Bug 1414276 - [3.3] Installer is failing when `ansible_user` is set to Windows Login which requires dom\user format
Summary: [3.3] Installer is failing when `ansible_user` is set to Windows Login which ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 3.3.1
Hardware: x86_64
OS: Linux
high
medium
Target Milestone: ---
: 3.3.1
Assignee: Scott Dodson
QA Contact: Gaoyun Pei
URL:
Whiteboard:
Depends On: 1426703
Blocks: 1267746
TreeView+ depends on / blocked
 
Reported: 2017-01-18 08:56 UTC by Simon Reber
Modified: 2017-03-06 16:37 UTC (History)
8 users (show)

Fixed In Version: openshift-ansible-3.3.67-1.git.0.7c5da0c.el7
Doc Type: Bug Fix
Doc Text:
Previously if ansible_user was a Windows domain user in the format of "dom\user" the installation playbooks would fail. This user name is now escaped properly ensuring playbooks run successfully.
Clone Of:
: 1426703 1426705 (view as bug list)
Environment:
Last Closed: 2017-03-06 16:37:36 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:0448 normal SHIPPED_LIVE Important: ansible and openshift-ansible security and bug fix update 2017-03-06 21:36:25 UTC

Description Simon Reber 2017-01-18 08:56:19 UTC
Description of problem:

When running the installer but defining `ansible_user` with a different username to use, that has Windows format, such as `dom\user` the installer is failing as `ansible` can not properly escape the `\`.

Escaping `{{ansible_user}}` like the below example fixes the issue:

> command: "/usr/bin/id -g \"{{ ansible_ssh_user }}\""

Version-Release number of selected component (if applicable):

openshift-ansible-3.2.36-1.git.0.164eb4c.el7.noarch
atomic-openshift-3.2.1.17-1.git.0.6d01b60.el7.x86_64

How reproducible:

Always

Steps to Reproduce:
1. Create user `dom\user` on the client systems
2. Set `ansible_user` to 'dom\user'
3. Run installer like described in https://docs.openshift.com/enterprise/3.2/install_config/install/advanced_install.html#multiple-masters

Actual results:

Installer is failing as because the task below in /usr/share/ansible/openshift-ansible/roles/openshift_master_certificates/tasks/main.yml is failing

    132 - name: Lookup default group for ansible_ssh_user
    133   command: "/usr/bin/id -g {{ ansible_ssh_user }}"
    134   changed_when: false
    135   register: _ansible_ssh_user_gid

Expected results:

Installer should work in any case and with any kind of user defined that is valid and working with ssh

Additional info:

Created https://github.com/ansible/ansible/issues/20381 to see if this is something that can be fixed in `ansible`

Comment 5 Scott Dodson 2017-02-22 18:42:44 UTC
https://github.com/openshift/openshift-ansible/pull/3457 Proposed fix

Comment 11 Scott Dodson 2017-02-24 16:13:17 UTC
https://github.com/openshift/openshift-ansible/pull/3485 backport to 3.3

Comment 13 Wenkai Shi 2017-02-28 11:41:56 UTC
Verified with version openshift-ansible-3.3.67-1.git.0.7c5da0c.el7, installation succeed with ansible user 'dom\user'.

# cat hosts
[OSEv3:children]
masters
nodes
nfs

[OSEv3:vars]
ansible_ssh_user='dom\user'
ansible_become=yes
debug_level=5
deployment_type=openshift-enterprise
openshift_release=v3.3

oreg_url=...
openshift_docker_additional_registries=...
openshift_docker_insecure_registries=...
openshift_examples_modify_imagestreams=true
osm_use_cockpit=false
osm_cockpit_plugins="['cockpit-kubernetes']"

openshift_additional_repos=[{'id': 'ose-devel', 'name': 'ose-devel', 'baseurl': '...', 'enabled': 1, 'gpgcheck': 0}]

openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]
openshift_master_htpasswd_users={'weshi': '$apr1$64.bNFRx$hasOByTx4S9hcMUy0qlsm1', 'wkshi': '$apr1$2PsVtrnA$DrtSyupkggQhqL1OWmYhs0'}

openshift_hosted_router_selector="role=node,router=enabled"
openshift_hosted_registry_selector="role=node,registry=enabled"

openshift_hosted_registry_storage_kind=nfs
openshift_hosted_registry_storage_access_modes=['ReadWriteMany']
openshift_hosted_registry_storage_nfs_directory=/exports
openshift_hosted_registry_storage_nfs_options='*(rw,root_squash,sync)'
openshift_hosted_registry_storage_volume_name=registry
openshift_hosted_registry_storage_volume_size=10Gi

openshift_set_hostname=true
openshift_override_hostname_check=true

[masters]
openshift.example.com openshift_hostname="openshift.example.com" openshift_public_hostname="openshift.example.com"

[nodes]
openshift.example.com openshift_hostname="openshift.example.com" openshift_public_hostname="openshift.example.com" openshift_node_labels="{'role': 'node', 'registry': 'enabled', 'router': 'enabled'}" openshift_schedulable=True

[nfs]
openshift.example.com

Comment 15 errata-xmlrpc 2017-03-06 16:37:36 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:0448


Note You need to log in before you can comment on or make changes to this bug.