Red Hat Bugzilla – Bug 996952
[origin_runtime_209] SSH key of the haproxy will not be removed from gear authorized_keys after the gear with that haproxy is down
Last modified: 2015-05-14 20:19:49 EDT
Description of problem:
Create scalable app with multiple haproxy instances, all the ssh keys will be added to each gear of the app under ~/.ssh/authorized_keys. But after the gear with haproxy cartridge is down, the keys do not be removed from gears.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Set multiplier to 2 and max to 5 for haproxy cartridge
2.Create scalable app
3.Scale up the app to make the haproxy run on other gears
4.Scale down the app to make haproxy down
5.Check the .ssh/authorized_keys of the remained gears
The ssh keys which come from the haproxy who is down will be still listed.
The ssh key should be removed from gears when the haproxy instance down.
For my example, the max haproxy instances set to 5, but when I am checking the authorized_keys on my gear, there are 12 lines remaining.
[root@ip-10-80-223-220 93adc94604b611e388e812313d1cd02e]# cat .ssh/authorized_keys |wc -l
We have never explicitly removed ssh keys added for the haproxy cartridge as we always assumed that haproxy could not be removed by user action from a scalable application.
This bug is a result of the new use case brought about by the introduction of multiple haproxies.
Should not happen now. ssh keys are now preferably marked with gear_ids.
Checked on devenv_3993, not only for the haproxy, all the new gears will add entry to the authorized_keys.
And after gear removed, the related ssh key will be removed.
Move bug to verified.