Bug 1461088 - REX creates zombie ssh processes when ProxyCommand is used for a tunnel (Satellite 6.3)
Summary: REX creates zombie ssh processes when ProxyCommand is used for a tunnel (Sate...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Satellite
Classification: Red Hat
Component: Remote Execution
Version: 6.2.10
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: Unspecified
Assignee: Adam Ruzicka
QA Contact: Lukas Pramuk
URL:
Whiteboard:
Depends On:
Blocks: 1465787 1485297
TreeView+ depends on / blocked
 
Reported: 2017-06-13 13:28 UTC by Pavel Moravec
Modified: 2021-06-10 12:26 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1465787 1485297 (view as bug list)
Environment:
Last Closed: 2018-02-21 17:31:14 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Foreman Issue Tracker 20018 0 Normal Closed REX creates zombie ssh processes when ProxyCommand is used for a tunnel 2020-11-20 08:43:53 UTC

Description Pavel Moravec 2017-06-13 13:28:41 UTC 
Description of problem:
Having local ssh configuration for ProxyCommand that contains "nc" like:

# cat /usr/share/foreman-proxy/.ssh/config
Host proxyserver
ProxyCommand

Host *
ProxyCommand ssh -q -i /usr/share/foreman-proxy/.ssh/id_rsa_foreman_proxy proxyrex@proxyserver nc %h %p
#

then invoking and REX job leaves one ssh zombie proces.

smart_proxy_dynflow_core service must be restarted to clean the ssh defunct processes


Version-Release number of selected component (if applicable):
Sat 6.2.9


How reproducible:
100%


Steps to Reproduce:
1. Have above-like ssh config
2. Run a REX job - it can fail or succeed, it doesnt matter. Even it can fail due to wrongly set .ssh/config, that does not matter either.
3. Check ssh processes on the Satellite/Capsule that invoked the ssh commands


Actual results:
# ps aux | grep defunct
foreman+ 24776  0.0  0.0      0     0 ?        Z    13:06   0:00 [ssh] <defunct>
foreman+ 24848  0.0  0.0      0     0 ?        Z    13:07   0:00 [ssh] <defunct>
root     24856  0.0  0.0 112652   964 pts/0    S+   13:07   0:00 grep --color=auto defunct
# 

(each REX job adds one such defunct process)


Expected results:
# ps aux | grep defunct
root     24856  0.0  0.0 112652   964 pts/0    S+   13:07   0:00 grep --color=auto defunct
#


Additional info:
Comment 2 Carlos Peón 2017-06-13 13:56:17 UTC 
Also tested without nc:

ProxyCommand ssh -q -i /usr/share/foreman-proxy/.ssh/id_rsa_foreman_proxy proxyrex@proxyserver -W %h:%p

and same results.
Comment 3 Adam Ruzicka 2017-06-14 11:51:26 UTC 
Created redmine issue http://projects.theforeman.org/issues/20018 from this bug
Comment 4 Satellite Program 2017-06-19 12:05:38 UTC 
Upstream bug assigned to aruzicka
Comment 5 Satellite Program 2017-06-19 12:05:41 UTC 
Upstream bug assigned to aruzicka
Comment 6 Lukas Pramuk 2017-12-08 08:10:21 UTC 
VERIFIED.

@satellite-6.3.0-22.0.el7sat.noarch
tfm-rubygem-net-ssh-4.0.1-2.el7sat.noarch

by the manual reproducer described in comment#0:


3. Check ssh processes on the Satellite/Capsule that invoked the ssh commands

# ps aux | grep defunct
root     11619  0.0  0.0 112660   968 pts/0    S+   03:09   0:00 grep --color=auto defunct

>>> after running rex jobs there are no remaining defunct ssh processes
Comment 7 Bryan Kearney 2018-02-21 17:31:14 UTC 
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA.

For information on the advisory, and where to find the updated files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:0336
Note You need to log in before you can comment on or make changes to this bug.