Red Hat Bugzilla – Bug 996952
[origin_runtime_209] SSH key of the haproxy will not be removed from gear authorized_keys after the gear with that haproxy is down
Last modified: 2015-05-14 20:19:49 EDT
Description of problem: Create scalable app with multiple haproxy instances, all the ssh keys will be added to each gear of the app under ~/.ssh/authorized_keys. But after the gear with haproxy cartridge is down, the keys do not be removed from gears. Version-Release number of selected component (if applicable): devenv_3647 How reproducible: always Steps to Reproduce: 1.Set multiplier to 2 and max to 5 for haproxy cartridge 2.Create scalable app 3.Scale up the app to make the haproxy run on other gears 4.Scale down the app to make haproxy down 5.Check the .ssh/authorized_keys of the remained gears Actual results: The ssh keys which come from the haproxy who is down will be still listed. Expected results: The ssh key should be removed from gears when the haproxy instance down. Additional info: For my example, the max haproxy instances set to 5, but when I am checking the authorized_keys on my gear, there are 12 lines remaining. [root@ip-10-80-223-220 93adc94604b611e388e812313d1cd02e]# cat .ssh/authorized_keys |wc -l 12
We have never explicitly removed ssh keys added for the haproxy cartridge as we always assumed that haproxy could not be removed by user action from a scalable application. This bug is a result of the new use case brought about by the introduction of multiple haproxies.
Should not happen now. ssh keys are now preferably marked with gear_ids. https://github.com/openshift/origin-server/pull/4084
Checked on devenv_3993, not only for the haproxy, all the new gears will add entry to the authorized_keys. And after gear removed, the related ssh key will be removed. Move bug to verified.