Description of problem: Vishal encountered this issue: I copy-pasted the API IP from a file and it had an extra space. install-config saved it as string and installation was failing with an error. "failed to fetch dependency of "Terraform Variables": failed to fetch dependency of "Bootstrap Ignition Config": failed to fetch dependency of "Common Manifests": failed to generate asset "Certificate (mcs)": failed to generate signed cert/key pair: error parsing x509 certificate request: x509: cannot parse IP address of length 0" removing the quotes and extra space in install-config, fixed the issue Version-Release number of the following components: rpm -q openshift-ansible rpm -q ansible ansible --version How reproducible: Steps to Reproduce: 1. Run the installer. 2. Paste in the IP address of the API with an extra space. Actual results: Installation fails with: ``` "failed to fetch dependency of "Terraform Variables": failed to fetch dependency of "Bootstrap Ignition Config": failed to fetch dependency of "Common Manifests": failed to generate asset "Certificate (mcs)": failed to generate signed cert/key pair: error parsing x509 certificate request: x509: cannot parse IP address of length 0" ``` Expected results: The installer should validate inputs and prevent or correct invalid inputs that cause the installation to fail later on. Additional info: Please attach logs from ansible-playbook with the -vvv flag
Jan this should be already in 4.5. Can you please check?
It was part of the PR merged last week
Douglas will pre-check before moving to QE
Tracked in Jira here: https://issues.redhat.com/browse/OCPRHV-60
Moving to ASSIGNED to show in my list of bugs to work. I will move to MODIFIED as soon I confirm the issue is gone.
Works for me, moving to ON_QA. ? oVirt API endpoint URL http://192.168.1.68 <---- space added ? oVirt engine username admin@internal ? oVirt engine password ****** X Sorry, your reply was invalid: failed to construct connection to oVirt platform parse "http://192.168.1.68 ": invalid character " " in host name
Verification attempted with: openshift-install-linux-4.5.0-0.nightly-2020-05-25-012559 I cannot confirm that the issue described by Rolfe has been solved. See here: [root@ocp-qe-1 secondary]# rm -rf ~/.ovirt/ [root@ocp-qe-1 secondary]# ./openshift-install create install-config ? SSH Public Key /root/.ssh/id_rsa.pub ? Platform ovirt ? oVirt API endpoint URL https://<censored>/ovirt-engine/api <-- Additional space here ? Is the oVirt CA trusted locally? No WARNING Communication with the oVirt engine will be insecure. ? oVirt engine username admin@internal ? oVirt engine password ****** FATAL failed to fetch Install Config: failed to fetch dependency of "Install Config": failed to fetch dependency of "Base Domain": failed to generate asset "Platform": Tag not matched: expect <fault> but got <html> Furthermore, I found some additional issues. They are not connected to Rolfe's original complaint. However, summary of this bug is "Installer should validate inputs and prevent or correct invalid inputs from causing install failure". If that should be the case, following problems need to be tackled as well: - Incomplete oVirt API URL causes installer to panic: http://pastebin.test.redhat.com/868309 - Valid link that is not pointing to oVirt API is accepted and subsequently throws terraform error: http://pastebin.test.redhat.com/868310 - I also found an issue with CA bundle. However, that one is potentially much more problematic, therefore it's tracked in separate BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1839742. No need to do anything with it in scope of this bug. - Installer accepts obviously invalid user (e.g. admin@internal@superinternal). This leads to this: https://bugzilla.redhat.com/show_bug.cgi?id=1839746 In scope of this bug, we should check if the user-provided username is at all legit (e.g. complies with format <user>@<profile>). There's also one more bug about input validation, see here: https://bugzilla.redhat.com/show_bug.cgi?id=1837239 No action required here, this is just FYI.
