Bug 811234 - engine-setup does not work if database password contains special characters
engine-setup does not work if database password contains special characters
Status: CLOSED CURRENTRELEASE
Product: oVirt
Classification: Community
Component: ovirt-engine-config (Show other bugs)
unspecified
x86_64 Linux
unspecified Severity unspecified
: ---
: 3.4.0
Assigned To: Alon Bar-Lev
Jiri Belka
infra
:
Depends On: 1020671
Blocks:
  Show dependency treegraph
 
Reported: 2012-04-10 09:54 EDT by Quyet Nguyen Duc
Modified: 2014-03-31 08:26 EDT (History)
14 users (show)

See Also:
Fixed In Version: ovirt-engine-3.4.0_rc
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-03-31 08:26:48 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Space in db password logs (14.98 KB, application/x-compressed-tar)
2013-08-07 08:11 EDT, Martin Perina
no flags Details
Colon in db password logs (14.87 KB, application/x-compressed-tar)
2013-08-07 08:16 EDT, Martin Perina
no flags Details


External Trackers
Tracker ID Priority Status Summary Last Updated
oVirt gerrit 17769 None None None Never
oVirt gerrit 17911 None None None Never

  None (edit)
Description Quyet Nguyen Duc 2012-04-10 09:54:49 EDT
Description of problem:
Engine-setup didn't work if database password contain space character

Version-Release number of selected component (if applicable):


How reproducible:
Every time with my hardware.

Steps to Reproduce:
1. Install a fresh fedora 16
2. Follow the instruction in ovirt 3.0 installation guide to install the engine
3. Input database password with a space-contained pass phrase.
  
Actual results:
(In creating database step): 
Error: failed updating configuration field CAEngineKey to /etc/pki/ovirt-engine/private/ca.pem


Expected results:
Passed creating database step

Additional info:
Comment 1 Alex Lourie 2012-04-15 10:53:25 EDT
Using password with space creates correct .pgpass file that allows using psql without providing a password.

Nevertheless, the following fails:
/usr/share/ovirt-engine/engine-config/engine-config -s CAEngineKey=/etc/pki/ovirt-engine/private/ca.pem --cver=general -p /usr/share/ovirt-engine/conf/engine-config-install.properties

The error message:

Connection to the Database failed. Please check that the hostname and port number are correct and that the Database service is up and running.

Moving to ovirt-engine-config.
Comment 2 Mark Chandler 2012-10-10 09:32:19 EDT
I can confirm that this is still a problem in oVirt 3.1 on Fedora 17.
Comment 3 David Sastre Medina 2013-02-25 15:22:34 EST
I can confirm this is still an issue with oVirt 3.2 on Fedora 18.
Also, not only whitespace can trigger this problem, password containing colons fail as well.
Comment 4 Greg Padgett 2013-03-01 17:16:19 EST
The engine-setup tool was fixed to no longer allow whitespace in passwords (see bug 835363 for details).

However, colons remain a problem: the .pgpass file is colon-delimited and escaping functionality was broken until postgres 9.2 (See pgsql-hackers thread [1], or find it in the changelog [2]).

The result for ovirt is:
 for pgsql <= 9.1, passwords with a colon worked (engine setup didn't escape them, postgres didn't try to unescape them)
 for pgsql >= 9.2, passwords with a colon won't work without being escaped in the pgpass file


[1] http://www.postgresql.org/message-id/flat/1324582589-sup-2604@alvh.no-ip.org#1324582589-sup-2604@alvh.no-ip.org

[2] http://www.postgresql.org/docs/9.2/static/release-9-2.html
Comment 5 Martin Perina 2013-08-06 10:49:42 EDT
I've made several tests with engine-setup and here are results:

1) Space and color characters are not forbidden to enter when entering database password in engine-setup


2) The behavior of engine-setup and these characters depends on database version


3) Installing oVirt 3.3 on Fedora 18 with Postgresql 9.2 works fine with space character included in password (for example "engine test"). Both ovirt-engine and engine-config works with this db password


4) Installing oVirt 3.3 on Fedora 18 with Postgresql 9.2 doesn't work with colon character included in password (for example "engine:test"). There's an error during engine-setup execution

[ ERROR ] Failed to execute stage 'Misc configuration': Command '/home/mperina/ovirt-engine-test/share/ovirt-engine/dbscripts/create_schema.sh' failed to execute

But when I specified database password using environment property, create_schema script worked fine:

