Bug 1847966

Summary: grafana setup with "weird" characters is broken
Product: [oVirt] ovirt-engine-dwh Reporter: Yedidyah Bar David <didi>
Component: SetupAssignee: Yedidyah Bar David <didi>
Status: CLOSED CURRENTRELEASE QA Contact: Pavel Novotny <pnovotny>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.4.0CC: bugs, emarcus, michal.skrivanek, pelauter, sradco
Target Milestone: ovirt-4.4.2Flags: pm-rhel: ovirt-4.4+
pelauter: planning_ack+
sbonazzo: devel_ack+
lleistne: testing_ack+
Target Release: 4.4.2.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ovirt-engine-dwh-4.4.2.1 Doc Type: Bug Fix
Doc Text:
Cause: engine-setup did not handle well passwords (admin password, secret_key, DB user password) when creating grafana configuration/provisioning files. Consequence: Passwords with "weird" characters didn't work well. "Weird" characters are those that are significant for the file format - quotes etc. "Didn't work well" means that they either caused grafana to fail, or the passwords to not work - meaning, e.g., admin user could not log in with the supplied passwords. Fix: engine-setup was patched to quote/escape passwords/secrets. Result: Now everything works well even when the user supplies passwords that contain such characters.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2020-09-18 07:12:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Metrics RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Yedidyah Bar David 2020-06-17 12:59:11 UTC 
Verify that grafana (and everything else) is working well, also when all possible user inputs (db credentials, admin password, PKI organization name, etc.) include also "weird" characters. See e.g. a report on ovirt-users with subject:

[ovirt-users] 4.4 regression: engine-setup fails if admin password in answerfile contains a "%"

which was fixed (without a bugzilla bug) in:

https://gerrit.ovirt.org/109244

"Weird" should include characters that might have significance in various relevant programming languages (e.g. $@;'"%) as well as non-ascii unicode.
Comment 1 Pavel Novotny 2020-07-13 18:22:09 UTC 
FailedQA in
ovirt-engine-4.4.1.8-0.7.el8ev.noarch
otopi-common-1.9.2-1.el8ev.noarch
grafana-6.3.6-1.el8.x86_64

Running engine-setup with answer file with string %'"$@&*();:! as admin password (for engine & Grafana) and as part of the org. name
no longer causes the setup to fail. engine-setup completes successfully.

However the admin user is not able to log into Grafana with the password - error "Invalid username or password". Tried several times with copy&pasting the passwd and manual input also.
Logging into Webadmin with the same password works OK.

grafana.log:

t=2020-07-13T20:18:32+0200 lvl=eror msg="Invalid username or password" logger=context userId=0 orgId=0 uname= error="Invalid Username or Password"
t=2020-07-13T20:18:32+0200 lvl=info msg="Request Completed" logger=context userId=0 orgId=0 uname= method=POST path=/login status=401 remote_addr=10.40.195.100 time_ms=102 size=42 referer=https://10-37-138-223.rhev.lab.eng.brq.redhat.com/ovirt-engine-grafana/login
Comment 2 Shirly Radco 2020-07-14 12:35:28 UTC 
From Grafana documentation:

password
The database user’s password (not applicable for sqlite3). If the password contains # or ; you have to wrap it with triple quotes. For example """#password;"""

https://grafana.com/docs/grafana/latest/administration/configuration/#password
Comment 3 Michal Skrivanek 2020-07-14 14:01:34 UTC 
do you want to document it? looks reasonable. if so then please turn this into a doc bug
Comment 4 Shirly Radco 2020-07-15 10:19:17 UTC 
(In reply to Michal Skrivanek from comment #3)
> do you want to document it? looks reasonable. if so then please turn this
> into a doc bug

I believe this might require code on our side to add the triple quotes, since we use the engine password by default.
Can engine use passwords with the # and ; characters?
Comment 5 Yedidyah Bar David 2020-07-15 10:30:51 UTC 
(In reply to Shirly Radco from comment #2)
> From Grafana documentation:
> 
> password
> The database user’s password (not applicable for sqlite3). If the password
> contains # or ; you have to wrap it with triple quotes. For example
> """#password;"""

IIUC this is not applicable to admin password. We should check both.

> 
> https://grafana.com/docs/grafana/latest/administration/configuration/
> #password
Comment 6 Shirly Radco 2020-07-23 14:10:37 UTC 
Since the engine password does support the # and ; characters,
we should wrap the Grafana password with triple quotes in case it includes them.
Comment 7 Pavel Novotny 2020-08-30 15:42:11 UTC 
Verified in
ovirt-engine-4.4.2.3-0.6.el8ev.noarch
ovirt-engine-dwh-4.4.2.1-1.el8ev.noarch
grafana-6.3.6-1.el8.x86_64

Special characters in the answer file now work properly.
Tried again with %'"$@&*();:! as password and engine-setup completed successfully as well as log into Webadmin, VM Portal and Grafana.
Comment 8 Sandro Bonazzola 2020-09-18 07:12:50 UTC 
This bugzilla is included in oVirt 4.4.2 release, published on September 17th 2020.

Since the problem described in this bug report should be resolved in oVirt 4.4.2 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.