Bug 1880252

Summary: [ceph-ansible] docker registry password with special character quotation(') fails to log in when running ansible-playbook
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: James Biao <jbiao>
Component: Ceph-AnsibleAssignee: Dimitri Savineau <dsavinea>
Status: CLOSED ERRATA QA Contact: Ameena Suhani S H <amsyedha>
Severity: medium Docs Contact: Amrita <asakthiv>
Priority: low    
Version: 4.1CC: asakthiv, aschoen, ceph-eng-bugs, ceph-qe-bugs, dsavinea, gabrioux, gmeno, gsitlani, mmuench, nthomas, rmandyam, tserlin, vereddy, ykaul
Target Milestone: ---   
Target Release: 4.2   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: ceph-ansible-4.0.34-1.el8cp, ceph-ansible-4.0.34-1.el7cp Doc Type: Bug Fix
Doc Text:
.Special characters can be set in the Docker registry password Previously, special characters set in the Docker registry password were not handled correctly. With this release, the Ansible playbook does not fail when special characters are set in the Docker registry password. Special characters can now be used in the Docker registry password and the Ansible playbook works as expected
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-01-12 14:57:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1890121    

Description James Biao 2020-09-18 05:37:13 UTC 
Description of problem:

Docker registry password with special character as configured in all.yml

"ceph_docker_registry_password: 123abc&'()"

podman login fails when installing with error

"ValueError: No closing quotation"




Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. set registry.redhat.io password with '
2. set password in all.yml ceph_docker_registry_password
3. ansible-playbook -i <hosts> site-docker.yml 

Actual results:
ansible-playbook fails

Expected results:
podman log in successful with special character password

Additional info:
Comment 1 James Biao 2020-09-18 05:46:57 UTC 
Tried multiple formats of the password configurations in all.yml, like 123abc\&\'\(\) with no luck.

From /roles/ceph-container-common/tasks/registry.yml , Enclose variable in double quotes like "{{ ceph_docker_registry_password }}" has resolved the issue

Change from
---
- name: container registry authentication
  command: '{{ container_binary }} login -u {{ ceph_docker_registry_username }} -p {{ ceph_docker_registry_password }} {{ ceph_docker_registry }}'
  changed_when: false
  no_log: false
---

to

---
- name: container registry authentication
  command: '{{ container_binary }} login -u {{ ceph_docker_registry_username }} -p "{{ ceph_docker_registry_password }}" {{ ceph_docker_registry }}'
  changed_when: false
  no_log: false
---

In addition setting  no_log: true may protect the password
Comment 14 errata-xmlrpc 2021-01-12 14:57:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat Ceph Storage 4.2 Security and Bug Fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:0081