Description of problem: Having local ssh configuration for ProxyCommand that contains "nc" like: # cat /usr/share/foreman-proxy/.ssh/config Host proxyserver ProxyCommand Host * ProxyCommand ssh -q -i /usr/share/foreman-proxy/.ssh/id_rsa_foreman_proxy proxyrex@proxyserver nc %h %p # then invoking and REX job leaves one ssh zombie proces. smart_proxy_dynflow_core service must be restarted to clean the ssh defunct processes Version-Release number of selected component (if applicable): Sat 6.2.9 How reproducible: 100% Steps to Reproduce: 1. Have above-like ssh config 2. Run a REX job - it can fail or succeed, it doesnt matter. Even it can fail due to wrongly set .ssh/config, that does not matter either. 3. Check ssh processes on the Satellite/Capsule that invoked the ssh commands Actual results: # ps aux | grep defunct foreman+ 24776 0.0 0.0 0 0 ? Z 13:06 0:00 [ssh] <defunct> foreman+ 24848 0.0 0.0 0 0 ? Z 13:07 0:00 [ssh] <defunct> root 24856 0.0 0.0 112652 964 pts/0 S+ 13:07 0:00 grep --color=auto defunct # (each REX job adds one such defunct process) Expected results: # ps aux | grep defunct root 24856 0.0 0.0 112652 964 pts/0 S+ 13:07 0:00 grep --color=auto defunct # Additional info:
Also tested without nc: ProxyCommand ssh -q -i /usr/share/foreman-proxy/.ssh/id_rsa_foreman_proxy proxyrex@proxyserver -W %h:%p and same results.
Created redmine issue http://projects.theforeman.org/issues/20018 from this bug
Upstream bug assigned to aruzicka
VERIFIED. @satellite-6.3.0-22.0.el7sat.noarch tfm-rubygem-net-ssh-4.0.1-2.el7sat.noarch by the manual reproducer described in comment#0: 3. Check ssh processes on the Satellite/Capsule that invoked the ssh commands # ps aux | grep defunct root 11619 0.0 0.0 112660 968 pts/0 S+ 03:09 0:00 grep --color=auto defunct >>> after running rex jobs there are no remaining defunct ssh processes
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:0336