Description of problem: routing-daemon not removing var/tmp/*.key and var/tmp/*.crt when username is not set to admin in etc/openshift/routing-daemon.conf Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1.Set the following in etc/openshift/routing-daemon.conf BIGIP_HOST=F5LTM BIGIP_USERNAME=ose BIGIP_PASSWORD=xxxxxxx BIGIP_SSHKEY=/etc/openshift/bigip.key 2. After setting up and installing a custom alias with a certificate and key, the routing daemon reports that itβs removing both temp key and cert: D, [2015-05-27T09:32:04.687843 #25771] DEBUG -- : LTM removing temporary alias certificate. rm -f /var/tmp/www.example.com.crt D, [2015-05-27T09:32:09.921415 #25771] DEBUG -- : LTM removing temporary alias key. rm -f /var/tmp/www.example.com.key However, the removal of the temp key does not work. This is verified by looking in /var/tmp/ on the BigIP F% LTM. Actual results: -Logs say they are deleted but nothing is deleted Expected results: -Logs get deleted Additional info: Submitted a pull request to upstream: https://github.com/openshift/origin-server/pull/6156
Commit pushed to master at https://github.com/openshift/origin-server https://github.com/openshift/origin-server/commit/3ffc5111d90914a6ee96acb61e6e680eb39abd48 routing-daemon: F5: Use configured SSH user This commit fixes bug 1227501.
The following error message was reported during testing. The cert can be added. so the further testing was blocked. W, [2015-09-21T11:19:55.561163 #12237] WARN -- : Got an exception: undefined method `wrap_exceptions' for #<Hash:0x00000001a6acd8> D, [2015-09-21T11:19:55.561250 #12237] DEBUG -- : Backtrace: /opt/rh/ruby193/root/usr/share/gems/gems/openshift-origin-routing-daemon-0.25.1.1/lib/openshift/routing/models/f5-icontrol-rest.rb:63:in `rescue in rest_request' /opt/rh/ruby193/root/usr/share/gems/gems/openshift-origin-routing-daemon-0.25.1.1/lib/openshift/routing/models/f5-icontrol-rest.rb:56:in `rest_request' /opt/rh/ruby193/root/usr/share/gems/gems/openshift-origin-routing-daemon-0.25.1.1/lib/openshift/routing/models/f5-icontrol-rest.rb:87:in `post' /opt/rh/ruby193/root/usr/share/gems/gems/openshift-origin-routing-daemon-0.25.1.1/lib/openshift/routing/models/f5-icontrol-rest.rb:348:in `update' /opt/rh/ruby193/root/usr/share/gems/gems/openshift-origin-routing-daemon-0.25.1.1/lib/openshift/routing/controllers/load_balancer.rb:143:in `update'
Verified and pass. 1 Create scaled applications 2 Add alias and add cert key. rhc alias add sphp www.appsphpalias.com rhc alias update-cert --certificate server.crt --private-key server.key sphp www.appsphpalias.com 3. Check the log, the temp key was removed. I, [2015-09-24T05:44:31.354568 #2913] INFO -- : Adding ssl configuration for www.sphp-ose2alias.com in pool pool_ose_sphp_demod1_80 D, [2015-09-24T05:44:31.357219 #2913] DEBUG -- : Copying certificate for alias www.sphp-ose2alias.com for pool pool_ose_sphp_demod1_80 to LTM host D, [2015-09-24T05:44:31.706527 #2913] DEBUG -- : Copying key for alias www.sphp-ose2alias.com for pool pool_ose_sphp_demod1_80 to LTM host D, [2015-09-24T05:44:31.962057 #2913] DEBUG -- : LTM cert to be installed /var/tmp/www.sphp-ose2alias.com.crt D, [2015-09-24T05:44:32.085559 #2913] DEBUG -- : LTM cert to be installed /var/tmp/www.sphp-ose2alias.com.key D, [2015-09-24T05:44:32.161252 #2913] DEBUG -- : LTM creating client-ssl profile for www.sphp-ose2alias.com D, [2015-09-24T05:44:32.240973 #2913] DEBUG -- : LTM adding www.sphp-ose2alias.com-ssl-profile client-ssl to https-ose2-vserver D, [2015-09-24T05:44:32.323537 #2913] DEBUG -- : LTM removing temporary alias certificate D, [2015-09-24T05:44:32.487678 #2913] DEBUG -- : LTM removing temporary alias key 4.The key/crt are added to Local Traffic->Profiles->ssl->Client. The key was added in the https vserver. 5. Delete this app, the key was dropped. #v-I, [2015-09-24T05:17:55.199392 #766] INFO -- : Deleting alias www.appsphpalias.com from pool pool_ose_sphp_demod1_80
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2015-1844.html