Description of problem: oo-admin-repair --ssh-keys cannot fix the mismatch when the ssh key exists on node but does not exist in mongodb. Version-Release number of selected component (if applicable): devenv_5597 How reproducible: always Steps to Reproduce: 1. Add ssh key to user and create app $ rhc sshkey add default .ssh/id_rsa.pub $ rhc app create app1 php-5.4 2. Modify the authorized_keys in the gear via root user change the *-default to any others 3. Remove the ssh key from user $ rhc sshkey remove default 4. oo-admin-chk to check will report that the ssh key mismatches on node and mongodb 5. Use oo-admin-repair --ssh-keys to repair the issue Actual results: It will report success but the issue was not fixed. Expected results: Should fix the ssh key issues indeed. Additional info: bash-4.1# oo-admin-repair --ssh-keys -v Started at: 2015-08-06 08:16:44 UTC Total gears found in mongo: 1 Checking application gears and ssh keys on corresponding nodes 55c31544b106caa2db0000b4...FAIL Checking stale ssh keys and environment variables in mongo Gear '55c31544b106caa2db0000b4' has key with hash 'def6e240c923c0f5cbd76dac6ed9688c' and comment 'OPENSHIFT-55c31544b106caa2db0000b4-55c2fc8ef00e771d16000001-de' on the node but not in mongo. Fixing ssh key inconsistencies for all affected applications Finished at: 2015-08-06 08:17:05 UTC Total time: 20.969s SUCCESS bash-4.1# oo-admin-chk -l1 Started at: 2015-08-06 08:18:09 UTC User data populated in 0 seconds Domain data populated in 0 seconds District data populated in 0 seconds Total gears found in mongo: 1 Application data populated in 0 seconds Usage data populated in 0 seconds Fetched all gears in 20 seconds Total gears found on the nodes: 1 Total nodes that responded: 1 Checked application gears on nodes in 0 seconds Checked application gears on nodes (reverse match) in 0 seconds Checked consumed gears inconsistencies in 0 seconds Checked ssh keys inconsistencies in 20 seconds Checked stale ssh keys in 0 seconds Checked district inconsistencies in 0 seconds Checked domain allowed gear sizes inconsistencies in 0 seconds Checked user gear sizes inconsistencies in 0 seconds Checked gear usage inconsistencies in 0 seconds Checked storage usage inconsistencies in 0 seconds Checked premium cart usage inconsistencies in 0 seconds Checked usage record inconsistencies in 0 seconds Checked user plan inconsistencies in 0 seconds Finished at: 2015-08-06 08:18:50 UTC Total time: 41.083s Gear '55c31544b106caa2db0000b4' has key with hash 'def6e240c923c0f5cbd76dac6ed9688c' and comment 'OPENSHIFT-55c31544b106caa2db0000b4-55c2fc8ef00e771d16000001-de' on the node but not in mongo. FAILED Please refer to the oo-admin-repair tool to resolve some of these inconsistencies. bash-4.1# [root@ip-10-182-121-69 55c31544b106caa2db0000b4]# cat .ssh/authorized_keys command="OPENSHIFT_LOGIN=bmeng /usr/bin/oo-trap-user",no-X11-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvk6aI6mJplA2BqfLaf6XheT26VQvvVhToSWGEl09+tZ/pVLBiZf+tDX0duGj5y+ATlMKAZ/urahO4nliQ1Kjs8ZO/xHYiIrZPm9jTgLEOd5c/wQh8Nof4E/FVqQEpcqq3ZhIk3a0bODE5nHfYPUphWjgLawFqVr0eoEbXUSc4QZ8Pubet2km6/sGtaEusF4ThERBq9jLjA5q4Gt/856lCa1SXPKCBtMBRLvMt4H7RYWwLG7ahzzuxygVNUVrIdLzW+WEWWJdI5SSpBXCDsJbPwBxmJhRqkyNNzPbq5u8DY7g2eoAthtDS3wE3rWKFFNFMTScK9ANwvh3Tn+DEwBuX OPENSHIFT-55c31544b106caa2db0000b4-55c2fc8ef00e771d16000001-de
Commit pushed to master at https://github.com/openshift/origin-server https://github.com/openshift/origin-server/commit/9ea7ee4bf3fa3af74bbc513ac0afdb918367baf6 Bug 1250904 - Allow ssh keys to be replaced with an empty list https://bugzilla.redhat.com/show_bug.cgi?id=1250904 This change allows ssh and krb5 keys for a user to be replaced with an empty list of keys when no keys exist for an application.
Checked on devenv_5273, issue has been fixed.
We apologize, however, we do not plan to address this report at this time. The majority of our active development is for the v3 version of OpenShift. If you would like for Red Hat to reconsider this decision, please reach out to your support representative. We are very sorry for any inconvenience this may cause.