Hi Jan, (In reply to Jan Zmeskal from comment #8) > Verification attempted with: > openshift-install-linux-4.5.0-0.nightly-2020-05-25-012559 > > I cannot confirm that the issue described by Rolfe has been solved. See here: > > [root@ocp-qe-1 secondary]# rm -rf ~/.ovirt/ > [root@ocp-qe-1 secondary]# ./openshift-install create install-config > ? SSH Public Key /root/.ssh/id_rsa.pub > ? Platform ovirt > ? oVirt API endpoint URL https://<censored>/ovirt-engine/api <-- Additional > space here > ? Is the oVirt CA trusted locally? No > WARNING Communication with the oVirt engine will be insecure. > ? oVirt engine username admin@internal > ? oVirt engine password ****** > FATAL failed to fetch Install Config: failed to fetch dependency of "Install > Config": failed to fetch dependency of "Base Domain": failed to generate > asset "Platform": Tag not matched: expect <fault> but got <html> Interesting, I cannot see this. I see: FATAL failed to fetch Metadata: failed to fetch dependency of "Metadata": failed to fetch dependency of "Cluster ID": failed to fetch dependency of "Install Config": failed to fetch dependency of "Base Domain": failed to generate asset "Platform": parse "https://engine.medogz.home ": invalid character " " in host name > > Furthermore, I found some additional issues. They are not connected to > Rolfe's original complaint. However, summary of this bug is "Installer > should validate inputs and prevent or correct invalid inputs from causing > install failure". If that should be the case, following problems need to be > tackled as well: > - Incomplete oVirt API URL causes installer to panic: > http://pastebin.test.redhat.com/868309 > - Valid link that is not pointing to oVirt API is accepted and subsequently > throws terraform error: http://pastebin.test.redhat.com/868310 > - I also found an issue with CA bundle. However, that one is potentially > much more problematic, therefore it's tracked in separate BZ: > https://bugzilla.redhat.com/show_bug.cgi?id=1839742. No need to do anything > with it in scope of this bug. > - Installer accepts obviously invalid user (e.g. > admin@internal@superinternal). This leads to this: > https://bugzilla.redhat.com/show_bug.cgi?id=1839746 In scope of this bug, we > should check if the user-provided username is at all legit (e.g. complies > with format <user>@<profile>). > > There's also one more bug about input validation, see here: > https://bugzilla.redhat.com/show_bug.cgi?id=1837239 No action required here, > this is just FYI. Not all bugs above are covered but most of validations raised here are fixed this PR: https://github.com/openshift/installer/pull/3637
Hi Douglas, > FATAL failed to fetch Metadata: failed to fetch dependency of "Metadata": failed to fetch dependency of "Cluster ID": failed to fetch dependency of "Install Config": failed to fetch dependency of "Base Domain": failed to generate asset "Platform": parse "https://engine.medogz.home ": invalid character " " in host name Are you sure you're testing on master? I was testing on OCP4.5 nightly build built yesterday, so it's as up-to-date as it gets. I'm pretty sure you thought of that but nothing else that could explain the difference doesn't come to my mind.
Jan and Doug, -please provide `openshift-install version`
Hi Roy, ./openshift-install version ./openshift-install 4.5.0-0.nightly-2020-05-25-012559 built from commit bbb9006efe1f7d289892f33328bc6e43a9ea664e release image registry.svc.ci.openshift.org/ocp/release@sha256:23e2f96405039788141fc112f99c13fb65a41923a5c5014309314a02b0293159
Hey Jan, Found the difference: I was providing https://engine.medogz.home[space] not https://engine.medogz.home/ovirt-engine/api[space] Reproduced your report. However, still believe https://github.com/openshift/installer/pull/3663 should address this issue. :) Thanks!
Hi Douglas, unfortunately I don't have the capacity to delve into individual PRs. However, even from cursory glance I can see that https://github.com/openshift/installer/pull/3663 is dealing with raised issue rather than by fixing them by re-working the whole thing. I don't mind this approach. However make sure to address all the issues raised in comment 9. To re-iterate, I'll consider this verified if following issues are tackled (in whatever way): - Entering invalid oVirt API address/FQDN - Entering valid address but not one pointing to oVirt API - Entering obviously invalid username
The linked PR is closed. moving back to ASSIGNED.
Verified with: openshift-install-linux-4.6.0-0.nightly-2020-06-19-020835 While the original problems with entering oVirt API address have been pretty much tackled by Bug 1838660 - OCPRHV-123: RFE: Installer should check if FQDN resolves before continuing the installation one can still enter obivously wrong username. See here: ./openshift-install create install-config ? SSH Public Key /root/.ssh/id_rsa.pub ? Platform ovirt ? Engine FQDN[:PORT] ocp-qe-1.qa.lab.tlv.redhat.com ? Engine username homer@simpson@springfield ? Engine password ****** X Sorry, your reply was invalid: failed to connect to Engine platform Error during SSO authentication access_denied : Cannot authenticate user 'homer@simpson@springfield': No valid profile found in credentials.. ? Engine password ? Engine username homer ? Engine password ****** X Sorry, your reply was invalid: failed to connect to Engine platform Error during SSO authentication access_denied : Cannot authenticate user 'homer@N/A': No valid profile found in credentials.. ? Engine password ? Engine username [? for help] (admin@internal) I think it would be better to throw obviously wrong username (e.g. without profile being specified) straight away, now the installer enables user to re-enter the username upon pressing Ctrl+C, which is IMO good enough.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (OpenShift Container Platform 4.6 GA Images), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:4196