Bug 1250904 - oo-admin-repair cannot fix the inconsistent ssh keys if the sshkey exists on node but does not exist in mongodb
oo-admin-repair cannot fix the inconsistent ssh keys if the sshkey exists on ...
Status: CLOSED WONTFIX
Product: OpenShift Online
Classification: Red Hat
Component: Pod (Show other bugs)
2.x
Unspecified Unspecified
medium Severity medium
: ---
: ---
Assigned To: Timothy Williams
Jianwei Hou
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-08-06 05:19 EDT by Meng Bo
Modified: 2017-05-31 14:22 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-05-31 14:22:11 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Meng Bo 2015-08-06 05:19:07 EDT
Description of problem:
oo-admin-repair --ssh-keys cannot fix the mismatch when the ssh key exists on node but does not exist in mongodb.

Version-Release number of selected component (if applicable):
devenv_5597

How reproducible:
always

Steps to Reproduce:
1. Add ssh key to user and create app
$ rhc sshkey add default .ssh/id_rsa.pub
$ rhc app create app1 php-5.4

2. Modify the authorized_keys in the gear via root user
change the *-default to any others

3. Remove the ssh key from user
$ rhc sshkey remove default

4. oo-admin-chk to check will report that the ssh key mismatches on node and mongodb

5. Use oo-admin-repair --ssh-keys to repair the issue

Actual results:
It will report success but the issue was not fixed.

Expected results:
Should fix the ssh key issues indeed.

Additional info:

bash-4.1# oo-admin-repair --ssh-keys -v
Started at: 2015-08-06 08:16:44 UTC
Total gears found in mongo: 1
Checking application gears and ssh keys on corresponding nodes
55c31544b106caa2db0000b4...FAIL
Checking stale ssh keys and environment variables in mongo
Gear '55c31544b106caa2db0000b4' has key with hash 'def6e240c923c0f5cbd76dac6ed9688c' and comment 'OPENSHIFT-55c31544b106caa2db0000b4-55c2fc8ef00e771d16000001-de' on the node but not in mongo.
Fixing ssh key inconsistencies for all affected applications

Finished at: 2015-08-06 08:17:05 UTC
Total time: 20.969s
SUCCESS


bash-4.1# oo-admin-chk -l1 
Started at: 2015-08-06 08:18:09 UTC

User data populated in 0 seconds

Domain data populated in 0 seconds

District data populated in 0 seconds

Total gears found in mongo: 1
Application data populated in 0 seconds

Usage data populated in 0 seconds

Fetched all gears in 20 seconds
Total gears found on the nodes: 1
Total nodes that responded: 1
Checked application gears on nodes in 0 seconds

Checked application gears on nodes (reverse match) in 0 seconds

Checked consumed gears inconsistencies in 0 seconds

Checked ssh keys inconsistencies in 20 seconds

Checked stale ssh keys in 0 seconds

Checked district inconsistencies in 0 seconds

Checked domain allowed gear sizes inconsistencies in 0 seconds

Checked user gear sizes inconsistencies in 0 seconds

Checked gear usage inconsistencies in 0 seconds

Checked storage usage inconsistencies in 0 seconds

Checked premium cart usage inconsistencies in 0 seconds

Checked usage record inconsistencies in 0 seconds

Checked user plan inconsistencies in 0 seconds


Finished at: 2015-08-06 08:18:50 UTC
Total time: 41.083s
Gear '55c31544b106caa2db0000b4' has key with hash 'def6e240c923c0f5cbd76dac6ed9688c' and comment 'OPENSHIFT-55c31544b106caa2db0000b4-55c2fc8ef00e771d16000001-de' on the node but not in mongo.
FAILED
Please refer to the oo-admin-repair tool to resolve some of these inconsistencies.
bash-4.1# 


[root@ip-10-182-121-69 55c31544b106caa2db0000b4]# cat .ssh/authorized_keys 
command="OPENSHIFT_LOGIN=bmeng@redhat.com /usr/bin/oo-trap-user",no-X11-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvk6aI6mJplA2BqfLaf6XheT26VQvvVhToSWGEl09+tZ/pVLBiZf+tDX0duGj5y+ATlMKAZ/urahO4nliQ1Kjs8ZO/xHYiIrZPm9jTgLEOd5c/wQh8Nof4E/FVqQEpcqq3ZhIk3a0bODE5nHfYPUphWjgLawFqVr0eoEbXUSc4QZ8Pubet2km6/sGtaEusF4ThERBq9jLjA5q4Gt/856lCa1SXPKCBtMBRLvMt4H7RYWwLG7ahzzuxygVNUVrIdLzW+WEWWJdI5SSpBXCDsJbPwBxmJhRqkyNNzPbq5u8DY7g2eoAthtDS3wE3rWKFFNFMTScK9ANwvh3Tn+DEwBuX OPENSHIFT-55c31544b106caa2db0000b4-55c2fc8ef00e771d16000001-de
Comment 1 openshift-github-bot 2015-09-02 13:34:27 EDT
Commit pushed to master at https://github.com/openshift/origin-server

https://github.com/openshift/origin-server/commit/9ea7ee4bf3fa3af74bbc513ac0afdb918367baf6
Bug 1250904 - Allow ssh keys to be replaced with an empty list

https://bugzilla.redhat.com/show_bug.cgi?id=1250904
This change allows ssh and krb5 keys for a user to be replaced with an empty list of keys when no keys exist for an application.
Comment 2 Meng Bo 2015-11-26 00:58:52 EST
Checked on devenv_5273, issue has been fixed.
Comment 3 Eric Paris 2017-05-31 14:22:11 EDT
We apologize, however, we do not plan to address this report at this time. The majority of our active development is for the v3 version of OpenShift. If you would like for Red Hat to reconsider this decision, please reach out to your support representative. We are very sorry for any inconvenience this may cause.

Note You need to log in before you can comment on or make changes to this bug.