Bug 1859874 - Specifying engine api address wrong causes segfault
Summary: Specifying engine api address wrong causes segfault
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 4.5
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: 4.5.z
Assignee: Roberto Ciatti
QA Contact: Guilherme Santos
URL:
Whiteboard:
: 1858339 (view as bug list)
Depends On: 1861251
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-07-23 08:43 UTC by David Sundqvist
Modified: 2020-09-08 10:54 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: invalid URL could be used as API Endpoint Consequence: after entering the invalid URL and the user credentials, the installer abruptly interrupt with segmentation error Fix: URLs are validated before requesting user credentials and only URLs with HTTPS scheme are now accepted Result: No invalid non HTTPS scheme URLs can be entered by the user
Clone Of:
Environment:
Last Closed: 2020-09-08 10:54:03 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift installer pull 3948 0 None closed Bug 1859874: Add basic engine URL validation 2020-11-11 20:20:56 UTC
Red Hat Product Errata RHBA-2020:3510 0 None None None 2020-09-08 10:54:26 UTC

Description David Sundqvist 2020-07-23 08:43:11 UTC
Description of problem:
When running the installer, specifying the engine api address the wrong way, for example only specifying it as engine.example.com instead of https://engine.example.com/ovirt-engine/api causes the installer to immediately crash out with a stack trace as soon as you hit enter after credentials entry.

Version-Release number of the following components:
rpm -q openshift-ansible
rpm -q ansible
ansible --version

How reproducible:

Steps to Reproduce:
1.make sure you have a clean install _including removing .ovirt directory_
2.run openshift-install create install-config --dir ipi/ with a clean install
3.type wrong address and finish entering credentials
4.watch fireworks.

Actual results:
? Platform ovirt
? oVirt API endpoint URL engine.if.dystopic.org
? Is the oVirt CA trusted locally? No
WARNING Communication with the oVirt engine will be insecure. 
? oVirt engine username admin@internal
? oVirt engine password ********
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x40 pc=0x1fc5cbb]

goroutine 1 [running]:
github.com/ovirt/go-ovirt.(*Connection).testToken(0xc0001aa3c0, 0x0, 0x0, 0x0)
	/go/src/github.com/openshift/installer/vendor/github.com/ovirt/go-ovirt/connection.go:97 +0x23b
github.com/ovirt/go-ovirt.(*Connection).Test(0xc0001aa3c0, 0xc0001aa3c0, 0x0)
	/go/src/github.com/openshift/installer/vendor/github.com/ovirt/go-ovirt/connection.go:76 +0x2f
github.com/openshift/installer/pkg/asset/installconfig/ovirt.authenticated.func1(0xa7ab280, 0xc0005c8370, 0x0, 0x0)
	/go/src/github.com/openshift/installer/pkg/asset/installconfig/ovirt/validaton.go:98 +0x274
gopkg.in/AlecAivazis/survey%2ev1.ComposeValidators.func1(0xa7ab280, 0xc0005c8370, 0xc0005c8370, 0x0)
	/go/src/github.com/openshift/installer/vendor/gopkg.in/AlecAivazis/survey.v1/validate.go:68 +0x73
gopkg.in/AlecAivazis/survey%2ev1.Ask(0xc000abd2b0, 0x1, 0x1, 0xa57c620, 0xc000582320, 0x0, 0x0, 0x0, 0x0, 0x0)
	/go/src/github.com/openshift/installer/vendor/gopkg.in/AlecAivazis/survey.v1/survey.go:157 +0x2d2
github.com/openshift/installer/pkg/asset/installconfig/ovirt.askCredentials(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
	/go/src/github.com/openshift/installer/pkg/asset/installconfig/ovirt/credentials.go:78 +0x825
github.com/openshift/installer/pkg/asset/installconfig/ovirt.Platform(0x0, 0x0, 0x0)
	/go/src/github.com/openshift/installer/pkg/asset/installconfig/ovirt/ovirt.go:16 +0xc07
github.com/openshift/installer/pkg/asset/installconfig.(*platform).Generate(0xc000510000, 0xc000875da0, 0xc906b47, 0x12)
	/go/src/github.com/openshift/installer/pkg/asset/installconfig/platform.go:83 +0x3a3
github.com/openshift/installer/pkg/asset/store.(*storeImpl).fetch(0xc000844b10, 0xde884e0, 0xc000510000, 0xc000588338, 0x4, 0xc000588338, 0x4)
	/go/src/github.com/openshift/installer/pkg/asset/store/store.go:227 +0x7bf
github.com/openshift/installer/pkg/asset/store.(*storeImpl).fetch(0xc000844b10, 0xde88460, 0xc00090f240, 0xc8b0257, 0x2, 0xc8b0257, 0x2)
	/go/src/github.com/openshift/installer/pkg/asset/store/store.go:221 +0x613
github.com/openshift/installer/pkg/asset/store.(*storeImpl).fetch(0xc000844b10, 0xde88360, 0x155743e0, 0x0, 0x0, 0x40a0d5, 0xb488e00)
	/go/src/github.com/openshift/installer/pkg/asset/store/store.go:221 +0x613
github.com/openshift/installer/pkg/asset/store.(*storeImpl).Fetch(0xc000844b10, 0xde88360, 0x155743e0, 0x155290d0, 0x1, 0x1, 0x3200000000000000, 0xed6ab43b7)
	/go/src/github.com/openshift/installer/pkg/asset/store/store.go:77 +0x4b
main.runTargetCmd.func1(0x7fffb50d55ff, 0x4, 0xc0006fd840, 0x0)
	/go/src/github.com/openshift/installer/cmd/openshift-install/create.go:169 +0x133
main.runTargetCmd.func2(0x15545ea0, 0xc0006fd620, 0x0, 0x2)
	/go/src/github.com/openshift/installer/cmd/openshift-install/create.go:196 +0xb5
github.com/spf13/cobra.(*Command).execute(0x15545ea0, 0xc0006fd5e0, 0x2, 0x2, 0x15545ea0, 0xc0006fd5e0)
	/go/src/github.com/openshift/installer/vendor/github.com/spf13/cobra/command.go:830 +0x2aa
github.com/spf13/cobra.(*Command).ExecuteC(0xc000698780, 0xc000abde30, 0x1, 0x1)
	/go/src/github.com/openshift/installer/vendor/github.com/spf13/cobra/command.go:914 +0x2fb
github.com/spf13/cobra.(*Command).Execute(...)
	/go/src/github.com/openshift/installer/vendor/github.com/spf13/cobra/command.go:864
main.installerMain()
	/go/src/github.com/openshift/installer/cmd/openshift-install/main.go:63 +0x301
main.main()
	/go/src/github.com/openshift/installer/cmd/openshift-install/main.go:43 +0xc6


