Bug 2016712 - Username annotation error when byoh Windows have uppercase hostname
Summary: Username annotation error when byoh Windows have uppercase hostname
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Windows Containers
Version: 4.8
Hardware: Unspecified
OS: Unspecified
medium
low
Target Milestone: ---
: 4.9.z
Assignee: elango siva
QA Contact: gaoshang
URL:
Whiteboard:
Depends On: 1990573
Blocks: 2023417
TreeView+ depends on / blocked
 
Reported: 2021-10-22 21:01 UTC by OpenShift BugZilla Robot
Modified: 2021-12-13 12:46 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: Encrypted username is getting displayed with extra tags causes this error Consequence: Encrypted username doesn't display it correctly Fix: Removed extra tags before displaying the encrypted username Result: Encrypted username gets displayed correctly
Clone Of:
Environment:
Last Closed: 2021-12-13 12:46:10 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift windows-machine-config-operator pull 763 0 None open [release-4.9] Bug 2016712: Display only encrypted string in node annotations 2021-11-15 15:02:34 UTC
Red Hat Product Errata RHBA-2021:4757 0 None None None 2021-12-13 12:46:23 UTC

Comment 1 gaoshang 2021-11-17 05:35:22 UTC 
Since this issue has been verified on OCP 4.10, marked this bug as VERIFIED, thanks.
Comment 2 elango siva 2021-11-17 17:37:22 UTC 
We can't close 4.9 or 4.8 bugs as they are verified in 4.10.  There could be chance these fixes would have introduced regression in older releases. Can you pls test them in 4.8 and 4.9 separately. 
Also testing upgrade from 4.8 to 4.9 is one important use case.  Because while upgrade we will have old secret which we will have to use old method to decrypt the username to deconfigure  windows node.
Comment 4 gaoshang 2021-11-18 10:44:59 UTC 
This bug has been verified with upgrading OCP 4.8 to 4.9 and passed, thanks.

Steps:
Before upgrading, BYOH username encrypted as:

# oc get node ip-10-0-151-53.us-east-2.compute.internal -oyaml
apiVersion: v1
kind: Node
metadata:
  annotations:
    k8s.ovn.org/hybrid-overlay-distributed-router-gateway-mac: 00-15-5D-C0-C2-DF
    k8s.ovn.org/hybrid-overlay-node-subnet: 10.132.2.0/24
    machine.openshift.io/machine: openshift-machine-api/sgao-aws-7qpjh-windows-byoh-us-east-2a-mr2ln
    volumes.kubernetes.io/controller-managed-attach-detach: "true"
    windowsmachineconfig.openshift.io/pub-key-hash: 1df2c166b1c401180523270e9cf6bc2cd2724b9279ea65668a3b95298525a0f5
    windowsmachineconfig.openshift.io/username: '-----BEGIN ENCRYPTED DATA-----<wmcoMarker><wmcoMarker>wx4EBwMIrYn4SHVJyARgyS7HTkOLhHcyphTvA/f/32vS5gGTXazWAqvzzWfRvWpT<wmcoMarker>JHYGf0N7g+z46k3Gzdqw/s7iRA3vQbFAGOq/f59k2qEu/legD/zbn5n52BIheMES<wmcoMarker>zmLgRQA=<wmcoMarker>=DEKe<wmcoMarker>-----END

After upgrading, it changed to:

# oc get node ip-10-0-151-53.us-east-2.compute.internal -oyaml
apiVersion: v1
kind: Node
metadata:
  annotations:
    k8s.ovn.org/hybrid-overlay-distributed-router-gateway-mac: 00-15-5D-90-15-0B
    k8s.ovn.org/hybrid-overlay-node-subnet: 10.132.2.0/24
    machine.openshift.io/machine: openshift-machine-api/sgao-aws-7qpjh-windows-byoh-us-east-2a-mr2ln
    volumes.kubernetes.io/controller-managed-attach-detach: "true"
    windowsmachineconfig.openshift.io/pub-key-hash: 1df2c166b1c401180523270e9cf6bc2cd2724b9279ea65668a3b95298525a0f5
    windowsmachineconfig.openshift.io/username: wx4EBwMIJuGDh7tNY89gqxopFlNt0mR93lLCmyOFgtPS5gHvhEyjxebORn5cZgHV<wmcoMarker>IwWX8shN3KZnCcoTcXLm3Gio/gt8LCxuoBCHI+lyQ4h7qEFPvgVEQs1FN+p8PTOT<wmcoMarker>GgjgswA=<wmcoMarker>=tbGW
    windowsmachineconfig.openshift.io/version: 4.0.1+f66f098
Comment 7 errata-xmlrpc 2021-12-13 12:46:10 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Windows Container Support for Red Hat OpenShift 4.0.1 product release), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:4757
Note You need to log in before you can comment on or make changes to this bug.