Description of problem: Seemingly due to changes in how the ose-f5-router images have been built between v3.9 and v3.10, the v3.10 images no longer have the openssh-clients package installed as a dependency. Version-Release number of selected component (if applicable): ose-f5-router:v3.10 images How reproducible: Always Steps to Reproduce: 1. 2. 3. Actual results: E1103 00:00:00.123456 1 f5.go:1935] Error copying certificate openshift_route_apps-something_something-nginx-https-https-cert to F5 BIG-IP. Output from scp command: Error: exec: "scp": executable file not found in $PATH Expected results: The openssh-clients package should be installed explicitly if scp is expected to be used as per the documentation. [1] [1] https://docs.openshift.com/container-platform/3.10/install_config/router/f5_router.html#deploying-the-f5-router Additional info: In the v3.9 images, the openssh-clients package is installed as a dependency as per yum history. $ sudo docker run --entrypoint "/bin/bash" -it registry.access.redhat.com/openshift3/ose-f5-router:v3.9.43-2 [root@7ad1fa1fcdc3 origin]# rpm -q openssh-clients openssh-clients-7.4p1-16.el7.x86_64 [root@7ad1fa1fcdc3 origin]# yum history info openssh-clients Loaded plugins: ovl, product-id, search-disabled-repos, subscription-manager Transaction ID : 3 Begin time : Mon Sep 10 14:53:02 2018 Begin rpmdb : 155:10dc8302c013d15bab94a403ae657ba6e0012bf8 End time : 14:53:50 2018 (48 seconds) End rpmdb : 267:126e305f6f7ce44b6689a824f57e78319e1febf3 User : System <unset> Return-Code : Success Command Line : install -y which git tar wget hostname sysvinit-tools util-linux bsdtar socat ethtool device-mapper iptables tree findutils nmap-ncat e2fsprogs xfsprogs lsof device-mapper-persistent-data ceph-common Transaction performed with: Installed rpm-4.11.3-32.el7.x86_64 @anaconda/7.5 Installed subscription-manager-1.20.11-1.el7_5.x86_64 @anaconda/7.5 Installed yum-3.4.3-158.el7.noarch @anaconda/7.5 Packages Altered: Dep-Install at-3.1.13-23.el7.x86_64 @rhel-server-rpms .... Install nmap-ncat-2:6.40-13.el7.x86_64 @rhel-server-rpms Dep-Install openssh-7.4p1-16.el7.x86_64 @rhel-server-rpms Dep-Install openssh-clients-7.4p1-16.el7.x86_64 @rhel-server-rpms Dep-Install parted-3.1-29.el7.x86_64 @rhel-server-rpms .... In the v3.10 images, the openssh-clients package is not installed at all. $ sudo docker run --entrypoint "/bin/bash" -it registry.access.redhat.com/openshift3/ose-f5-router:v3.10.45 [root@a24cbb5fcaae origin]# rpm -q openssh-clients package openssh-clients is not installed v3.9 Dockerfiles [root@ad2f5cbb85ea origin]# ls -la /root/buildinfo/ total 16 drwxr-xr-x. 2 root root 182 Sep 10 17:48 . dr-xr-x---. 3 root root 154 Aug 9 19:04 .. -rw-r--r--. 1 root root 2167 Sep 10 14:51 Dockerfile-openshift3-ose-base-v3.9.43-2 -rw-r--r--. 1 root root 1820 Sep 10 17:48 Dockerfile-openshift3-ose-f5-router-v3.9.43-2 -rw-r--r--. 1 root root 2671 Sep 10 17:02 Dockerfile-openshift3-ose-v3.9.43-2 -rw-r--r--. 1 root root 2902 Aug 9 19:04 Dockerfile-rhel7-7.5-424 v3.10 Dockerfiles [root@274ffaf88944 origin]# ls -la /root/buildinfo/ total 16 drwxr-xr-x. 2 root root 199 Sep 27 22:24 . dr-xr-x---. 3 root root 154 Aug 9 19:04 .. -rw-r--r--. 1 root root 2340 Sep 27 15:14 Dockerfile-openshift3-ose-base-v3.10.45-8 -rw-r--r--. 1 root root 2516 Sep 27 15:38 Dockerfile-openshift3-ose-control-plane-v3.10.45-7 -rw-r--r--. 1 root root 2108 Sep 27 22:24 Dockerfile-openshift3-ose-f5-router-v3.10.45-6 -rw-r--r--. 1 root root 2902 Aug 9 19:04 Dockerfile-rhel7-7.5-424
Likely related to the ose-base image changes described in https://bugzilla.redhat.com/show_bug.cgi?id=1614841
Looks like a dockerfile omission. Phil, can you take care of this (and backport to 3.10 and 3.11)?
Commit pushed to master at https://github.com/openshift/origin https://github.com/openshift/origin/commit/84a202728ecebe69535a2abefeca32c7992fcf8b Add openssh-clients package to f5-router bug: 1645755 https://bugzilla.redhat.com/show_bug.cgi?id=1645755 Signed-off-by: Phil Cameron <pcameron>
openssh-clients package is still not found in f5 router image v3.10.139 # oc get pod f5router-2-j6tkv -o yaml | grep image image: registry.reg-aws.openshift.com:443/openshift3/ose-f5-router:v3.10.139 # oc rsh f5router-2-j6tkv sh-4.2$ rpm -qa | grep openshift atomic-openshift-clients-3.10.139-1.git.0.aa29c47.el7.x86_64 atomic-openshift-3.10.139-1.git.0.aa29c47.el7.x86_64 sh-4.2$ sh-4.2$ which scp which: no scp in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin) sh-4.2$ rpm -qa | grep ssh libssh2-1.4.3-12.el7_6.2.x86_64
cherry-picked pr 21430 (comment #5) https://github.com/openshift/origin/pull/22621 into 3.10 Its out for review, when merged this bug will be fixed.
https://github.com/openshift/origin/pull/22621 MERGED
verified with atomic-openshift-3.10.149-1.git.0.05de590.el7 and issue has been fixed. # oc rsh f5router-2-lr2dn sh-4.2$ rpm -qa | grep openshift atomic-openshift-clients-3.10.149-1.git.0.05de590.el7.x86_64 atomic-openshift-3.10.149-1.git.0.05de590.el7.x86_64 sh-4.2$ sh-4.2$ rpm -qa | grep ssh libssh2-1.4.3-12.el7_6.2.x86_64 openssh-7.4p1-16.el7.x86_64 openssh-clients-7.4p1-16.el7.x86_64 sh-4.2$ sh-4.2$ which scp /usr/bin/scp sh-4.2$
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:1607