Bug 1414276

Summary: [3.3] Installer is failing when `ansible_user` is set to Windows Login which requires dom\user format
Product: OpenShift Container Platform Reporter: Simon Reber <sreber>
Component: InstallerAssignee: Scott Dodson <sdodson>
Status: CLOSED ERRATA QA Contact: Gaoyun Pei <gpei>
Severity: medium Docs Contact:
Priority: high    
Version: 3.3.1CC: bleanhar, gpei, jokerman, mmccomas, pdwyer, sdodson, sreber, weshi
Target Milestone: ---   
Target Release: 3.3.1   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: openshift-ansible-3.3.67-1.git.0.7c5da0c.el7 Doc Type: Bug Fix
Doc Text:
Previously if ansible_user was a Windows domain user in the format of "dom\user" the installation playbooks would fail. This user name is now escaped properly ensuring playbooks run successfully.
Story Points: ---
Clone Of:
: 1426703 1426705 (view as bug list) Environment:
Last Closed: 2017-03-06 16:37:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1426703    
Bug Blocks: 1267746    

Description Simon Reber 2017-01-18 08:56:19 UTC
Description of problem:

When running the installer but defining `ansible_user` with a different username to use, that has Windows format, such as `dom\user` the installer is failing as `ansible` can not properly escape the `\`.

Escaping `{{ansible_user}}` like the below example fixes the issue:

> command: "/usr/bin/id -g \"{{ ansible_ssh_user }}\""

Version-Release number of selected component (if applicable):

openshift-ansible-3.2.36-1.git.0.164eb4c.el7.noarch
atomic-openshift-3.2.1.17-1.git.0.6d01b60.el7.x86_64

How reproducible:

Always

Steps to Reproduce:
1. Create user `dom\user` on the client systems
2. Set `ansible_user` to 'dom\user'
3. Run installer like described in https://docs.openshift.com/enterprise/3.2/install_config/install/advanced_install.html#multiple-masters

Actual results:

Installer is failing as because the task below in /usr/share/ansible/openshift-ansible/roles/openshift_master_certificates/tasks/main.yml is failing

    132 - name: Lookup default group for ansible_ssh_user
    133   command: "/usr/bin/id -g {{ ansible_ssh_user }}"
    134   changed_when: false
    135   register: _ansible_ssh_user_gid

Expected results:

Installer should work in any case and with any kind of user defined that is valid and working with ssh

Additional info:

Created https://github.com/ansible/ansible/issues/20381 to see if this is something that can be fixed in `ansible`

Comment 5 Scott Dodson 2017-02-22 18:42:44 UTC
https://github.com/openshift/openshift-ansible/pull/3457 Proposed fix

Comment 11 Scott Dodson 2017-02-24 16:13:17 UTC
https://github.com/openshift/openshift-ansible/pull/3485 backport to 3.3

Comment 13 Wenkai Shi 2017-02-28 11:41:56 UTC
Verified with version openshift-ansible-3.3.67-1.git.0.7c5da0c.el7, installation succeed with ansible user 'dom\user'.

# cat hosts
[OSEv3:children]
masters
nodes
nfs

[OSEv3:vars]
ansible_ssh_user='dom\user'
ansible_become=yes
debug_level=5
deployment_type=openshift-enterprise
openshift_release=v3.3

oreg_url=...
openshift_docker_additional_registries=...
openshift_docker_insecure_registries=...
openshift_examples_modify_imagestreams=true
osm_use_cockpit=false
osm_cockpit_plugins="['cockpit-kubernetes']"

openshift_additional_repos=[{'id': 'ose-devel', 'name': 'ose-devel', 'baseurl': '...', 'enabled': 1, 'gpgcheck': 0}]

openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]
openshift_master_htpasswd_users={'weshi': '$apr1$64.bNFRx$hasOByTx4S9hcMUy0qlsm1', 'wkshi': '$apr1$2PsVtrnA$DrtSyupkggQhqL1OWmYhs0'}

openshift_hosted_router_selector="role=node,router=enabled"
openshift_hosted_registry_selector="role=node,registry=enabled"

openshift_hosted_registry_storage_kind=nfs
openshift_hosted_registry_storage_access_modes=['ReadWriteMany']
openshift_hosted_registry_storage_nfs_directory=/exports
openshift_hosted_registry_storage_nfs_options='*(rw,root_squash,sync)'
openshift_hosted_registry_storage_volume_name=registry
openshift_hosted_registry_storage_volume_size=10Gi

openshift_set_hostname=true
openshift_override_hostname_check=true

[masters]
openshift.example.com openshift_hostname="openshift.example.com" openshift_public_hostname="openshift.example.com"

[nodes]
openshift.example.com openshift_hostname="openshift.example.com" openshift_public_hostname="openshift.example.com" openshift_node_labels="{'role': 'node', 'registry': 'enabled', 'router': 'enabled'}" openshift_schedulable=True

[nfs]
openshift.example.com

Comment 15 errata-xmlrpc 2017-03-06 16:37:36 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:0448