Bug 996952 - [origin_runtime_209] SSH key of the haproxy will not be removed from gear authorized_keys after the gear with that haproxy is down
[origin_runtime_209] SSH key of the haproxy will not be removed from gear aut...
Product: OpenShift Online
Classification: Red Hat
Component: Pod (Show other bugs)
Unspecified Unspecified
medium Severity low
: ---
: ---
Assigned To: Rajat Chopra
libra bugs
Depends On:
  Show dependency treegraph
Reported: 2013-08-14 06:59 EDT by Meng Bo
Modified: 2015-05-14 20:19 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2014-01-23 22:22:46 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Meng Bo 2013-08-14 06:59:21 EDT
Description of problem:
Create scalable app with multiple haproxy instances, all the ssh keys will be added to each gear of the app under ~/.ssh/authorized_keys. But after the gear with haproxy cartridge is down, the keys do not be removed from gears.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Set multiplier to 2 and max to 5 for haproxy cartridge
2.Create scalable app
3.Scale up the app to make the haproxy run on other gears
4.Scale down the app to make haproxy down
5.Check the .ssh/authorized_keys of the remained gears

Actual results:
The ssh keys which come from the haproxy who is down will be still listed.

Expected results:
The ssh key should be removed from gears when the haproxy instance down.

Additional info:
For my example, the max haproxy instances set to 5, but when I am checking the authorized_keys on my gear, there are 12 lines remaining.

[root@ip-10-80-223-220 93adc94604b611e388e812313d1cd02e]# cat .ssh/authorized_keys |wc -l
Comment 1 Abhishek Gupta 2013-08-14 13:16:25 EDT
We have never explicitly removed ssh keys added for the haproxy cartridge as we always assumed that haproxy could not be removed by user action from a scalable application.

This bug is a result of the new use case brought about by the introduction of multiple haproxies.
Comment 2 Rajat Chopra 2013-11-05 18:49:30 EST
Should not happen now. ssh keys are now preferably marked with gear_ids.
Comment 3 Meng Bo 2013-11-06 03:15:40 EST
Checked on devenv_3993, not only for the haproxy, all the new gears will add entry to the authorized_keys.

And after gear removed, the related ssh key will be removed.

Move bug to verified.

Note You need to log in before you can comment on or make changes to this bug.