Description of problem: Username annotation error when byoh Windows have uppercase hostname, see # oc describe node ec2amaz-b08e1ea ... Annotations: k8s.ovn.org/hybrid-overlay-distributed-router-gateway-mac: 00-15-5D-16-35-6A k8s.ovn.org/hybrid-overlay-node-subnet: 10.132.5.0/24 volumes.kubernetes.io/controller-managed-attach-detach: true windowsmachineconfig.openshift.io/pub-key-hash: 1df2c166b1c401180523270e9cf6bc2cd2724b9279ea65668a3b95298525a0f5 -------------------------------------------------------------------- windowsmachineconfig.openshift.io/username: -----BEGIN ENCRYPTED DATA-----<wmcoMarker><wmcoMarker>wx4EBwMIpTinju5uPHNglF9/a9tDTfvQ50rAUOJ4yhrS5gGaFYjEIX9kiBTU1d11<wmcoMarker>uD+4vCYb... -------------------------------------------------------------------- CreationTimestamp: Thu, 05 Aug 2021 11:20:40 -0400 Version-Release number of selected component (if applicable): WCMO build from master branch d3723568aa90ff0b85d2dd919450a5f4bde65c32 OCP version: 4.8.0-0.nightly-2021-08-04-135121 How reproducible: always Steps to Reproduce: 1. Install UPI cluster on baremetal 2. Create Windows machine manually with uppercase hostname, e.g. EC2AMAZ-B08E1EA 3. Add Windows IP to windows-instances configmap 4. Wait and check WMCO bootstrapping Windows machine Actual results: Username annotation error Expected results: Username annotation should correct Additional info:
This is a cosmetic issue, and does not have an impact on functionality. This can be resolved by removing the start/end tags in the encrypt function https://github.com/openshift/windows-machine-config-operator/blob/ccae1dd992a0f34702df23c76f3659f796ec64e0/pkg/crypto/crypto.go#L37 , so that they are removed before setting the annotation and adding them back after reading from the annotation in the decrypt function https://github.com/openshift/windows-machine-config-operator/blob/ccae1dd992a0f34702df23c76f3659f796ec64e0/pkg/crypto/crypto.go#L68 so that the data can be properly read.
while testing, pls test upgrade scenario as well.
This bug has been verified with upgrading OCP 4.9 to 4.10 and passed, thanks. Steps: Before upgrading, BYOH username encrypted as: # oc get node ip-10-0-130-192.us-east-2.compute.internal -oyaml apiVersion: v1 kind: Node metadata: annotations: ... windowsmachineconfig.openshift.io/username: '-----BEGIN ENCRYPTED DATA-----<wmcoMarker><wmcoMarker>wx4EBwMIG4+UMsoPDMpgGxWFEJ8fqwmXazexgZQMOm/S5gGYB4WkCnKp/wCNooCv<wmcoMarker>RljZMA5e6OqzYDlzsxcnzrvvq9hgkylYvZWIL82Wkf1ugvQbl6eaANxU7DHR+rGt<wmcoMarker>oj/glwA=<wmcoMarker>=VOPp<wmcoMarker>-----END After upgrading, it changed to: # oc get node ip-10-0-130-192.us-east-2.compute.internal -oyaml apiVersion: v1 kind: Node metadata: annotations: ... windowsmachineconfig.openshift.io/username: wx4EBwMItKKLfIRmMupgsKdiPe81LoBJ4ScVdgyZY5nS5gG1b6vrkHaU+SgLwPCa<wmcoMarker>j0IY8RD7PLJdZ1vj8yi39alKEZPcxqXBlxPRzcFfpk6aE+UklSdWVDHndTDGZaVL<wmcoMarker>7kDgKQA=<wmcoMarker>=7zV1
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: Windows Container Support for Red Hat OpenShift 5.0.0 [security update]), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2022:0577