StarlingX

Upgrade data migration fails if admin password contains "&"

Bug #1964478 reported by Heitor Matsui
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Medium
Heitor Matsui

Bug Description

Brief Description
-----------------
Upgrade was failing on AIO-DX with error data migration failure . Prior to upgrade keystone password was changed.

Severity
-----------------
Major

Steps to Reproduce
-----------------
- Install AIO-DX
- Change keystone password using Horizon from to something with "&" (below on the logs referenced as <CONCEALED>&)
- Follow upgrade procedure for AIO-DX
- After controller-1 upgrade data migration failure

Expected Behavior
------------------
Data migration completed successfully after controller-1 host-upgrade

Actual Behavior
-----------------
Upgrade failure on data migration

Reproducibility
-----------------
Reproduceable tested once but should be able reproduce

System Configuration
-----------------
DX

Branch/Pull Time/Commit
-----------------
master

Timestamp/Logs
-----------------
2021-09-21T15:53:10.094 [[0;36mDebug: 2021-09-21 15:53:10 +0000 Exec[upgrade token issue](provider=posix): Executing 'openstack --os-username admin --os-password <CONCEALED>& --os-auth-url http://127.0.0.1:5000/v3 --os-project-name admin --os-user-domain-name Default --os-project-domain-name Default --os-interface internal --os-identity-api-version 3 token issue -c id -f value > /etc/keystone/upgrade_token'[[0m
2021-09-21T15:53:10.096 [[0;36mDebug: 2021-09-21 15:53:10 +0000 Executing: 'openstack --os-username admin --os-password <CONCEALED>& --os-auth-url http://127.0.0.1:5000/v3 --os-project-name admin --os-user-domain-name Default --os-project-domain-name Default --os-interface internal --os-identity-api-version 3 token issue -c id -f value > /etc/keystone/upgrade_token'[[0m
2021-09-21T15:53:10.098 ^[[1;31mError: 2021-09-21 15:53:10 +0000 sh: --os-auth-url: command not found

Test Activity
-----------------
Upgrade Regression

Workaround
-----------------
Change the password before upgrading, removing the "&" (ampersand) from it

Heitor Matsui (heitormatsui)
Changed in starlingx:
assignee: nobody → Heitor Matsui (heitormatsui)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to config (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/config/+/833093

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to config (master)

Reviewed: https://review.opendev.org/c/starlingx/config/+/833093
Committed: https://opendev.org/starlingx/config/commit/15559ca82b8bb286918f1b0069d74c98c62ba710
Submitter: "Zuul (22348)"
Branch: master

commit 15559ca82b8bb286918f1b0069d74c98c62ba710
Author: Heitor Matsui <email address hidden>
Date: Thu Mar 10 10:56:43 2022 -0300

    Enclose credentials with quotes to escape special characters

    Currently, if the admin password contains certain special
    characters such as "&", this causes failure on the upgrade
    process during data migration. This happens because the upgrade
    manifest tries to run a command passing the password as argument
    on the CLI and the "&" is interpreted as "run in background" by
    the shell instead of as part of the password argument.

    This commit encloses the password argument in the failing command
    with single quotes, so that special characters are interpreted as
    part of the argument string instead of the special effects they
    assume on the shell, also single quotes avoid possible variable
    expansion when using "$".

    Test Plan
    PASS: verify that data migration phase completes successfully
          with admin password containing "&", "<", ">", "|" and "$"

    Closes-bug: 1964478
    Change-Id: Id486490e46ab0021f8cad69c9015e74e3e0ff7ee
    Signed-off-by: Heitor Matsui <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
Ghada Khalil (gkhalil)
Changed in starlingx:
importance: Undecided → Medium
tags: added: stx.7.0 stx.update
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.