Description of problem: Customer set up authentication in the hosts file for LDAP. The url contains a space: openshift_master_identity_providers=[{'name': 'ldap-provider','challenge': 'true','login': 'true','kind': 'LDAPPasswordIdentityProvider','attributes': {'id': ['cn'],'name': ['description'], 'preferredUsername': ['cn']},'insecure': 'false', 'bindDN': 'CN=ose3master.gen,OU=Generics,OU=Example Users,DC=stage, DC=example,DC=com','bindPassword': '********','ca': 'stacked.pem','url': 'ldap://staging.example.com:389/OU=Example Users,DC=stage,DC=example,DC=com?cn'}] Note "Example Users" in bindDN and url. In master-config.yaml it converts to: name: ldap-provider kind: LDAPPasswordIdentityProvider url: "ldap://staging.example.com:389/OU=Example\_Users,DC=stage,DC=example,DC=com?cn" It starts working again if you manually modify master-config.yaml with the space instead of the \_ Version-Release number of selected component (if applicable): Customer has replicated issue on two versions: 3.3.1.3 3.4.0.39 How reproducible: I was unable to reproduce in my lab environment -- unconfirmed Additional Info: I was looking at these code bits but can't find where it's making format change: https://github.com/openshift/openshift-ansible/blob/78b948edb0c30e3ec876916a8bbe08db5f055ea7/filter_plugins/openshift_master.py#L151-L192 https://github.com/openshift/openshift-ansible/blob/b01d19b5a37330c4b3fea5f1f54efd6ef0e207c0/roles/openshift_master/templates/master.yaml.v1.j2#L161-L167
I have been unable to reproduce this bug in development environments. Additionally, I noticed in the original problem description, the ldap url was show within double quotes. I've not see this in the master-config.yaml either. Test system details: [root@ose3-master ~]# rpm -qa atomic\* atomic-openshift-master-3.4.0.39-1.git.0.5f32f06.el7.x86_64 atomic-openshift-clients-3.4.0.39-1.git.0.5f32f06.el7.x86_64 atomic-openshift-3.4.0.39-1.git.0.5f32f06.el7.x86_64 [root@ose3-master ~]# rpm -qa PyYAML PyYAML-3.10-11.el7.x86_64 [root@ose3-master ~]# cat /etc/origin/master/master-config.yaml | grep url: url: ldap://staging.example.com:389/OU=Example Users,DC=stage,DC=example,DC=com?cn I have also Ansible 2.1 and 2.2. Please provide at package version listing for both the control host and the master. Something like: # rpm -qa | sort > installed-rpms.txt
Following up to see if the requested information can be provided or if this issue is no longer reproducible in the customer environment.
Checking with the customer. I was never able to replicate but customer had gotten it to happen consistently. I'll let you know results
I have been able to reproduce the behavior reported when using non-breaking spaces in the host file. Please ensure your hosts file does not include non-breaking spaces. To check: # grep -P -n "\xA0" hosts Any lines with non-breaking spaces will be listed. To fix: # sed -i.bak 's/\xC2\xA0/ /g' hosts Any lines containing non-breaking spaces will be updated to have normal spaces. A backup will be made of the original at hosts.bak. Non-breaking spaces are generally artifacts from copy/paste or inadvertent key combinations when typing in editors. YAML 1.1 spec states that non-breaking spaces are converted to "\_" during dumping. This yaml.dump was occurring in the openshift_master translate_idps filter module. Please let me know if this resolves your issue.
Created KCS with your solution for future customers to use https://access.redhat.com/solutions/3026781 -- thanks!