Bug 1416877

Summary: A space character in LDAP url in hosts file converts to \_ in master-config.yaml
Product: OpenShift Container Platform Reporter: Steven Walter <stwalter>
Component: InstallerAssignee: Russell Teague <rteague>
Status: CLOSED NOTABUG QA Contact: Johnny Liu <jialiu>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.4.0CC: aos-bugs, jokerman, kborup, mmccomas, myllynen, rteague, sdodson, stwalter
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-03-27 13:26:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Steven Walter 2017-01-26 16:57:44 UTC
Description of problem:
Customer set up authentication in the hosts file for LDAP. The url contains a space:

openshift_master_identity_providers=[{'name': 'ldap-provider','challenge': 'true','login': 'true','kind': 'LDAPPasswordIdentityProvider','attributes': {'id': ['cn'],'name': ['description'], 'preferredUsername': ['cn']},'insecure': 'false', 'bindDN': 'CN=ose3master.gen,OU=Generics,OU=Example Users,DC=stage, DC=example,DC=com','bindPassword': '********','ca': 'stacked.pem','url': 'ldap://staging.example.com:389/OU=Example Users,DC=stage,DC=example,DC=com?cn'}]

Note "Example Users" in bindDN and url. In master-config.yaml it converts to:

    name: ldap-provider
      kind: LDAPPasswordIdentityProvider
      url: "ldap://staging.example.com:389/OU=Example\_Users,DC=stage,DC=example,DC=com?cn"

It starts working again if you manually modify master-config.yaml with the space instead of the \_

Version-Release number of selected component (if applicable):
Customer has replicated issue on two versions:
3.3.1.3
3.4.0.39

How reproducible:
I was unable to reproduce in my lab environment -- unconfirmed

Additional Info:

I was looking at these code bits but can't find where it's making format change:

https://github.com/openshift/openshift-ansible/blob/78b948edb0c30e3ec876916a8bbe08db5f055ea7/filter_plugins/openshift_master.py#L151-L192
https://github.com/openshift/openshift-ansible/blob/b01d19b5a37330c4b3fea5f1f54efd6ef0e207c0/roles/openshift_master/templates/master.yaml.v1.j2#L161-L167

Comment 4 Russell Teague 2017-03-10 19:44:12 UTC
I have been unable to reproduce this bug in development environments.

Additionally, I noticed in the original problem description, the ldap url was show within double quotes.  I've not see this in the master-config.yaml either.

Test system details:

[root@ose3-master ~]# rpm -qa atomic\*
atomic-openshift-master-3.4.0.39-1.git.0.5f32f06.el7.x86_64
atomic-openshift-clients-3.4.0.39-1.git.0.5f32f06.el7.x86_64
atomic-openshift-3.4.0.39-1.git.0.5f32f06.el7.x86_64

[root@ose3-master ~]# rpm -qa PyYAML
PyYAML-3.10-11.el7.x86_64

[root@ose3-master ~]# cat /etc/origin/master/master-config.yaml | grep url:
      url: ldap://staging.example.com:389/OU=Example Users,DC=stage,DC=example,DC=com?cn

I have also Ansible 2.1 and 2.2.

Please provide at package version listing for both the control host and the master.
Something like:
# rpm -qa | sort > installed-rpms.txt

Comment 5 Russell Teague 2017-03-14 14:49:49 UTC
Following up to see if the requested information can be provided or if this issue is no longer reproducible in the customer environment.

Comment 6 Steven Walter 2017-03-14 15:27:58 UTC
Checking with the customer. I was never able to replicate but customer had gotten it to happen consistently. I'll let you know results

Comment 9 Russell Teague 2017-03-21 19:43:56 UTC
I have been able to reproduce the behavior reported when using non-breaking spaces in the host file.  Please ensure your hosts file does not include non-breaking spaces.

To check:
# grep -P -n "\xA0" hosts

Any lines with non-breaking spaces will be listed.

To fix:
# sed -i.bak 's/\xC2\xA0/ /g' hosts

Any lines containing non-breaking spaces will be updated to have normal spaces.  A backup will be made of the original at hosts.bak.

Non-breaking spaces are generally artifacts from copy/paste or inadvertent key combinations when typing in editors.  YAML 1.1 spec states that non-breaking spaces are converted to "\_" during dumping.  This yaml.dump was occurring in the openshift_master translate_idps filter module.

Please let me know if this resolves your issue.

Comment 10 Steven Walter 2017-05-08 19:24:56 UTC
Created KCS with your solution for future customers to use https://access.redhat.com/solutions/3026781 -- thanks!