PGPASSWORD="engine:test" ./create_schema.sh -d engine -u engine


5) Installing oVirt 3.3 on RHEL 6 with Postgresql 8.4 doesn't work with space character included in password (for example "engine test"), following error appears during engine-setup execution:

[ ERROR ] Cannot connect to database: Cannot connect to database: missing "=" after "test" in connection info string


6) Installing oVirt 3.3 on RHEL 6 with Postgresql 8.4 doesn't work with colon character included in password (for example "engine:test"), following error appears during engine-setup execution:

[ ERROR ] Cannot connect to database: Cannot connect to database: FATAL:  password authentication failed for user "engine" FATAL:  password authentication failed for user "engine"
Comment 6 Alon Bar-Lev 2013-08-07 07:56:30 EDT
(In reply to Martin Perina from comment #5)
> I've made several tests with engine-setup and here are results:
> 
> 1) Space and color characters are not forbidden to enter when entering
> database password in engine-setup

Right. And it should not, we do not need to care what password is passed.

> 4) Installing oVirt 3.3 on Fedora 18 with Postgresql 9.2 doesn't work with
> colon character included in password (for example "engine:test"). There's an
> error during engine-setup execution
> 
> [ ERROR ] Failed to execute stage 'Misc configuration': Command
> '/home/mperina/ovirt-engine-test/share/ovirt-engine/dbscripts/create_schema.
> sh' failed to execute

Right, it may be that pgpass is produced invalid, can you please check how you specify password with ':' in pgpass?
 
> 5) Installing oVirt 3.3 on RHEL 6 with Postgresql 8.4 doesn't work with
> space character included in password (for example "engine test"), following
> error appears during engine-setup execution:
> 
> [ ERROR ] Cannot connect to database: Cannot connect to database: missing
> "=" after "test" in connection info string

This is probably a bug in the psql python driver, but as there is no log I cannot know the exact location.
 
> 6) Installing oVirt 3.3 on RHEL 6 with Postgresql 8.4 doesn't work with
> colon character included in password (for example "engine:test"), following
> error appears during engine-setup execution:
> 
> [ ERROR ] Cannot connect to database: Cannot connect to database: FATAL: 
> password authentication failed for user "engine" FATAL:  password
> authentication failed for user "engine"

I don't know where it is without logs.

Alon
Comment 7 Martin Perina 2013-08-07 08:11:54 EDT
Created attachment 783863 [details]
Space in db password logs

'engine test' has been specified as db password
Comment 8 Martin Perina 2013-08-07 08:16:06 EDT
Created attachment 783875 [details]
Colon in db password logs

'engine:test' has been specified as db password
Comment 9 Alon Bar-Lev 2013-08-07 08:19:25 EDT
Yet, another example why too much automation is bad.
Comment 10 Alon Bar-Lev 2013-08-07 08:23:26 EDT
(In reply to Martin Perina from comment #7)
> Created attachment 783863 [details]
> Space in db password logs
> 
> 'engine test' has been specified as db password

Yes, this is a bug in the psql python driver, rhel has old driver with this bug.
Comment 11 Alon Bar-Lev 2013-08-07 08:30:02 EDT
(In reply to Martin Perina from comment #8)
> Created attachment 783875 [details]
> Colon in db password logs
> 
> 'engine:test' has been specified as db password

:)

Yes, a bug in old driver of rhel... :)
Comment 12 Alon Bar-Lev 2013-08-07 08:31:09 EDT
Hi,

Can you please check the patch for fixing pgpassfile generation? it should work in all cases with newer driver (fedora).

For rhel, I suggest either we request new version or just settle with the issues.

Thanks for testing!
Alon
Comment 13 Martin Perina 2013-08-07 09:22:41 EDT
Patch works using colon or space in db password on F18.
Comment 14 Alon Bar-Lev 2013-08-07 09:33:08 EDT
Itamar: more reasons... over automation.
Comment 15 Alon Bar-Lev 2013-08-07 09:42:15 EDT
So we are left with bugs of old version python-psycopg2 which rhel use.
Comment 16 Alon Bar-Lev 2013-08-13 05:20:13 EDT
Again, too much automation.
Comment 17 Sandro Bonazzola 2014-03-04 04:21:46 EST
This is an automated message.
Re-targeting all non-blocker bugs still open on 3.4.0 to 3.4.1.
Comment 18 Sandro Bonazzola 2014-03-31 08:26:48 EDT
this is an automated message: moving to Closed CURRENT RELEASE since oVirt 3.4.0 has been released

Note You need to log in before you can comment on or make changes to this bug.