952273 – Port-forwarding does not work on STG instance

Bug 952273 - Port-forwarding does not work on STG instance

Summary: Port-forwarding does not work on STG instance

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	OpenShift Online
Classification:	Red Hat
Component:	oc
Sub Component:
Version:	2.x
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	low
Target Milestone:	---
Target Release:	---
Assignee:	Fabiano Franz
QA Contact:	libra bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-04-15 14:24 UTC by Oleg Fayans
Modified:	2016-12-01 00:27 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-09-26 09:50:15 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Oleg Fayans 2013-04-15 14:24:48 UTC

Description of problem:

When I create an application, add a postgresql-8.4 cartridge to it and try to do port-forwarding, I am getting the following error: 

Error trying to forward ports. You can try to forward manually by running:
ssh -N 516c0a8fdbd93c985c000061.rhcloud.com

Version-Release number of selected component (if applicable):


How reproducible:

Each time

Steps to Reproduce:
1. rhc app create myapp nodejs-0.6
2. rhc cartridge add postgresql-8.4 --app myapp
3. rhc port-forward myapp
  
Actual results:

Error trying to forward ports. You can try to forward manually by running:
ssh -N 516c0a8fdbd93c985c000061.rhcloud.com

Expected results:

Ports are forwarded. No error message is shown


Additional info:

Comment 1 Clayton Coleman 2013-04-15 23:15:19 UTC

Did you try to run 'ssh -N ...'?  If that doesn't work, please run 'ssh -N -vvv 516c0a8fdbd93c985c000061.rhcloud.com' and include the debug output

Comment 2 Fabiano Franz 2013-04-15 23:52:33 UTC

Also try with the command below and include the debug output:

rhc port-forward myapp --debug

Comment 3 joycezhang 2013-04-17 05:00:07 UTC

It works for me with rhc-1.7.7 on STG as below. Could you please provide more information about this bug? Thanks
# rhc port-forward myapp
Checking available ports ... done
Forwarding ports ...

To connect to a service running on OpenShift, use the Local address

Service  Local               OpenShift
-------- -------------- ---- ----------------
node     127.0.0.1:8080  =>  127.3.121.1:8080
postgres 127.0.0.1:5432  =>  127.3.121.1:5432

Press CTRL-C to terminate port forwarding

Comment 4 Oleg Fayans 2013-04-17 08:02:15 UTC

Did a bit of debug. Results are below.

Number One:

[ofayans@dhcp129-148 ~]$ rhc port-forward myapp --debug
DEBUG: Connecting to https://stg.openshift.redhat.com/broker/rest/api
DEBUG: Getting all domains
DEBUG: Request GET https://stg.openshift.redhat.com/broker/rest/api
DEBUG:    code 200  593 ms
DEBUG: Request GET https://stg.openshift.redhat.com/broker/rest/domains
DEBUG:    code 200  171 ms
DEBUG: Getting all domains
DEBUG: Request GET https://stg.openshift.redhat.com/broker/rest/domains/ofayans/applications/myapp
DEBUG:    code 200  250 ms
Using ssh://516e54e3dbd93c0aa600005e.rhcloud.com...
Checking available ports...
516e54e3dbd93c0aa600005e
Error trying to forward ports. You can try to forward manually by running:
ssh -N 516e54e3dbd93c0aa600005e.rhcloud.com

Number Two:

