Bug 1210763

Summary: [ovirt-hosted-engine-setup] script doesn't validate user input for username for iscsi storage domain > 50 characters.
Product: Red Hat Enterprise Virtualization Manager Reporter: akotov
Component: ovirt-hosted-engine-setupAssignee: Sandro Bonazzola <sbonazzo>
Status: CLOSED ERRATA QA Contact: Elad <ebenahar>
Severity: medium Docs Contact:
Priority: low    
Version: 3.5.0CC: acanan, bazulay, dfediuck, eedri, gklein, jbuchta, lsurette, nsednev, pstehlik, rbalakri, Rhev-m-bugs, sbonazzo, sherold, yeylon, ykaul, ylavi
Target Milestone: ovirt-3.6.0-rc   
Target Release: 3.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Previously, the length of a username wasn't checked, even though the database field was limited to store only 50 characters. A user could enter a username longer than 50 characters, causing an error while storing the username into the database during the setup. With this release, username length is now validated to ensure it can fit in the database. The user can no longer enter usernames which may cause the database insert to fail due to their length. Please note: work is in progress to modify the database to allow longer usernames, so in future this limitation will be lifted.
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-03-09 19:11:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Integration RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description akotov 2015-04-10 13:52:22 UTC
Description of problem:

hosted-engine --deploy fails with internal engine error

2015-04-08 17:36:44,251 INFO  [org.ovirt.engine.core.bll.AddDiskCommand] (ajp-/127.0.0.1:8702-7) [35de27da] Running command: AddDiskCommand internal: false. Entities affected :  ID: aaa00000-0000-0000-0000-12345
6789aaa Type: SystemAction group CREATE_DISK with role type USER,  ID: aaa00000-0000-0000-0000-123456789aaa Type: SystemAction group CONFIGURE_SCSI_GENERIC_IO with role type ADMIN
2015-04-08 17:36:44,312 INFO  [org.ovirt.engine.core.utils.transaction.TransactionSupport] (ajp-/127.0.0.1:8702-7) [35de27da] transaction rolled back
2015-04-08 17:36:44,313 ERROR [org.ovirt.engine.core.bll.AddDiskCommand] (ajp-/127.0.0.1:8702-7) [35de27da] Command org.ovirt.engine.core.bll.AddDiskCommand throw exception: org.springframework.dao.DataIntegrity
ViolationException: CallableStatementCallback; SQL [{call insertstorage_server_connections(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)}]; ERROR: value too long for type character varying(50)
  Where: SQL statement "INSERT INTO storage_server_connections(connection, id, iqn, port,portal, password, storage_type, user_name,mount_options,vfs_type,nfs_version,nfs_timeo,nfs_retrans) VALUES( $1 ,  $2 ,  $3
 , $4 , $5 ,  $6 ,  $7 ,  $8 , $9 , $10 , $11 , $12 , $13 )"
PL/pgSQL function "insertstorage_server_connections" line 2 at SQL statement; nested exception is org.postgresql.util.PSQLException: ERROR: value too long for type character varying(50)
  Where: SQL statement "INSERT INTO storage_server_connections(connection, id, iqn, port,portal, password, storage_type, user_name,mount_options,vfs_type,nfs_version,nfs_timeo,nfs_retrans) VALUES( $1 ,  $2 ,  $3
 , $4 , $5 ,  $6 ,  $7 ,  $8 , $9 , $10 , $11 , $12 , $13 )"
PL/pgSQL function "insertstorage_server_connections" line 2 at SQL statement
        at org.springframework.jdbc.support.SQLStateSQLExceptionTranslator.doTranslate(SQLStateSQLExceptionTranslator.java:101) [spring-jdbc.jar:3.1.1.RELEASE]


Caused by: org.postgresql.util.PSQLException: ERROR: value too long for type character varying(50)
  Where: SQL statement "INSERT INTO storage_server_connections(connection, id, iqn, port,portal, password, storage_type, user_name,mount_options,vfs_type,nfs_version,nfs_timeo,nfs_retrans) VALUES( $1 ,  $2 ,  $3 , $4 , $5 ,  $6 ,  $7 ,  $8 , $9 , $10 , $11 , $12 , $13 )"
PL/pgSQL function "insertstorage_server_connections" line 2 at SQL statement


Version-Release number of selected component (if applicable):

latest

How reproducible:

Always

Steps to Reproduce:
1. hosted-engine --deploy, specify username for iscsi storage domain > 50 characters

Actual results:

RuntimeError('Cannot add the Hosted Engine VM Disk to the engine',)
Expected results:

User gets a warning that username is not valid, as database limits it to 50 characters [ varying(50)]

Additional info:

Comment 4 Elad 2015-08-02 14:21:13 UTC
User and password length validation is done:


Entered a username with more than 50 characters: 

[ ERROR ] Username should not be longer than 50 characters.

Entered a password with more than 50 characters: 

 Please specify the iSCSI portal password: 
[ ERROR ] Password should not be longer than 50 characters.

Verified using: 
ovirt-3.6.0-alpha3
ovirt-hosted-engine-ha-1.3.0-0.0.master.20150615153650.20150615153645.git5f8c290.el7.noarch
ovirt-hosted-engine-setup-1.3.0-0.0.master.20150729070044.git26149d7.el7.noarch
iptables-services-1.4.21-13.el7.x86_64
iptables-1.4.21-13.el7.x86_64
vdsm-4.17.0-1229.git8299061.el7.noarch

Comment 5 Eyal Edri 2015-11-15 08:04:10 UTC
wrong component, changed to hosted-engine-setup

Comment 8 errata-xmlrpc 2016-03-09 19:11:38 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-0375.html