Expected results:
Either that api url gets corrected to something more reasonable, or at least a more graceful failure.

Additional info:
I tried the above in various combinations with and without trusted locally, etc, before figuring out i messed up the api url.

Comment 2 Douglas Schilling Landgraf 2020-07-24 00:45:03 UTC
*** Bug 1858339 has been marked as a duplicate of this bug. ***

Comment 6 Guilherme Santos 2020-08-24 09:50:29 UTC
Verified on:
openshift-4.5.0-0.nightly-2020-08-23-191713

Steps:
# ./openshift-install create cluster --dir resources/
? SSH Public Key /root/.ssh/id_rsa.pub
? Platform ovirt
? oVirt API endpoint URL https://gui.com.be
? Is the oVirt CA trusted locally? Yes
? oVirt certificate bundle 
-----BEGIN CERTIFICATE-----
MIIEADCCAuigAwIBAgICEAAw....
-----END CERTIFICATE-----
? oVirt engine username admin@internal
? oVirt engine password ******
X Sorry, your reply was invalid: failed to connect to oVirt platform Post https://gui.com.be/ovirt-engine/sso/oauth/token: dial tcp: lookup gui.com.be on 10.46.0.31:53: no such host
X Sorry, your reply was invalid: failed to connect to oVirt platform Post https://gui.com.be/ovirt-engine/sso/oauth/token: dial tcp: lookup gui.com.be on 10.46.0.31:53: no such host
X Sorry, your reply was invalid: failed to connect to oVirt platform Post https://gui.com.be/ovirt-engine/sso/oauth/token: dial tcp: lookup gui.com.be on 10.46.0.31:53: no such host
? oVirt engine password 

Results:
No segmentation failure

Comment 7 Peter Larsen 2020-08-24 13:28:03 UTC
(In reply to Guilherme Santos from comment #6)
> Verified on:
> openshift-4.5.0-0.nightly-2020-08-23-191713
> 
> Steps:
> # ./openshift-install create cluster --dir resources/
> ? SSH Public Key /root/.ssh/id_rsa.pub
> ? Platform ovirt
> ? oVirt API endpoint URL https://gui.com.be

> 
> Results:
> No segmentation failure

Did this include an invalid formatted input? Ie. no https:// or just random characters? 
Also, it's worrisome that the process continues after getting the errors in the example.

Comment 8 Roberto Ciatti 2020-09-01 12:57:14 UTC
Hi,
  yes the validation check allows only https scheme (so no url without scheme or with a scheme different from https, like ftp, http and so on).

Please remember that this is valid only for 4.5 cause in 4.6 the installer is asking for the FQDN and not for the API URL.

Comment 10 errata-xmlrpc 2020-09-08 10:54:03 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.5.8 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:3510


Note You need to log in before you can comment on or make changes to this bug.