Bug 1645755 - openssh-clients package missing from ose-f5-router:v3.10 images
Summary: openssh-clients package missing from ose-f5-router:v3.10 images
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 3.10.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ---
: 3.10.z
Assignee: Phil Cameron
QA Contact: Hongan Li
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-11-03 12:29 UTC by Brendan Mchugh
Modified: 2022-08-04 22:20 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: missing rpms Consequence: Fix: add rpms Result:
Clone Of:
Environment:
Last Closed: 2019-06-27 16:41:12 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Origin (Github) 21430 0 None None None 2018-11-14 14:28:44 UTC
Red Hat Product Errata RHBA-2019:1607 0 None None None 2019-06-27 16:41:23 UTC

Description Brendan Mchugh 2018-11-03 12:29:20 UTC
Description of problem:
Seemingly due to changes in how the ose-f5-router images have been built between v3.9 and v3.10, the v3.10 images no longer have the openssh-clients package installed as a dependency.

Version-Release number of selected component (if applicable):
ose-f5-router:v3.10 images

How reproducible:
Always

Steps to Reproduce:
1.
2.
3.

Actual results:
E1103 00:00:00.123456       1 f5.go:1935] Error copying certificate openshift_route_apps-something_something-nginx-https-https-cert to F5 BIG-IP.
	Output from scp command: 
	Error: exec: "scp": executable file not found in $PATH

Expected results:
The openssh-clients package should be installed explicitly if scp is expected to be used as per the documentation. [1]
[1] https://docs.openshift.com/container-platform/3.10/install_config/router/f5_router.html#deploying-the-f5-router

Additional info:
In the v3.9 images, the openssh-clients package is installed as a dependency as per yum history.

$ sudo docker run --entrypoint "/bin/bash" -it registry.access.redhat.com/openshift3/ose-f5-router:v3.9.43-2
[root@7ad1fa1fcdc3 origin]# rpm -q openssh-clients
openssh-clients-7.4p1-16.el7.x86_64

[root@7ad1fa1fcdc3 origin]# yum history info openssh-clients
Loaded plugins: ovl, product-id, search-disabled-repos, subscription-manager
Transaction ID : 3
Begin time     : Mon Sep 10 14:53:02 2018
Begin rpmdb    : 155:10dc8302c013d15bab94a403ae657ba6e0012bf8
End time       :            14:53:50 2018 (48 seconds)
End rpmdb      : 267:126e305f6f7ce44b6689a824f57e78319e1febf3
User           : System <unset>
Return-Code    : Success
Command Line   : install -y which git tar wget hostname sysvinit-tools util-linux bsdtar socat ethtool device-mapper iptables tree findutils nmap-ncat e2fsprogs xfsprogs lsof device-mapper-persistent-data ceph-common
Transaction performed with:
    Installed     rpm-4.11.3-32.el7.x86_64                    @anaconda/7.5
    Installed     subscription-manager-1.20.11-1.el7_5.x86_64 @anaconda/7.5
    Installed     yum-3.4.3-158.el7.noarch                    @anaconda/7.5
Packages Altered:
    Dep-Install at-3.1.13-23.el7.x86_64                                  @rhel-server-rpms
....
    Install     nmap-ncat-2:6.40-13.el7.x86_64                           @rhel-server-rpms
    Dep-Install openssh-7.4p1-16.el7.x86_64                              @rhel-server-rpms
    Dep-Install openssh-clients-7.4p1-16.el7.x86_64                      @rhel-server-rpms
    Dep-Install parted-3.1-29.el7.x86_64                                 @rhel-server-rpms
....



