Bug 2107113 - Adding SSH keys for core user post-install creates .ssh folder owned by root
Summary: Adding SSH keys for core user post-install creates .ssh folder owned by root
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Machine Config Operator
Version: 4.10
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: ---
: 4.12.0
Assignee: MCO Bug Bot
QA Contact: Rio Liu
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-07-14 11:29 UTC by Pablo Alonso Rodriguez
Modified: 2023-01-17 19:52 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-01-17 19:52:40 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift machine-config-operator pull 3250 0 None open Bug 2107113: Fix .ssh directory not owned by core when created by Machine Config D… 2022-08-22 06:09:07 UTC
Red Hat Knowledge Base (Solution) 6972707 0 None None None 2022-08-22 06:58:42 UTC
Red Hat Product Errata RHSA-2022:7399 0 None None None 2023-01-17 19:52:57 UTC

Description Pablo Alonso Rodriguez 2022-07-14 11:29:02 UTC
Description of problem:

If a cluster that was created without SSH keys in install-config is added SSH keys post-install, machine-config-daemon creates the "~core/.ssh" folder owned by "root" and not by "core" user, which is wrong and doesn't even mimic ignition behavior (ignition creates the folder with right "core" owner).

Version-Release number of MCO (Machine Config Operator) (if applicable):

4.10.18

Platform (AWS, VSphere, Metal, etc.):

Any

Are you certain that the root cause of the issue being reported is the MCO (Machine Config Operator)?
(Y/N/Not sure): Yes, of course.

How reproducible:

Always

Did you catch this issue by running a Jenkins job? If yes, please list:
No

Steps to Reproduce:
1. Install a cluster without SSH keys
2. Add a SSH key by following https://access.redhat.com/solutions/3868301 (which creates the very same machineconfig than the installation program)
3.

Actual results:

~core/.ssh folder owned by root on existing nodes, which is different behavior than ignition (which creates the folder owned by core)

Expected results:

~core/.ssh owned by core user, like ignition does.

Additional info:

If a new worker is added after having applied the ssh keys machineconfig, its "~core/.ssh" folder has right ownership, because it is created by ignition and not by machine-config-daemon. The issue only impacts the nodes that existed by the time the machine-config with ssh keys is created.

Comment 6 errata-xmlrpc 2023-01-17 19:52:40 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: OpenShift Container Platform 4.12.0 bug fix and security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:7399


Note You need to log in before you can comment on or make changes to this bug.