[ofayans@dhcp129-148 ~]$ ssh -vvv -N 516e54e3dbd93c0aa600005e.rhcloud.com
OpenSSH_6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /home/ofayans/.ssh/config
debug1: /home/ofayans/.ssh/config line 19: Applying options for *.rhcloud.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 50: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to myapp-ofayans.stg.rhcloud.com [23.22.48.105] port 22.
debug1: Connection established.
debug1: could not open key file '/etc/ssh/ssh_host_key': Permission denied
debug1: could not open key file '/etc/ssh/ssh_host_dsa_key': Permission denied
debug1: could not open key file '/etc/ssh/ssh_host_rsa_key': Permission denied
debug1: could not open key file '/etc/ssh/ssh_host_dsa_key': Permission denied
debug1: could not open key file '/etc/ssh/ssh_host_rsa_key': Permission denied
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/ofayans/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/ofayans/.ssh/id_rsa type 1
debug1: identity file /home/ofayans/.ssh/id_rsa-cert type -1
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/ofayans/.ssh/id_dsa" as a RSA1 public key
debug1: identity file /home/ofayans/.ssh/id_dsa type 2
debug1: identity file /home/ofayans/.ssh/id_dsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3
debug1: match: OpenSSH_5.3 pat OpenSSH_5*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.1
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "myapp-ofayans.stg.rhcloud.com" from file "/home/ofayans/.ssh/rhcloud_known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/ofayans/.ssh/rhcloud_known_hosts:179
debug3: load_hostkeys: found key type RSA in file /home/ofayans/.ssh/rhcloud_known_hosts:180
debug3: load_hostkeys: loaded 2 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01,ssh-rsa-cert-v00,ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01,ssh-rsa-cert-v00,ssh-rsa,ssh-dss-cert-v01,ssh-dss-cert-v00,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib,zlib
debug2: kex_parse_kexinit: none,zlib,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,umac-64,hmac-ripemd160,hmac-ripemd160,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 132/256
debug2: bits set: 491/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA cf:ee:77:cb:0e:fc:02:d7:72:7e:ae:80:c0:90:88:a7
debug3: verify_host_key_dns
debug1: found 0 insecure fingerprints in DNS
debug1: no host key fingerprint found in DNS
debug3: load_hostkeys: loading entries for host "myapp-ofayans.stg.rhcloud.com" from file "/home/ofayans/.ssh/rhcloud_known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/ofayans/.ssh/rhcloud_known_hosts:179
debug3: load_hostkeys: found key type RSA in file /home/ofayans/.ssh/rhcloud_known_hosts:180
debug3: load_hostkeys: loaded 2 keys
debug3: load_hostkeys: loading entries for host "23.22.48.105" from file "/home/ofayans/.ssh/rhcloud_known_hosts"
debug3: load_hostkeys: found key type RSA in file /home/ofayans/.ssh/rhcloud_known_hosts:2
debug3: load_hostkeys: found key type RSA in file /home/ofayans/.ssh/rhcloud_known_hosts:131
debug3: load_hostkeys: found key type RSA in file /home/ofayans/.ssh/rhcloud_known_hosts:157
debug3: load_hostkeys: found key type RSA in file /home/ofayans/.ssh/rhcloud_known_hosts:159
debug3: load_hostkeys: found key type RSA in file /home/ofayans/.ssh/rhcloud_known_hosts:180
debug3: load_hostkeys: loaded 5 keys
debug1: Host 'myapp-ofayans.stg.rhcloud.com' is known and matches the RSA host key.
debug1: Found key in /home/ofayans/.ssh/rhcloud_known_hosts:179
debug2: bits set: 498/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /home/ofayans/.ssh/id_rsa (0x7f6b63e232f0)
debug2: key: /home/ofayans/.ssh/id_dsa (0x7f6b63e23440)
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic
debug3: start over, passed a different list publickey,gssapi-keyex,gssapi-with-mic
debug3: preferred gssapi-keyex,gssapi-with-mic,hostbased,publickey,keyboard-interactive,password
debug3: authmethod_lookup gssapi-keyex
debug3: remaining preferred: gssapi-with-mic,hostbased,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-keyex
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug3: authmethod_lookup gssapi-with-mic
debug3: remaining preferred: hostbased,publickey,keyboard-interactive,password
debug3: authmethod_is_enabled gssapi-with-mic
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1000' not found

debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1000' not found

debug1: Unspecified GSS failure.  Minor code may provide more information


debug1: Unspecified GSS failure.  Minor code may provide more information
Credentials cache file '/tmp/krb5cc_1000' not found

debug2: we did not send a packet, disable method
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/ofayans/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Remote: Forced command: /usr/bin/oo-trap-user
debug1: Remote: X11 forwarding disabled.
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug2: input_userauth_pk_ok: fp 25:21:9d:4b:f1:4f:65:28:e9:ca:be:47:6c:7b:c6:1b
debug3: sign_and_send_pubkey: RSA 25:21:9d:4b:f1:4f:65:28:e9:ca:be:47:6c:7b:c6:1b
debug1: read PEM private key done: type RSA
debug1: Remote: Forced command: /usr/bin/oo-trap-user
debug1: Remote: X11 forwarding disabled.
debug1: Authentication succeeded (publickey).
Authenticated to myapp-ofayans.stg.rhcloud.com ([23.22.48.105]:22).
debug3: clear hostkey 4
debug3: clear hostkey 6
debug1: Requesting no-more-sessions
debug1: Entering interactive session.