In the v3.10 images, the openssh-clients package is not installed at all.
$ sudo docker run --entrypoint "/bin/bash" -it registry.access.redhat.com/openshift3/ose-f5-router:v3.10.45
[root@a24cbb5fcaae origin]# rpm -q openssh-clients
package openssh-clients is not installed



v3.9 Dockerfiles
[root@ad2f5cbb85ea origin]# ls -la /root/buildinfo/
total 16
drwxr-xr-x. 2 root root  182 Sep 10 17:48 .
dr-xr-x---. 3 root root  154 Aug  9 19:04 ..
-rw-r--r--. 1 root root 2167 Sep 10 14:51 Dockerfile-openshift3-ose-base-v3.9.43-2
-rw-r--r--. 1 root root 1820 Sep 10 17:48 Dockerfile-openshift3-ose-f5-router-v3.9.43-2
-rw-r--r--. 1 root root 2671 Sep 10 17:02 Dockerfile-openshift3-ose-v3.9.43-2
-rw-r--r--. 1 root root 2902 Aug  9 19:04 Dockerfile-rhel7-7.5-424


v3.10 Dockerfiles
[root@274ffaf88944 origin]# ls -la /root/buildinfo/
total 16
drwxr-xr-x. 2 root root  199 Sep 27 22:24 .
dr-xr-x---. 3 root root  154 Aug  9 19:04 ..
-rw-r--r--. 1 root root 2340 Sep 27 15:14 Dockerfile-openshift3-ose-base-v3.10.45-8
-rw-r--r--. 1 root root 2516 Sep 27 15:38 Dockerfile-openshift3-ose-control-plane-v3.10.45-7
-rw-r--r--. 1 root root 2108 Sep 27 22:24 Dockerfile-openshift3-ose-f5-router-v3.10.45-6
-rw-r--r--. 1 root root 2902 Aug  9 19:04 Dockerfile-rhel7-7.5-424

Comment 1 Brendan Mchugh 2018-11-03 13:16:18 UTC
Likely related to the ose-base image changes described in https://bugzilla.redhat.com/show_bug.cgi?id=1614841

Comment 2 Casey Callendrello 2018-11-05 11:46:15 UTC
Looks like a dockerfile omission. Phil, can you take care of this (and backport to 3.10 and 3.11)?

Comment 5 openshift-github-bot 2018-12-13 21:39:42 UTC
Commit pushed to master at https://github.com/openshift/origin

https://github.com/openshift/origin/commit/84a202728ecebe69535a2abefeca32c7992fcf8b
Add openssh-clients package to f5-router

bug: 1645755
https://bugzilla.redhat.com/show_bug.cgi?id=1645755

Signed-off-by: Phil Cameron <pcameron>

Comment 10 Hongan Li 2019-04-18 02:01:22 UTC
openssh-clients package is still not found in f5 router image v3.10.139

# oc get pod f5router-2-j6tkv -o yaml | grep image
    image: registry.reg-aws.openshift.com:443/openshift3/ose-f5-router:v3.10.139

# oc rsh f5router-2-j6tkv 
sh-4.2$ rpm -qa | grep openshift
atomic-openshift-clients-3.10.139-1.git.0.aa29c47.el7.x86_64
atomic-openshift-3.10.139-1.git.0.aa29c47.el7.x86_64
sh-4.2$ 
sh-4.2$ which scp
which: no scp in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin)
sh-4.2$ rpm -qa | grep ssh
libssh2-1.4.3-12.el7_6.2.x86_64

Comment 13 Phil Cameron 2019-04-22 15:04:18 UTC
cherry-picked pr 21430 (comment #5)
https://github.com/openshift/origin/pull/22621
into 3.10
Its out for review, when merged this bug will be fixed.

Comment 14 Phil Cameron 2019-06-03 18:16:50 UTC
https://github.com/openshift/origin/pull/22621
MERGED

Comment 16 Hongan Li 2019-06-12 09:12:49 UTC
verified with atomic-openshift-3.10.149-1.git.0.05de590.el7 and issue has been fixed.

# oc rsh f5router-2-lr2dn 
sh-4.2$ rpm -qa | grep openshift
atomic-openshift-clients-3.10.149-1.git.0.05de590.el7.x86_64
atomic-openshift-3.10.149-1.git.0.05de590.el7.x86_64
sh-4.2$ 
sh-4.2$ rpm -qa | grep ssh
libssh2-1.4.3-12.el7_6.2.x86_64
openssh-7.4p1-16.el7.x86_64
openssh-clients-7.4p1-16.el7.x86_64
sh-4.2$ 
sh-4.2$ which scp
/usr/bin/scp
sh-4.2$

Comment 18 errata-xmlrpc 2019-06-27 16:41:12 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:1607


Note You need to log in before you can comment on or make changes to this bug.