580742aef8132e16858f755
Bug 1187812 - must handle ssl_client_key_file in config files

Comment 3 Gaoyun Pei 2015-03-20 06:54:26 UTC
Verify this bug with rhc 1.35.1.1

1. When using 'rhc setup' with the ssl client key options, related configuration would be saving to /root/.openshift/express.conf, list clearly when running 'rhc server list'

[root@broker ~]# rhc setup -l gpei --ssl-client-cert-file /root/gpei.crt --ssl-client-key-file /root/gpei.key --ssl_ca_file /root/ca.crt
...
Saving configuration to /root/.openshift/express.conf ... done

[root@broker ~]# cat /root/.openshift/express.conf |grep -v '^#'|sort

default_rhlogin=gpei
insecure=false
libra_server=broker.ose22-manual.com.cn
ssl_ca_file=/root/ca.crt
ssl_client_cert_file=/root/gpei.crt
ssl_client_key_file=/root/gpei.key
use_authorization_tokens=true

[root@broker ~]# rhc server list
Server 'server1' (in use)
-------------------------
  Hostname:                  broker.ose22-manual.com.cn
  Login:                     gpei
  Use Auth Tokens:           true
  Insecure:                  false
  SSL x509 Client Cert File: /root/gpei.crt
  SSL x509 Client Key File:  /root/gpei.key
  SSL Cert CA File:          /root/ca.crt


2. When using ‘server add’ to setup the configuration of a server with '--ssl-client-key-file' option, the key configuration could be written into server.yml, and could be list using 'server list'.
[root@broker ~]# rhc server add broker.ose22-manual.com.cn ose --ssl-client-cert-file /root/gpei.crt  --ssl-client-key-file /root/gpei.key  --ssl-ca-file /root/ca.crt 
...
Saving server configuration to /root/.openshift/servers.yml ... done

[root@broker .openshift]# cat servers.yml 
--- 
- server: 
    login: gpei
    ssl_ca_file: /root/ca.crt
    hostname: broker.ose22-manual.com.cn
    nickname: ose
    ssl_client_key_file: /root/gpei.key
    ssl_client_cert_file: /root/gpei.crt
    use_authorization_tokens: true
    insecure: false

[root@broker .openshift]# rhc server list
Server 'ose' (in use)
---------------------
  Hostname:                  broker.ose22-manual.com.cn
  Login:                     gpei
  Use Auth Tokens:           true
  Insecure:                  false
  SSL x509 Client Cert File: /root/gpei.crt
  SSL x509 Client Key File:  /root/gpei.key
  SSL Cert CA File:          /root/ca.crt

Comment 5 errata-xmlrpc 2015-04-06 17:06:53 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0779.html


Note You need to log in before you can comment on or make changes to this bug.