Comment 5 Clayton Coleman 2013-04-19 16:11:25 UTC

I don't know enough SSH details to say for sure, but I wonder if this has something to do with your .ssh/config.  What SSH config are you applying to the * or *.rhcloud.com groups?

Comment 6 Justin Harris 2013-04-19 21:14:37 UTC

I am not able to replicate this either.  I think that getting the ssh config options as Clayton suggested could help us further on this.

Comment 7 Clayton Coleman 2013-05-07 22:17:36 UTC

Looking at 

debug3: Could not load "/home/ofayans/.ssh/id_rsa" as a RSA1 public key
debug1: identity file /home/ofayans/.ssh/id_rsa type 1
debug1: identity file /home/ofayans/.ssh/id_rsa-cert type -1
debug3: Incorrect RSA1 identifier
debug3: Could not load "/home/ofayans/.ssh/id_dsa" as a RSA1 public key

what is the filename of the private key for the public key you uploaded to openshift?

Comment 8 Oleg Fayans 2013-05-09 09:09:52 UTC

Here is contents of mz .ssh directory:

[ofayans@dhcp129-148 ~]$ ls -la /home/ofayans/.ssh/
total 104
drwx------.  2 ofayans ofayans  4096 Apr 17 12:11 .
drwx------. 59 ofayans ofayans  4096 May  9 11:02 ..
-rw-------.  1 ofayans ofayans   586 Apr 17 11:57 config
-rw-------.  1 ofayans ofayans  1679 Apr 17 12:04 id_rsa
-rw-rw-r--.  1 ofayans ofayans   394 Apr 17 12:04 id_rsa.pub
-rw-rw-r--.  1 ofayans ofayans  1667 May  7 09:40 known_hosts
-rw-------.  1 ofayans ofayans  1675 Apr 17 11:56 libra.pem
-rw-rw-r--.  1 ofayans ofayans 75711 May  9 11:04 rhcloud_known_hosts

Here is contents of my .ssh/config file:

### OSTEST_SETUP ###
Host *.amazonaws.com
    User root
    StrictHostKeyChecking=no
    IdentityFile ~/.ssh/libra.pem

Host *.dev.rhcloud.com
    IdentityFile ~/.ssh/id_rsa
    VerifyHostKeyDNS yes
    StrictHostKeyChecking no
    UserKnownHostsFile ~/.ssh/dev_rhcloud_known_hosts

Host *.example.com
    IdentityFile ~/.ssh/id_rsa
    VerifyHostKeyDNS yes
    StrictHostKeyChecking no
    UserKnownHostsFile ~/.ssh/dev_rhcloud_known_hosts

Host *.rhcloud.com
    VerifyHostKeyDNS yes
    StrictHostKeyChecking no
    UserKnownHostsFile ~/.ssh/rhcloud_known_hosts
### OSTEST_SETUP ###

Comment 9 Clayton Coleman 2013-05-09 13:19:21 UTC

Can you rerun the RHC port forward command with --trace as well?

Comment 10 Oleg Fayans 2013-05-14 08:40:32 UTC

Done. Here is the output:

[ofayans@dhcp129-148 ostest]$ rhc port-forward myapp --trace
Checking available ports...
/home/ofayans/.gem/ruby/1.9.1/gems/rhc-1.7.1/lib/rhc/commands/port_forward.rb:181:in `rescue in run': Error trying to forward ports. You can try to forward manually by running: (RHC::PortForwardFailedException)
ssh -N 5191f72e03ef64d46c000059.rhcloud.com
        from /home/ofayans/.gem/ruby/1.9.1/gems/rhc-1.7.1/lib/rhc/commands/port_forward.rb:83:in `run'
        from /home/ofayans/.gem/ruby/1.9.1/gems/rhc-1.7.1/lib/rhc/commands.rb:228:in `execute'
        from /home/ofayans/.gem/ruby/1.9.1/gems/rhc-1.7.1/lib/rhc/commands.rb:219:in `block (3 levels) in to_commander'
        from /usr/local/share/gems/gems/commander-4.1.3/lib/commander/command.rb:180:in `call'
        from /usr/local/share/gems/gems/commander-4.1.3/lib/commander/command.rb:180:in `call'
        from /usr/local/share/gems/gems/commander-4.1.3/lib/commander/command.rb:155:in `run'
        from /usr/local/share/gems/gems/commander-4.1.3/lib/commander/runner.rb:402:in `run_active_command'
        from /home/ofayans/.gem/ruby/1.9.1/gems/rhc-1.7.1/lib/rhc/command_runner.rb:105:in `run!'
        from /usr/local/share/gems/gems/commander-4.1.3/lib/commander/delegates.rb:11:in `run!'
        from /home/ofayans/.gem/ruby/1.9.1/gems/rhc-1.7.1/lib/rhc/cli.rb:42:in `start'
        from /home/ofayans/.gem/ruby/1.9.1/gems/rhc-1.7.1/bin/rhc:18:in `<top (required)>'
        from /home/ofayans/bin/rhc:23:in `load'
        from /home/ofayans/bin/rhc:23:in `<main>'

Comment 11 Oleg Fayans 2013-05-14 09:27:06 UTC

Updated rhc to 1.8.9, the result is the same

Comment 12 Oleg Fayans 2013-05-14 12:47:45 UTC

The same on 1.9.1:

[ofayans@dhcp129-148 ostest]$ rhc port-forward ij44usqab4 --trace
Checking available ports ... /home/ofayans/.gem/ruby/1.9.1/gems/rhc-1.9.1/lib/rhc/commands/port_forward.rb:186:in `rescue in run': Error trying to forward ports. You can try to forward manually by running: (RHC::PortForwardFailedException)
ssh -N 5192051d03ef644d43000071.rhcloud.com
        from /home/ofayans/.gem/ruby/1.9.1/gems/rhc-1.9.1/lib/rhc/commands/port_forward.rb:84:in `run'
        from /home/ofayans/.gem/ruby/1.9.1/gems/rhc-1.9.1/lib/rhc/commands.rb:240:in `execute'
        from /home/ofayans/.gem/ruby/1.9.1/gems/rhc-1.9.1/lib/rhc/commands.rb:231:in `block (3 levels) in to_commander'
        from /usr/local/share/gems/gems/commander-4.1.3/lib/commander/command.rb:180:in `call'
        from /usr/local/share/gems/gems/commander-4.1.3/lib/commander/command.rb:180:in `call'
        from /usr/local/share/gems/gems/commander-4.1.3/lib/commander/command.rb:155:in `run'
        from /usr/local/share/gems/gems/commander-4.1.3/lib/commander/runner.rb:402:in `run_active_command'
        from /home/ofayans/.gem/ruby/1.9.1/gems/rhc-1.9.1/lib/rhc/command_runner.rb:99:in `run!'
        from /usr/local/share/gems/gems/commander-4.1.3/lib/commander/delegates.rb:11:in `run!'
        from /home/ofayans/.gem/ruby/1.9.1/gems/rhc-1.9.1/lib/rhc/cli.rb:36:in `start'
        from /home/ofayans/.gem/ruby/1.9.1/gems/rhc-1.9.1/bin/rhc:18:in `<top (required)>'
        from /home/ofayans/bin/rhc:23:in `load'
        from /home/ofayans/bin/rhc:23:in `<main>'

Comment 13 Fabiano Franz 2013-09-19 21:33:03 UTC

Couldn't reproduce this too.

Could be related to a bug in the net/ssh rubygem specifically related to some characteristic of your environment (key permissions for example).

I would like you to run the following command so we can discard this possibility:

ruby -e "require 'net/ssh'; Net::SSH.start('HOST', 'USER') {|s| puts s.exec!('ls')}"

Replacing HOST and USER.

Also please check which version of net/ssh you have installed:

gem list | grep net-ssh

Comment 14 Oleg Fayans 2013-09-26 09:50:15 UTC

I reinstalled the system and the problem is gone

Note You need to log in before you can comment on or make changes to this bug.